logstash-input-github 2.0.5 → 3.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 75b950faaa90a8d69f219585d1b9879954679235
-  data.tar.gz: b5c3615bbd9107be9b26a51251cbe01f05b6a857
+  metadata.gz: a4130cbc51930de60ce2849178e6880c5b5eb7d2
+  data.tar.gz: dc658741d0aa06170bf51ab1139730fa65fdcb6b
 SHA512:
-  metadata.gz: 881a50ddb33822e7a675d5a59a6280109b9f83f7341fe7b0708d66f291c17919ea6ae31d33706b8d89ec7cfa2c7f4f68e7815d096b9f9eea939d561509394753
-  data.tar.gz: 40d3dd7cac5edea351dbfa9ee33565953c1d3b287e646d61ac0109c8534a85b65092016e6b3f54599802023c616928049ab811ca28c4546bed076023f1073a0d
+  metadata.gz: bac6c5400c17f3530cd1c3cc646968b0c5643ef067f199c29b04f33b90a6ae6f4ef933ee2bb31342ee347a2962ea229dc3c5e5c841c693ef31fa7759d7a4e237
+  data.tar.gz: cefd895337b752a05657517b3895b138712284e4e255b907b5bd65c5d9687af40a60805921347d39b726a46f89e2dded711a47fc27e4251b8ef2f4525f6552cf

data/CHANGELOG.md

@@ -1,7 +1,15 @@
-# 2.0.5
-  - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
-# 2.0.4
-  - New dependency requirements for logstash-core for the 5.0 release
+## 3.0.1
+  - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
+
+## 3.0.0
+ - breaking: Updated plugin to use new Java Event APIs
+
+## 2.0.5
+ - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
+
+## 2.0.4
+ - New dependency requirements for logstash-core for the 5.0 release
+
 ## 2.0.0
  - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 
    instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
+Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/README.md

@@ -1,7 +1,6 @@
 # Logstash Plugin
 
-[![Build
-Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Inputs/job/logstash-plugin-input-github-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Inputs/job/logstash-plugin-input-github-unit/)
+[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-input-github.svg)](https://travis-ci.org/logstash-plugins/logstash-input-github)
 
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 
@@ -56,7 +55,12 @@ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
 ```
 - Install plugin
 ```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
 bin/plugin install --no-verify
+
 ```
 - Run Logstash with your plugin
 ```sh
@@ -74,7 +78,12 @@ gem build logstash-filter-awesome.gemspec
 ```
 - Install the plugin from the Logstash home
 ```sh
-bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
 ```
 - Start Logstash and proceed to test the plugin
 

data/lib/logstash/inputs/github.rb

@@ -17,9 +17,9 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
   # Your GitHub Secret Token for the webhook
   config :secret_token, :validate => :string, :required => false
 
-  # If Secret is defined, we drop the events that don't match. 
-  # Otherwise, we'll just add a invalid tag
-  config :drop_invalid, :validate => :boolean
+  # If Secret is defined, we drop the events that don't match.
+  # Otherwise, we'll just add an invalid tag
+  config :drop_invalid, :validate => :boolean, :default => false
 
   def register
     require "ftw"
@@ -29,27 +29,13 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
   def run(output_queue)
     @server = FTW::WebServer.new(@ip, @port) do |request, response|
         body = request.read_body
-        begin
-          event = LogStash::Event.new(JSON.parse(body))
-        rescue JSON::ParserError => e
-          @logger.info("JSON parse failure. Falling back to plain-text", :error => e, :data => body)
-          event = LogStash::Event.new("message" => body, "tags" => "_invalidjson")
-        end
-        event['headers'] = request.headers.to_hash
-        if defined? @secret_token and event['headers']['x-hub-signature']
-            event['hash'] = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token, body)
-            if not Rack::Utils.secure_compare(event['hash'], event['headers']['x-hub-signature'])
-                if not @drop_invalid
-                    event['tags'] = "_Invalid_Github_Message"
-                else
-                    @logger.info("Dropping invalid Github message")
-                    drop = true
-                end
-            end
-        end
-        if not drop
-            decorate(event)
-            output_queue << event
+        event = build_event_from_request(body, request.headers_.to_hash)
+        valid_event = verify_signature(event,body)
+        if !valid_event && @drop_invalid
+          @logger.info("Dropping invalid Github message")
+        else
+          decorate(event)
+          output_queue << event
         end
         response.status = 200
         response.body = "Accepted!"
@@ -57,6 +43,31 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
     @server.run
   end # def run
 
+  def build_event_from_request(body, headers)
+    begin
+      event = LogStash::Event.new(JSON.parse(body))
+    rescue JSON::ParserError => e
+      @logger.info("JSON parse failure. Falling back to plain-text", :error => e, :data => body)
+      event = LogStash::Event.new("message" => body, "tags" => "_invalidjson")
+    end
+    event.set('headers', headers)
+    return event
+  end
+
+  def verify_signature(event,body)
+    is_valid = true
+    sign_header = event.get("[headers][x-hub-signature]")
+    if @secret_token && sign_header
+      hash = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token, body)
+      event.set("hash", hash)
+      if not Rack::Utils.secure_compare(hash, sign_header)
+        event.tag("_Invalid_Github_Message")
+        is_valid = false
+      end
+    end
+    return is_valid
+  end
+
   def close
     @server.stop
   end # def close

data/logstash-input-github.gemspec

@@ -1,10 +1,10 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-input-github'
-  s.version         = '2.0.5'
+  s.version         = '3.0.1'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Accept events from github webhooks."
-  s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
+  s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
   s.authors         = ["Elastic"]
   s.email           = 'jason.kendall@elastic.co'
   s.homepage        = "http://www.elastic.co/guide/en/logstash/current/index.html"
@@ -20,12 +20,12 @@ Gem::Specification.new do |s|
   s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
 
   # Gem dependencies
-  s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0"
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
 
   s.add_runtime_dependency 'addressable'
   s.add_runtime_dependency 'logstash-codec-plain'
   s.add_runtime_dependency 'ftw', '~> 0.0.42'
 
-  s.add_development_dependency 'logstash-devutils', '~> 0'
+  s.add_development_dependency 'logstash-devutils'
 end
 

data/spec/fixtures/event_create.json

@@ -0,0 +1,113 @@
+{
+  "ref": "0.0.1",
+  "ref_type": "tag",
+  "master_branch": "master",
+  "description": "",
+  "pusher_type": "user",
+  "repository": {
+    "id": 35129377,
+    "name": "public-repo",
+    "full_name": "baxterthehacker/public-repo",
+    "owner": {
+      "login": "baxterthehacker",
+      "id": 6752317,
+      "avatar_url": "https://avatars.githubusercontent.com/u/6752317?v=3",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/baxterthehacker",
+      "html_url": "https://github.com/baxterthehacker",
+      "followers_url": "https://api.github.com/users/baxterthehacker/followers",
+      "following_url": "https://api.github.com/users/baxterthehacker/following{/other_user}",
+      "gists_url": "https://api.github.com/users/baxterthehacker/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/baxterthehacker/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/baxterthehacker/subscriptions",
+      "organizations_url": "https://api.github.com/users/baxterthehacker/orgs",
+      "repos_url": "https://api.github.com/users/baxterthehacker/repos",
+      "events_url": "https://api.github.com/users/baxterthehacker/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/baxterthehacker/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/baxterthehacker/public-repo",
+    "description": "",
+    "fork": false,
+    "url": "https://api.github.com/repos/baxterthehacker/public-repo",
+    "forks_url": "https://api.github.com/repos/baxterthehacker/public-repo/forks",
+    "keys_url": "https://api.github.com/repos/baxterthehacker/public-repo/keys{/key_id}",
+    "collaborators_url": "https://api.github.com/repos/baxterthehacker/public-repo/collaborators{/collaborator}",
+    "teams_url": "https://api.github.com/repos/baxterthehacker/public-repo/teams",
+    "hooks_url": "https://api.github.com/repos/baxterthehacker/public-repo/hooks",
+    "issue_events_url": "https://api.github.com/repos/baxterthehacker/public-repo/issues/events{/number}",
+    "events_url": "https://api.github.com/repos/baxterthehacker/public-repo/events",
+    "assignees_url": "https://api.github.com/repos/baxterthehacker/public-repo/assignees{/user}",
+    "branches_url": "https://api.github.com/repos/baxterthehacker/public-repo/branches{/branch}",
+    "tags_url": "https://api.github.com/repos/baxterthehacker/public-repo/tags",
+    "blobs_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/blobs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/tags{/sha}",
+    "git_refs_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/refs{/sha}",
+    "trees_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/trees{/sha}",
+    "statuses_url": "https://api.github.com/repos/baxterthehacker/public-repo/statuses/{sha}",
+    "languages_url": "https://api.github.com/repos/baxterthehacker/public-repo/languages",
+    "stargazers_url": "https://api.github.com/repos/baxterthehacker/public-repo/stargazers",
+    "contributors_url": "https://api.github.com/repos/baxterthehacker/public-repo/contributors",
+    "subscribers_url": "https://api.github.com/repos/baxterthehacker/public-repo/subscribers",
+    "subscription_url": "https://api.github.com/repos/baxterthehacker/public-repo/subscription",
+    "commits_url": "https://api.github.com/repos/baxterthehacker/public-repo/commits{/sha}",
+    "git_commits_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/commits{/sha}",
+    "comments_url": "https://api.github.com/repos/baxterthehacker/public-repo/comments{/number}",
+    "issue_comment_url": "https://api.github.com/repos/baxterthehacker/public-repo/issues/comments{/number}",
+    "contents_url": "https://api.github.com/repos/baxterthehacker/public-repo/contents/{+path}",
+    "compare_url": "https://api.github.com/repos/baxterthehacker/public-repo/compare/{base}...{head}",
+    "merges_url": "https://api.github.com/repos/baxterthehacker/public-repo/merges",
+    "archive_url": "https://api.github.com/repos/baxterthehacker/public-repo/{archive_format}{/ref}",
+    "downloads_url": "https://api.github.com/repos/baxterthehacker/public-repo/downloads",
+    "issues_url": "https://api.github.com/repos/baxterthehacker/public-repo/issues{/number}",
+    "pulls_url": "https://api.github.com/repos/baxterthehacker/public-repo/pulls{/number}",
+    "milestones_url": "https://api.github.com/repos/baxterthehacker/public-repo/milestones{/number}",
+    "notifications_url": "https://api.github.com/repos/baxterthehacker/public-repo/notifications{?since,all,participating}",
+    "labels_url": "https://api.github.com/repos/baxterthehacker/public-repo/labels{/name}",
+    "releases_url": "https://api.github.com/repos/baxterthehacker/public-repo/releases{/id}",
+    "created_at": "2015-05-05T23:40:12Z",
+    "updated_at": "2015-05-05T23:40:30Z",
+    "pushed_at": "2015-05-05T23:40:38Z",
+    "git_url": "git://github.com/baxterthehacker/public-repo.git",
+    "ssh_url": "git@github.com:baxterthehacker/public-repo.git",
+    "clone_url": "https://github.com/baxterthehacker/public-repo.git",
+    "svn_url": "https://github.com/baxterthehacker/public-repo",
+    "homepage": null,
+    "size": 0,
+    "stargazers_count": 0,
+    "watchers_count": 0,
+    "language": null,
+    "has_issues": true,
+    "has_downloads": true,
+    "has_wiki": true,
+    "has_pages": true,
+    "forks_count": 0,
+    "mirror_url": null,
+    "open_issues_count": 2,
+    "forks": 0,
+    "open_issues": 2,
+    "watchers": 0,
+    "default_branch": "master"
+  },
+  "sender": {
+    "login": "baxterthehacker",
+    "id": 6752317,
+    "avatar_url": "https://avatars.githubusercontent.com/u/6752317?v=3",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/baxterthehacker",
+    "html_url": "https://github.com/baxterthehacker",
+    "followers_url": "https://api.github.com/users/baxterthehacker/followers",
+    "following_url": "https://api.github.com/users/baxterthehacker/following{/other_user}",
+    "gists_url": "https://api.github.com/users/baxterthehacker/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/baxterthehacker/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/baxterthehacker/subscriptions",
+    "organizations_url": "https://api.github.com/users/baxterthehacker/orgs",
+    "repos_url": "https://api.github.com/users/baxterthehacker/repos",
+    "events_url": "https://api.github.com/users/baxterthehacker/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/baxterthehacker/received_events",
+    "type": "User",
+    "site_admin": false
+  }
+}

data/spec/inputs/github_spec.rb

@@ -9,4 +9,50 @@ describe  LogStash::Inputs::GitHub do
   it "register without errors" do
     expect { plugin.register }.to_not raise_error
   end
+
+  describe "building Logstash event from webhook" do
+    let(:body) {IO.read("spec/fixtures/event_create.json")}
+    let(:headers) { {"fake_header" => "fake_value"} }
+    let(:event) {plugin.build_event_from_request(body,headers)}
+
+    it "initialize event from webhook body" do
+      JSON.parse(body).each do |k,v|
+        expect(event.get(k)).to eq(v)
+      end
+    end
+
+    it "copy webhook http headers to event[headers]" do
+      expect(event.get('headers')).to eq (headers)
+    end
+  end
+
+  describe "verify webhook signature" do
+    let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => "my_secret"} ) }
+    let(:body) {IO.read("spec/fixtures/event_create.json")}
+    let(:headers) { {"x-hub-signature" => "hash"} }
+    let(:event) {plugin.build_event_from_request(body,headers)}
+    let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" }
+
+    it "accept event without signature" do
+      event.set('headers',{})
+      expect(plugin.verify_signature(event,body)).to eq(true)
+      expect(event.get("hash")).to be_nil
+      expect(event.get("tags")).to be_nil
+    end
+
+    it "reject event with invalid signature" do
+      event.set('headers',{"x-hub-signature" => "invalid"})
+      expect(plugin.verify_signature(event,body)).to eq(false)
+      expect(event.get("hash")).to eq(hash)
+      expect(event.get("tags")).to eq(["_Invalid_Github_Message"])
+    end
+
+    it "accept event with valid signature" do
+      event.set('headers', {"x-hub-signature" => hash})
+      expect(plugin.verify_signature(event,body)).to eq(true)
+      expect(event.get("hash")).to eq(hash)
+      expect(event.get("tags")).to be_nil
+    end
+
+  end
 end

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-github
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 3.0.1
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-03-24 00:00:00.000000000 Z
+date: 2016-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.99'
   name: logstash-core-plugin-api
   prerelease: false
   type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -69,7 +75,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
@@ -77,10 +83,10 @@ dependencies:
   type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
 email: jason.kendall@elastic.co
 executables: []
 extensions: []
@@ -95,6 +101,7 @@ files:
 - README.md
 - lib/logstash/inputs/github.rb
 - logstash-input-github.gemspec
+- spec/fixtures/event_create.json
 - spec/inputs/github_spec.rb
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
@@ -118,9 +125,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.3
 signing_key:
 specification_version: 4
 summary: Accept events from github webhooks.
 test_files:
+- spec/fixtures/event_create.json
 - spec/inputs/github_spec.rb