logstash-input-http 3.3.6-java → 3.3.7-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +1 -1
- data/VERSION +1 -1
- data/lib/logstash-input-http_jars.rb +1 -1
- data/lib/logstash/inputs/http.rb +35 -12
- data/spec/inputs/http_spec.rb +71 -13
- data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/{3.3.6/logstash-input-http-3.3.6.jar → 3.3.7/logstash-input-http-3.3.7.jar} +0 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 54f79df86047dc4665583a75e63b4591f83ed2f84e65fb929a8fe37fb0e9dc1b
|
|
4
|
+
data.tar.gz: 1724158e44d48abc422fab25e6c74ede26331905e07659b2bf3831a1e6511b0e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a89c121e52f20ee03847c25aba4c16c8d1ed9ca18008b16f49171908e72b124d11c2aafb4b41c5d7ddd8b5ebadbe8fd098d77780bb1bcf963cf843be6d87004b
|
|
7
|
+
data.tar.gz: 5df3104d6853908ddb95801111c27682bb8e41b07925f0c401a33868df1d32297631adb667d9ca896c9da0630218ebb5d668bd9034517ab6ed1ec21162f1125b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 3.3.7
|
|
2
|
+
- Feat: improved error handling/logging/unwraping [#133](https://github.com/logstash-plugins/logstash-input-http/pull/133)
|
|
3
|
+
|
|
1
4
|
## 3.3.6
|
|
2
5
|
- Fixes a regression introduced in 3.1.0's migration to the Netty back-end that broke some users'
|
|
3
6
|
browser-based workflows. When an instance of this plugin that is configured to require Basic
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Logstash Plugin
|
|
2
2
|
|
|
3
|
-
[](https://travis-ci.com/logstash-plugins/logstash-input-http)
|
|
4
4
|
|
|
5
5
|
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
|
6
6
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.3.
|
|
1
|
+
3.3.7
|
|
@@ -3,4 +3,4 @@
|
|
|
3
3
|
require 'jar_dependencies'
|
|
4
4
|
require_jar('io.netty', 'netty-all', '4.1.49.Final')
|
|
5
5
|
require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
|
|
6
|
-
require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.3.
|
|
6
|
+
require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.3.7')
|
data/lib/logstash/inputs/http.rb
CHANGED
|
@@ -217,16 +217,16 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
217
217
|
def build_ssl_params
|
|
218
218
|
return nil unless @ssl
|
|
219
219
|
|
|
220
|
-
ssl_builder = nil
|
|
221
|
-
|
|
222
220
|
if @keystore && @keystore_password
|
|
223
221
|
ssl_builder = org.logstash.plugins.inputs.http.util.JksSslBuilder.new(@keystore, @keystore_password.value)
|
|
224
222
|
else
|
|
225
223
|
begin
|
|
226
|
-
ssl_builder = org.logstash.plugins.inputs.http.util.SslSimpleBuilder
|
|
227
|
-
|
|
224
|
+
ssl_builder = org.logstash.plugins.inputs.http.util.SslSimpleBuilder
|
|
225
|
+
.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
|
|
226
|
+
.setCipherSuites(normalized_ciphers)
|
|
228
227
|
rescue java.lang.IllegalArgumentException => e
|
|
229
|
-
|
|
228
|
+
@logger.error("SSL configuration invalid", error_details(e))
|
|
229
|
+
raise LogStash::ConfigurationError, e
|
|
230
230
|
end
|
|
231
231
|
|
|
232
232
|
if client_authentication?
|
|
@@ -234,13 +234,7 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
234
234
|
end
|
|
235
235
|
end
|
|
236
236
|
|
|
237
|
-
|
|
238
|
-
ssl_handler_provider = org.logstash.plugins.inputs.http.util.SslHandlerProvider.new(ssl_context)
|
|
239
|
-
ssl_handler_provider.setVerifyMode(@ssl_verify_mode_final.upcase)
|
|
240
|
-
ssl_handler_provider.setProtocols(convert_protocols)
|
|
241
|
-
ssl_handler_provider.setHandshakeTimeoutMilliseconds(@ssl_handshake_timeout)
|
|
242
|
-
|
|
243
|
-
ssl_handler_provider
|
|
237
|
+
new_ssl_handshake_provider(ssl_builder)
|
|
244
238
|
end
|
|
245
239
|
|
|
246
240
|
def ssl_key_configured?
|
|
@@ -259,6 +253,8 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
259
253
|
@ssl_verify_mode_final == "force_peer" || @ssl_verify_mode_final == "peer"
|
|
260
254
|
end
|
|
261
255
|
|
|
256
|
+
private
|
|
257
|
+
|
|
262
258
|
def normalized_ciphers
|
|
263
259
|
@cipher_suites.map(&:upcase)
|
|
264
260
|
end
|
|
@@ -267,4 +263,31 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
267
263
|
TLS.get_supported(@tls_min_version..@tls_max_version).map(&:name)
|
|
268
264
|
end
|
|
269
265
|
|
|
266
|
+
def new_ssl_handshake_provider(ssl_builder)
|
|
267
|
+
begin
|
|
268
|
+
ssl_handler_provider = org.logstash.plugins.inputs.http.util.SslHandlerProvider.new(ssl_builder.build())
|
|
269
|
+
ssl_handler_provider.setVerifyMode(@ssl_verify_mode_final.upcase)
|
|
270
|
+
ssl_handler_provider.setProtocols(convert_protocols)
|
|
271
|
+
ssl_handler_provider.setHandshakeTimeoutMilliseconds(@ssl_handshake_timeout)
|
|
272
|
+
ssl_handler_provider
|
|
273
|
+
rescue java.lang.IllegalArgumentException => e
|
|
274
|
+
@logger.error("SSL configuration invalid", error_details(e))
|
|
275
|
+
raise LogStash::ConfigurationError, e
|
|
276
|
+
rescue java.lang.Exception => e
|
|
277
|
+
@logger.error("SSL configuration failed", error_details(e, true))
|
|
278
|
+
raise e
|
|
279
|
+
end
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
def error_details(e, trace = false)
|
|
283
|
+
error_details = { :exception => e.class, :message => e.message }
|
|
284
|
+
error_details[:backtrace] = e.backtrace if trace || @logger.debug?
|
|
285
|
+
cause = e.cause
|
|
286
|
+
if cause && e != cause
|
|
287
|
+
error_details[:cause] = { :exception => cause.class, :message => cause.message }
|
|
288
|
+
error_details[:cause][:backtrace] = cause.backtrace if trace || @logger.debug?
|
|
289
|
+
end
|
|
290
|
+
error_details
|
|
291
|
+
end
|
|
292
|
+
|
|
270
293
|
end # class LogStash::Inputs::Http
|
data/spec/inputs/http_spec.rb
CHANGED
|
@@ -386,21 +386,21 @@ describe LogStash::Inputs::Http do
|
|
|
386
386
|
let(:ssl_certificate) { ssc.certificate }
|
|
387
387
|
let(:ssl_key) { ssc.private_key }
|
|
388
388
|
|
|
389
|
+
let(:config) do
|
|
390
|
+
{ "port" => port, "ssl" => true, "ssl_certificate" => ssl_certificate.path, "ssl_key" => ssl_key.path }
|
|
391
|
+
end
|
|
392
|
+
|
|
389
393
|
after(:each) { ssc.delete }
|
|
390
394
|
|
|
391
|
-
subject { LogStash::Inputs::Http.new(
|
|
392
|
-
|
|
393
|
-
"ssl_key" => ssl_key.path) }
|
|
395
|
+
subject { LogStash::Inputs::Http.new(config) }
|
|
396
|
+
|
|
394
397
|
it "should not raise exception" do
|
|
395
398
|
expect { subject.register }.to_not raise_exception
|
|
396
399
|
end
|
|
397
400
|
|
|
398
401
|
context "with ssl_verify_mode = none" do
|
|
399
|
-
subject { LogStash::Inputs::Http.new("
|
|
400
|
-
|
|
401
|
-
"ssl_key" => ssl_key.path,
|
|
402
|
-
"ssl_verify_mode" => "none"
|
|
403
|
-
) }
|
|
402
|
+
subject { LogStash::Inputs::Http.new(config.merge("ssl_verify_mode" => "none")) }
|
|
403
|
+
|
|
404
404
|
it "should not raise exception" do
|
|
405
405
|
expect { subject.register }.to_not raise_exception
|
|
406
406
|
end
|
|
@@ -419,11 +419,8 @@ describe LogStash::Inputs::Http do
|
|
|
419
419
|
end
|
|
420
420
|
end
|
|
421
421
|
context "with verify_mode = none" do
|
|
422
|
-
subject { LogStash::Inputs::Http.new("
|
|
423
|
-
|
|
424
|
-
"ssl_key" => ssl_key.path,
|
|
425
|
-
"verify_mode" => "none"
|
|
426
|
-
) }
|
|
422
|
+
subject { LogStash::Inputs::Http.new(config.merge("verify_mode" => "none")) }
|
|
423
|
+
|
|
427
424
|
it "should not raise exception" do
|
|
428
425
|
expect { subject.register }.to_not raise_exception
|
|
429
426
|
end
|
|
@@ -441,6 +438,67 @@ describe LogStash::Inputs::Http do
|
|
|
441
438
|
end
|
|
442
439
|
end
|
|
443
440
|
end
|
|
441
|
+
|
|
442
|
+
context "with invalid cipher_suites" do
|
|
443
|
+
let(:config) { super.merge("cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
|
|
444
|
+
|
|
445
|
+
it "should raise a configuration error" do
|
|
446
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
|
447
|
+
expect( msg ).to match /.*?configuration invalid/
|
|
448
|
+
expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
|
|
449
|
+
end
|
|
450
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
|
451
|
+
end
|
|
452
|
+
end
|
|
453
|
+
|
|
454
|
+
context "with invalid ssl certificate" do
|
|
455
|
+
before do
|
|
456
|
+
cert = File.readlines path = config["ssl_certificate"]
|
|
457
|
+
i = cert.index { |line| line.index('END CERTIFICATE') }
|
|
458
|
+
cert[i - 1] = ''
|
|
459
|
+
File.write path, cert.join("\n")
|
|
460
|
+
end
|
|
461
|
+
|
|
462
|
+
it "should raise a configuration error" do
|
|
463
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
|
464
|
+
expect( msg ).to match /SSL configuration invalid/
|
|
465
|
+
expect( opts[:message] ).to match /File does not contain valid certificate/i
|
|
466
|
+
end
|
|
467
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
|
468
|
+
end
|
|
469
|
+
end
|
|
470
|
+
|
|
471
|
+
context "with invalid ssl key config" do
|
|
472
|
+
let(:config) { super.merge("ssl_key_passphrase" => "1234567890") }
|
|
473
|
+
|
|
474
|
+
it "should raise a configuration error" do
|
|
475
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
|
476
|
+
expect( msg ).to match /SSL configuration invalid/
|
|
477
|
+
expect( opts[:message] ).to match /File does not contain valid private key/i
|
|
478
|
+
end
|
|
479
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
|
480
|
+
end
|
|
481
|
+
end
|
|
482
|
+
|
|
483
|
+
context "with invalid ssl certificate_authorities" do
|
|
484
|
+
let(:config) do
|
|
485
|
+
super.merge("ssl_verify_mode" => "peer",
|
|
486
|
+
"ssl_certificate_authorities" => [ ssc.certificate.path, ssc.private_key.path ])
|
|
487
|
+
end
|
|
488
|
+
|
|
489
|
+
it "should raise a cert error" do
|
|
490
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
|
491
|
+
expect( msg ).to match(/SSL configuration failed/), lambda { "unexpected: logger.error #{msg.inspect}, #{opts.inspect}" }
|
|
492
|
+
expect( opts[:message] ).to match /signed fields invalid/
|
|
493
|
+
end
|
|
494
|
+
begin
|
|
495
|
+
subject.register
|
|
496
|
+
rescue Java::JavaSecurityCert::CertificateParsingException
|
|
497
|
+
:pass
|
|
498
|
+
end
|
|
499
|
+
end
|
|
500
|
+
end
|
|
501
|
+
|
|
444
502
|
end
|
|
445
503
|
end
|
|
446
504
|
end
|
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-http
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.3.
|
|
4
|
+
version: 3.3.7
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -146,7 +146,7 @@ files:
|
|
|
146
146
|
- spec/inputs/http_spec.rb
|
|
147
147
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
|
|
148
148
|
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
|
|
149
|
-
- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.3.
|
|
149
|
+
- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.3.7/logstash-input-http-3.3.7.jar
|
|
150
150
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
|
151
151
|
licenses:
|
|
152
152
|
- Apache License (2.0)
|