logstash-input-github 3.0.10 → 3.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/docs/index.asciidoc +2 -2
- data/lib/logstash/inputs/github.rb +2 -2
- data/logstash-input-github.gemspec +1 -1
- data/spec/inputs/github_spec.rb +12 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5a2e9406f2b0551cab7547fc1388d5736488c5c890be09ed467755ddf0ca44f7
|
4
|
+
data.tar.gz: b4c9e430f3990747bd97ed2102936c1b842a8cad1d68e9482930adf32faf211c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dbeb962c978bc18ba2ab5154d098d3ee9e1616abeb0acd4773b7806543a35aaed89a12025d6d4d27d6bfa222fcc6be2fa7c5c186c6a1091d8fa1aca06a2a0d08
|
7
|
+
data.tar.gz: b79af6da525e68f796c30cce532bce4ec0598d20d84f24f9b45a8374a7baf409db443a3c1f321d9d3c1c6ea20b1fb957d592cf8c59abbe51b1b58a1e88e6adae
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,9 @@
|
|
1
|
+
## 3.0.11
|
2
|
+
- Change `secret_token` config type to `password` for better protection from leaks in debug logs [#23](https://github.com/logstash-plugins/logstash-input-github/pull/23)
|
3
|
+
|
1
4
|
## 3.0.10
|
2
5
|
- Changed the transitive dependency `http_parser.rb` (ftw) version to `~-> 0.6.0` as newer versions are published without the java support.
|
3
|
-
- Fixed crashing when the request body payload is not a JSON object. [#24](https://github.com/logstash-plugins/logstash-input-github/pull/24)
|
6
|
+
- Fixed crashing when the request body payload is not a JSON object. [#24](https://github.com/logstash-plugins/logstash-input-github/pull/24)
|
4
7
|
|
5
8
|
## 3.0.9
|
6
9
|
- Bump ftw dependency to 0.0.49, for compatibility with Logstash 7.x
|
data/docs/index.asciidoc
CHANGED
@@ -34,7 +34,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
34
34
|
| <<plugins-{type}s-{plugin}-drop_invalid>> |<<boolean,boolean>>|No
|
35
35
|
| <<plugins-{type}s-{plugin}-ip>> |<<string,string>>|No
|
36
36
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
|
37
|
-
| <<plugins-{type}s-{plugin}-secret_token>> |<<
|
37
|
+
| <<plugins-{type}s-{plugin}-secret_token>> |<<password,password>>|No
|
38
38
|
|=======================================================================
|
39
39
|
|
40
40
|
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
@@ -71,7 +71,7 @@ The port to listen on
|
|
71
71
|
[id="plugins-{type}s-{plugin}-secret_token"]
|
72
72
|
===== `secret_token`
|
73
73
|
|
74
|
-
* Value type is <<
|
74
|
+
* Value type is <<password,password>>
|
75
75
|
* There is no default value for this setting.
|
76
76
|
|
77
77
|
Your GitHub Secret Token for the webhook
|
@@ -16,7 +16,7 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
|
|
16
16
|
config :port, :validate => :number, :required => true
|
17
17
|
|
18
18
|
# Your GitHub Secret Token for the webhook
|
19
|
-
config :secret_token, :validate => :
|
19
|
+
config :secret_token, :validate => :password, :required => false
|
20
20
|
|
21
21
|
# If Secret is defined, we drop the events that don't match.
|
22
22
|
# Otherwise, we'll just add an invalid tag
|
@@ -77,7 +77,7 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
|
|
77
77
|
|
78
78
|
sign_header = event.get("[headers][x-hub-signature]")
|
79
79
|
if sign_header
|
80
|
-
hash = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token, body)
|
80
|
+
hash = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token.value, body)
|
81
81
|
event.set("hash", hash)
|
82
82
|
return true if Rack::Utils.secure_compare(hash, sign_header)
|
83
83
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-input-github'
|
4
|
-
s.version = '3.0.
|
4
|
+
s.version = '3.0.11'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Reads events from a GitHub webhook"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/inputs/github_spec.rb
CHANGED
@@ -27,7 +27,7 @@ describe LogStash::Inputs::GitHub do
|
|
27
27
|
end
|
28
28
|
|
29
29
|
describe "verify webhook signature if token provided" do
|
30
|
-
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => "my_secret"} ) }
|
30
|
+
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => ::LogStash::Util::Password.new("my_secret")} ) }
|
31
31
|
let(:body) {IO.read("spec/fixtures/event_create.json")}
|
32
32
|
let(:headers) { {"x-hub-signature" => "hash"} }
|
33
33
|
let(:event) {plugin.build_event_from_request(body,headers)}
|
@@ -153,4 +153,15 @@ describe LogStash::Inputs::GitHub do
|
|
153
153
|
end
|
154
154
|
end
|
155
155
|
end
|
156
|
+
|
157
|
+
describe "debugging `secret_token`" do
|
158
|
+
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => ::LogStash::Util::Password.new("my_secret")} ) }
|
159
|
+
|
160
|
+
it "should not show origin value" do
|
161
|
+
expect(plugin.logger).to receive(:debug).with('<password>')
|
162
|
+
|
163
|
+
plugin.register
|
164
|
+
plugin.logger.send(:debug, plugin.secret_token.to_s)
|
165
|
+
end
|
166
|
+
end
|
156
167
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-github
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
- !ruby/object:Gem::Version
|
142
142
|
version: '0'
|
143
143
|
requirements: []
|
144
|
-
rubygems_version: 3.
|
144
|
+
rubygems_version: 3.2.33
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: Reads events from a GitHub webhook
|