logstash-input-github 3.0.7 → 3.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -1
- data/lib/logstash/inputs/github.rb +8 -7
- data/logstash-input-github.gemspec +1 -2
- data/spec/inputs/github_spec.rb +34 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 898fe5db49e5f2c9afd605e854ed5e7ff5e06f1273aaa3b23bc07c1aa5501811
|
|
4
|
+
data.tar.gz: 5bcda0a722657238ad889d952d3a36eb4e6dc49efe3a69f458a91c889332be21
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d5bd835b01a9d7ef70e777b83ca729b693471f95124daaa1184432a45ab1c523de390281a07f48583ec3dfa9fd915d6a3ce78e3138b67885b040a86cdb4ddb62
|
|
7
|
+
data.tar.gz: 448a11174158e05fc093b2085898d766304490f6c821a8735f47bab8ec80542b1cac677f51e77e1b9bedabaaff01b4c42bc42c8ab446f45c99424ce28294df16
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 3.0.8
|
|
2
|
+
- Require x-hub-signature header if secret_token defined
|
|
3
|
+
|
|
1
4
|
## 3.0.7
|
|
2
5
|
- Docs: Set the default_codec doc attribute.
|
|
3
6
|
|
|
@@ -28,4 +31,3 @@
|
|
|
28
31
|
- Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
|
|
29
32
|
instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
|
|
30
33
|
- Dependency on logstash-core update to 2.0
|
|
31
|
-
|
|
@@ -63,17 +63,18 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
def verify_signature(event,body)
|
|
66
|
-
|
|
66
|
+
# skip validation if we have no secret token
|
|
67
|
+
return true unless @secret_token
|
|
68
|
+
|
|
67
69
|
sign_header = event.get("[headers][x-hub-signature]")
|
|
68
|
-
if
|
|
70
|
+
if sign_header
|
|
69
71
|
hash = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token, body)
|
|
70
72
|
event.set("hash", hash)
|
|
71
|
-
if
|
|
72
|
-
event.tag("_Invalid_Github_Message")
|
|
73
|
-
is_valid = false
|
|
74
|
-
end
|
|
73
|
+
return true if Rack::Utils.secure_compare(hash, sign_header)
|
|
75
74
|
end
|
|
76
|
-
|
|
75
|
+
|
|
76
|
+
event.tag("_Invalid_Github_Message")
|
|
77
|
+
return false
|
|
77
78
|
end
|
|
78
79
|
|
|
79
80
|
def stop
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-input-github'
|
|
4
|
-
s.version = '3.0.
|
|
4
|
+
s.version = '3.0.8'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Reads events from a GitHub webhook"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -28,4 +28,3 @@ Gem::Specification.new do |s|
|
|
|
28
28
|
|
|
29
29
|
s.add_development_dependency 'logstash-devutils'
|
|
30
30
|
end
|
|
31
|
-
|
data/spec/inputs/github_spec.rb
CHANGED
|
@@ -26,18 +26,18 @@ describe LogStash::Inputs::GitHub do
|
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
describe "verify webhook signature" do
|
|
29
|
+
describe "verify webhook signature if token provided" do
|
|
30
30
|
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => "my_secret"} ) }
|
|
31
31
|
let(:body) {IO.read("spec/fixtures/event_create.json")}
|
|
32
32
|
let(:headers) { {"x-hub-signature" => "hash"} }
|
|
33
33
|
let(:event) {plugin.build_event_from_request(body,headers)}
|
|
34
34
|
let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" }
|
|
35
35
|
|
|
36
|
-
it "
|
|
36
|
+
it "reject event without signature" do
|
|
37
37
|
event.set('headers',{})
|
|
38
|
-
expect(plugin.verify_signature(event,body)).to eq(
|
|
38
|
+
expect(plugin.verify_signature(event,body)).to eq(false)
|
|
39
39
|
expect(event.get("hash")).to be_nil
|
|
40
|
-
expect(event.get("tags")).to
|
|
40
|
+
expect(event.get("tags")).to eq(["_Invalid_Github_Message"])
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it "reject event with invalid signature" do
|
|
@@ -56,6 +56,36 @@ describe LogStash::Inputs::GitHub do
|
|
|
56
56
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
+
describe "don't validate webhook if token missing" do
|
|
60
|
+
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999} ) }
|
|
61
|
+
let(:body) {IO.read("spec/fixtures/event_create.json")}
|
|
62
|
+
let(:headers) { {"x-hub-signature" => "hash"} }
|
|
63
|
+
let(:event) {plugin.build_event_from_request(body,headers)}
|
|
64
|
+
let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" }
|
|
65
|
+
|
|
66
|
+
it "accept event without signature" do
|
|
67
|
+
event.set('headers',{})
|
|
68
|
+
expect(plugin.verify_signature(event,body)).to eq(true)
|
|
69
|
+
expect(event.get("hash")).to be_nil
|
|
70
|
+
expect(event.get("tags")).to be_nil
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
it "accept event with invalid signature" do
|
|
74
|
+
event.set('headers',{"x-hub-signature" => "invalid"})
|
|
75
|
+
expect(plugin.verify_signature(event,body)).to eq(true)
|
|
76
|
+
expect(event.get("hash")).to be_nil
|
|
77
|
+
expect(event.get("tags")).to be_nil
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it "accept event with valid signature" do
|
|
81
|
+
event.set('headers', {"x-hub-signature" => hash})
|
|
82
|
+
expect(plugin.verify_signature(event,body)).to eq(true)
|
|
83
|
+
expect(event.get("hash")).to be_nil
|
|
84
|
+
expect(event.get("tags")).to be_nil
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
end
|
|
88
|
+
|
|
59
89
|
describe 'graceful shutdown' do
|
|
60
90
|
context 'when underlying webserver crashes' do
|
|
61
91
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-github
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-07-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,7 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
130
|
rubyforge_project:
|
|
131
|
-
rubygems_version: 2.6.
|
|
131
|
+
rubygems_version: 2.6.13
|
|
132
132
|
signing_key:
|
|
133
133
|
specification_version: 4
|
|
134
134
|
summary: Reads events from a GitHub webhook
|