logstash-input-github 3.0.7 → 3.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -1
- data/lib/logstash/inputs/github.rb +8 -7
- data/logstash-input-github.gemspec +1 -2
- data/spec/inputs/github_spec.rb +34 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 898fe5db49e5f2c9afd605e854ed5e7ff5e06f1273aaa3b23bc07c1aa5501811
|
|
4
|
+
data.tar.gz: 5bcda0a722657238ad889d952d3a36eb4e6dc49efe3a69f458a91c889332be21
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d5bd835b01a9d7ef70e777b83ca729b693471f95124daaa1184432a45ab1c523de390281a07f48583ec3dfa9fd915d6a3ce78e3138b67885b040a86cdb4ddb62
|
|
7
|
+
data.tar.gz: 448a11174158e05fc093b2085898d766304490f6c821a8735f47bab8ec80542b1cac677f51e77e1b9bedabaaff01b4c42bc42c8ab446f45c99424ce28294df16
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 3.0.8
|
|
2
|
+
- Require x-hub-signature header if secret_token defined
|
|
3
|
+
|
|
1
4
|
## 3.0.7
|
|
2
5
|
- Docs: Set the default_codec doc attribute.
|
|
3
6
|
|
|
@@ -28,4 +31,3 @@
|
|
|
28
31
|
- Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
|
|
29
32
|
instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
|
|
30
33
|
- Dependency on logstash-core update to 2.0
|
|
31
|
-
|
|
@@ -63,17 +63,18 @@ class LogStash::Inputs::GitHub < LogStash::Inputs::Base
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
def verify_signature(event,body)
|
|
66
|
-
|
|
66
|
+
# skip validation if we have no secret token
|
|
67
|
+
return true unless @secret_token
|
|
68
|
+
|
|
67
69
|
sign_header = event.get("[headers][x-hub-signature]")
|
|
68
|
-
if
|
|
70
|
+
if sign_header
|
|
69
71
|
hash = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token, body)
|
|
70
72
|
event.set("hash", hash)
|
|
71
|
-
if
|
|
72
|
-
event.tag("_Invalid_Github_Message")
|
|
73
|
-
is_valid = false
|
|
74
|
-
end
|
|
73
|
+
return true if Rack::Utils.secure_compare(hash, sign_header)
|
|
75
74
|
end
|
|
76
|
-
|
|
75
|
+
|
|
76
|
+
event.tag("_Invalid_Github_Message")
|
|
77
|
+
return false
|
|
77
78
|
end
|
|
78
79
|
|
|
79
80
|
def stop
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-input-github'
|
|
4
|
-
s.version = '3.0.
|
|
4
|
+
s.version = '3.0.8'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Reads events from a GitHub webhook"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -28,4 +28,3 @@ Gem::Specification.new do |s|
|
|
|
28
28
|
|
|
29
29
|
s.add_development_dependency 'logstash-devutils'
|
|
30
30
|
end
|
|
31
|
-
|
data/spec/inputs/github_spec.rb
CHANGED
|
@@ -26,18 +26,18 @@ describe LogStash::Inputs::GitHub do
|
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
describe "verify webhook signature" do
|
|
29
|
+
describe "verify webhook signature if token provided" do
|
|
30
30
|
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => "my_secret"} ) }
|
|
31
31
|
let(:body) {IO.read("spec/fixtures/event_create.json")}
|
|
32
32
|
let(:headers) { {"x-hub-signature" => "hash"} }
|
|
33
33
|
let(:event) {plugin.build_event_from_request(body,headers)}
|
|
34
34
|
let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" }
|
|
35
35
|
|
|
36
|
-
it "
|
|
36
|
+
it "reject event without signature" do
|
|
37
37
|
event.set('headers',{})
|
|
38
|
-
expect(plugin.verify_signature(event,body)).to eq(
|
|
38
|
+
expect(plugin.verify_signature(event,body)).to eq(false)
|
|
39
39
|
expect(event.get("hash")).to be_nil
|
|
40
|
-
expect(event.get("tags")).to
|
|
40
|
+
expect(event.get("tags")).to eq(["_Invalid_Github_Message"])
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it "reject event with invalid signature" do
|
|
@@ -56,6 +56,36 @@ describe LogStash::Inputs::GitHub do
|
|
|
56
56
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
+
describe "don't validate webhook if token missing" do
|
|
60
|
+
let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999} ) }
|
|
61
|
+
let(:body) {IO.read("spec/fixtures/event_create.json")}
|
|
62
|
+
let(:headers) { {"x-hub-signature" => "hash"} }
|
|
63
|
+
let(:event) {plugin.build_event_from_request(body,headers)}
|
|
64
|
+
let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" }
|
|
65
|
+
|
|
66
|
+
it "accept event without signature" do
|
|
67
|
+
event.set('headers',{})
|
|
68
|
+
expect(plugin.verify_signature(event,body)).to eq(true)
|
|
69
|
+
expect(event.get("hash")).to be_nil
|
|
70
|
+
expect(event.get("tags")).to be_nil
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
it "accept event with invalid signature" do
|
|
74
|
+
event.set('headers',{"x-hub-signature" => "invalid"})
|
|
75
|
+
expect(plugin.verify_signature(event,body)).to eq(true)
|
|
76
|
+
expect(event.get("hash")).to be_nil
|
|
77
|
+
expect(event.get("tags")).to be_nil
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it "accept event with valid signature" do
|
|
81
|
+
event.set('headers', {"x-hub-signature" => hash})
|
|
82
|
+
expect(plugin.verify_signature(event,body)).to eq(true)
|
|
83
|
+
expect(event.get("hash")).to be_nil
|
|
84
|
+
expect(event.get("tags")).to be_nil
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
end
|
|
88
|
+
|
|
59
89
|
describe 'graceful shutdown' do
|
|
60
90
|
context 'when underlying webserver crashes' do
|
|
61
91
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-github
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-07-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,7 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
130
|
rubyforge_project:
|
|
131
|
-
rubygems_version: 2.6.
|
|
131
|
+
rubygems_version: 2.6.13
|
|
132
132
|
signing_key:
|
|
133
133
|
specification_version: 4
|
|
134
134
|
summary: Reads events from a GitHub webhook
|