logstash-input-imap 3.0.5 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/LICENSE +199 -10
- data/README.md +1 -1
- data/docs/index.asciidoc +105 -17
- data/lib/logstash/inputs/imap.rb +158 -48
- data/logstash-input-imap.gemspec +3 -1
- data/spec/inputs/imap_spec.rb +192 -60
- metadata +31 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 61f403ebf9de18a49ba8f7f930ea04484670701909dd70f8d5e67a31706c0806
|
4
|
+
data.tar.gz: 1ec42dda0d258f515c8e2cb67e0ef3f3bd5e7fe61dc16b5916bb3afa020d1dab
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e588b5e14d17cc88139fd5a869102a47e42f17f9d0777f59808c2f599bbdf0d76ff4566f21a8ebe4e8761a0665ec10b68c69071beda4be8e40ce541c9de245b3
|
7
|
+
data.tar.gz: baf7c0d8f3ee32cd367c2537b9ede816a1aa2d39741edbf80ffec53792bd80b4395864afc4cd4645e796069f2a79a73dac44551bd6e35553cec4685ee6b7f368
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,19 @@
|
|
1
|
+
## 3.2.0
|
2
|
+
- Feat: ECS compatibility [#55](https://github.com/logstash-plugins/logstash-input-imap/pull/55)
|
3
|
+
* added (optional) `headers_target` configuration option
|
4
|
+
* added (optional) `attachments_target` configuration option
|
5
|
+
- Fix: plugin should not close `$stdin`, while being stopped
|
6
|
+
|
7
|
+
## 3.1.0
|
8
|
+
- Adds an option to recursively search the message parts for attachment and inline attachment filenames. If the save_attachments option is set to true, the content of attachments is included in the `attachments.data` field. The attachment data can then be used by the Elasticsearch Ingest Attachment Processor Plugin.
|
9
|
+
[#48](https://github.com/logstash-plugins/logstash-input-imap/pull/48)
|
10
|
+
|
11
|
+
## 3.0.7
|
12
|
+
- Added facility to use IMAP uid to retrieve new mails instead of "NOT SEEN" [#36](https://github.com/logstash-plugins/logstash-input-imap/pull/36)
|
13
|
+
|
14
|
+
## 3.0.6
|
15
|
+
- Docs: Set the default_codec doc attribute.
|
16
|
+
|
1
17
|
## 3.0.5
|
2
18
|
- Update gemspec summary
|
3
19
|
|
data/LICENSE
CHANGED
@@ -1,13 +1,202 @@
|
|
1
|
-
Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
|
2
1
|
|
3
|
-
|
4
|
-
|
5
|
-
|
2
|
+
Apache License
|
3
|
+
Version 2.0, January 2004
|
4
|
+
http://www.apache.org/licenses/
|
6
5
|
|
7
|
-
|
6
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
1. Definitions.
|
9
|
+
|
10
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
11
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
12
|
+
|
13
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
14
|
+
the copyright owner that is granting the License.
|
15
|
+
|
16
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
17
|
+
other entities that control, are controlled by, or are under common
|
18
|
+
control with that entity. For the purposes of this definition,
|
19
|
+
"control" means (i) the power, direct or indirect, to cause the
|
20
|
+
direction or management of such entity, whether by contract or
|
21
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
22
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
23
|
+
|
24
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
25
|
+
exercising permissions granted by this License.
|
26
|
+
|
27
|
+
"Source" form shall mean the preferred form for making modifications,
|
28
|
+
including but not limited to software source code, documentation
|
29
|
+
source, and configuration files.
|
30
|
+
|
31
|
+
"Object" form shall mean any form resulting from mechanical
|
32
|
+
transformation or translation of a Source form, including but
|
33
|
+
not limited to compiled object code, generated documentation,
|
34
|
+
and conversions to other media types.
|
35
|
+
|
36
|
+
"Work" shall mean the work of authorship, whether in Source or
|
37
|
+
Object form, made available under the License, as indicated by a
|
38
|
+
copyright notice that is included in or attached to the work
|
39
|
+
(an example is provided in the Appendix below).
|
40
|
+
|
41
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
42
|
+
form, that is based on (or derived from) the Work and for which the
|
43
|
+
editorial revisions, annotations, elaborations, or other modifications
|
44
|
+
represent, as a whole, an original work of authorship. For the purposes
|
45
|
+
of this License, Derivative Works shall not include works that remain
|
46
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
47
|
+
the Work and Derivative Works thereof.
|
48
|
+
|
49
|
+
"Contribution" shall mean any work of authorship, including
|
50
|
+
the original version of the Work and any modifications or additions
|
51
|
+
to that Work or Derivative Works thereof, that is intentionally
|
52
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
53
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
54
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
55
|
+
means any form of electronic, verbal, or written communication sent
|
56
|
+
to the Licensor or its representatives, including but not limited to
|
57
|
+
communication on electronic mailing lists, source code control systems,
|
58
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
59
|
+
Licensor for the purpose of discussing and improving the Work, but
|
60
|
+
excluding communication that is conspicuously marked or otherwise
|
61
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
62
|
+
|
63
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
64
|
+
on behalf of whom a Contribution has been received by Licensor and
|
65
|
+
subsequently incorporated within the Work.
|
66
|
+
|
67
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
68
|
+
this License, each Contributor hereby grants to You a perpetual,
|
69
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
70
|
+
copyright license to reproduce, prepare Derivative Works of,
|
71
|
+
publicly display, publicly perform, sublicense, and distribute the
|
72
|
+
Work and such Derivative Works in Source or Object form.
|
73
|
+
|
74
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
75
|
+
this License, each Contributor hereby grants to You a perpetual,
|
76
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
77
|
+
(except as stated in this section) patent license to make, have made,
|
78
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
79
|
+
where such license applies only to those patent claims licensable
|
80
|
+
by such Contributor that are necessarily infringed by their
|
81
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
82
|
+
with the Work to which such Contribution(s) was submitted. If You
|
83
|
+
institute patent litigation against any entity (including a
|
84
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
85
|
+
or a Contribution incorporated within the Work constitutes direct
|
86
|
+
or contributory patent infringement, then any patent licenses
|
87
|
+
granted to You under this License for that Work shall terminate
|
88
|
+
as of the date such litigation is filed.
|
89
|
+
|
90
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
91
|
+
Work or Derivative Works thereof in any medium, with or without
|
92
|
+
modifications, and in Source or Object form, provided that You
|
93
|
+
meet the following conditions:
|
94
|
+
|
95
|
+
(a) You must give any other recipients of the Work or
|
96
|
+
Derivative Works a copy of this License; and
|
97
|
+
|
98
|
+
(b) You must cause any modified files to carry prominent notices
|
99
|
+
stating that You changed the files; and
|
100
|
+
|
101
|
+
(c) You must retain, in the Source form of any Derivative Works
|
102
|
+
that You distribute, all copyright, patent, trademark, and
|
103
|
+
attribution notices from the Source form of the Work,
|
104
|
+
excluding those notices that do not pertain to any part of
|
105
|
+
the Derivative Works; and
|
106
|
+
|
107
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
108
|
+
distribution, then any Derivative Works that You distribute must
|
109
|
+
include a readable copy of the attribution notices contained
|
110
|
+
within such NOTICE file, excluding those notices that do not
|
111
|
+
pertain to any part of the Derivative Works, in at least one
|
112
|
+
of the following places: within a NOTICE text file distributed
|
113
|
+
as part of the Derivative Works; within the Source form or
|
114
|
+
documentation, if provided along with the Derivative Works; or,
|
115
|
+
within a display generated by the Derivative Works, if and
|
116
|
+
wherever such third-party notices normally appear. The contents
|
117
|
+
of the NOTICE file are for informational purposes only and
|
118
|
+
do not modify the License. You may add Your own attribution
|
119
|
+
notices within Derivative Works that You distribute, alongside
|
120
|
+
or as an addendum to the NOTICE text from the Work, provided
|
121
|
+
that such additional attribution notices cannot be construed
|
122
|
+
as modifying the License.
|
123
|
+
|
124
|
+
You may add Your own copyright statement to Your modifications and
|
125
|
+
may provide additional or different license terms and conditions
|
126
|
+
for use, reproduction, or distribution of Your modifications, or
|
127
|
+
for any such Derivative Works as a whole, provided Your use,
|
128
|
+
reproduction, and distribution of the Work otherwise complies with
|
129
|
+
the conditions stated in this License.
|
130
|
+
|
131
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
132
|
+
any Contribution intentionally submitted for inclusion in the Work
|
133
|
+
by You to the Licensor shall be under the terms and conditions of
|
134
|
+
this License, without any additional terms or conditions.
|
135
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
136
|
+
the terms of any separate license agreement you may have executed
|
137
|
+
with Licensor regarding such Contributions.
|
138
|
+
|
139
|
+
6. Trademarks. This License does not grant permission to use the trade
|
140
|
+
names, trademarks, service marks, or product names of the Licensor,
|
141
|
+
except as required for reasonable and customary use in describing the
|
142
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
143
|
+
|
144
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
145
|
+
agreed to in writing, Licensor provides the Work (and each
|
146
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
147
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
148
|
+
implied, including, without limitation, any warranties or conditions
|
149
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
150
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
151
|
+
appropriateness of using or redistributing the Work and assume any
|
152
|
+
risks associated with Your exercise of permissions under this License.
|
153
|
+
|
154
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
155
|
+
whether in tort (including negligence), contract, or otherwise,
|
156
|
+
unless required by applicable law (such as deliberate and grossly
|
157
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
158
|
+
liable to You for damages, including any direct, indirect, special,
|
159
|
+
incidental, or consequential damages of any character arising as a
|
160
|
+
result of this License or out of the use or inability to use the
|
161
|
+
Work (including but not limited to damages for loss of goodwill,
|
162
|
+
work stoppage, computer failure or malfunction, or any and all
|
163
|
+
other commercial damages or losses), even if such Contributor
|
164
|
+
has been advised of the possibility of such damages.
|
165
|
+
|
166
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
167
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
168
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
169
|
+
or other liability obligations and/or rights consistent with this
|
170
|
+
License. However, in accepting such obligations, You may act only
|
171
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
172
|
+
of any other Contributor, and only if You agree to indemnify,
|
173
|
+
defend, and hold each Contributor harmless for any liability
|
174
|
+
incurred by, or claims asserted against, such Contributor by reason
|
175
|
+
of your accepting any such warranty or additional liability.
|
176
|
+
|
177
|
+
END OF TERMS AND CONDITIONS
|
178
|
+
|
179
|
+
APPENDIX: How to apply the Apache License to your work.
|
180
|
+
|
181
|
+
To apply the Apache License to your work, attach the following
|
182
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
183
|
+
replaced with your own identifying information. (Don't include
|
184
|
+
the brackets!) The text should be enclosed in the appropriate
|
185
|
+
comment syntax for the file format. We also recommend that a
|
186
|
+
file or class name and description of purpose be included on the
|
187
|
+
same "printed page" as the copyright notice for easier
|
188
|
+
identification within third-party archives.
|
189
|
+
|
190
|
+
Copyright 2020 Elastic and contributors
|
191
|
+
|
192
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
193
|
+
you may not use this file except in compliance with the License.
|
194
|
+
You may obtain a copy of the License at
|
195
|
+
|
196
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
197
|
+
|
198
|
+
Unless required by applicable law or agreed to in writing, software
|
199
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
200
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
201
|
+
See the License for the specific language governing permissions and
|
202
|
+
limitations under the License.
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Logstash Plugin
|
2
2
|
|
3
|
-
[![Travis Build Status](https://travis-ci.
|
3
|
+
[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-input-imap.svg)](https://travis-ci.com/logstash-plugins/logstash-input-imap)
|
4
4
|
|
5
5
|
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
6
6
|
|
data/docs/index.asciidoc
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
:plugin: imap
|
2
2
|
:type: input
|
3
|
+
:default_codec: plain
|
3
4
|
|
4
5
|
///////////////////////////////////////////
|
5
6
|
START - GENERATED VARIABLES, DO NOT EDIT!
|
@@ -25,6 +26,15 @@ Read mails from IMAP server
|
|
25
26
|
Periodically scan an IMAP folder (`INBOX` by default) and move any read messages
|
26
27
|
to the trash.
|
27
28
|
|
29
|
+
[id="plugins-{type}s-{plugin}-ecs"]
|
30
|
+
==== Compatibility with the Elastic Common Schema (ECS)
|
31
|
+
|
32
|
+
The plugin includes sensible defaults that change based on <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>>.
|
33
|
+
When ECS compatibility is disabled, mail headers and attachments are targeted at the root level.
|
34
|
+
When targeting an ECS version, headers and attachments target `@metadata` sub-fields unless configured otherwise in order
|
35
|
+
to avoid conflict with ECS fields.
|
36
|
+
See <<plugins-{type}s-{plugin}-headers_target>>, and <<plugins-{type}s-{plugin}-attachments_target>>.
|
37
|
+
|
28
38
|
[id="plugins-{type}s-{plugin}-options"]
|
29
39
|
==== Imap Input Configuration Options
|
30
40
|
|
@@ -33,18 +43,24 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
33
43
|
[cols="<,<,<",options="header",]
|
34
44
|
|=======================================================================
|
35
45
|
|Setting |Input type|Required
|
46
|
+
| <<plugins-{type}s-{plugin}-attachments_target>> |<<string,string>>|No
|
36
47
|
| <<plugins-{type}s-{plugin}-check_interval>> |<<number,number>>|No
|
37
48
|
| <<plugins-{type}s-{plugin}-content_type>> |<<string,string>>|No
|
38
49
|
| <<plugins-{type}s-{plugin}-delete>> |<<boolean,boolean>>|No
|
50
|
+
| <<plugins-{type}s-{plugin}-ecs_compatibility>> |<<string,string>>|No
|
39
51
|
| <<plugins-{type}s-{plugin}-expunge>> |<<boolean,boolean>>|No
|
40
52
|
| <<plugins-{type}s-{plugin}-fetch_count>> |<<number,number>>|No
|
41
53
|
| <<plugins-{type}s-{plugin}-folder>> |<<string,string>>|No
|
54
|
+
| <<plugins-{type}s-{plugin}-headers_target>> |<<string,string>>|No
|
42
55
|
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|Yes
|
43
56
|
| <<plugins-{type}s-{plugin}-lowercase_headers>> |<<boolean,boolean>>|No
|
44
57
|
| <<plugins-{type}s-{plugin}-password>> |<<password,password>>|Yes
|
45
58
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
|
59
|
+
| <<plugins-{type}s-{plugin}-save_attachments>> |<<boolean,boolean>>|No
|
46
60
|
| <<plugins-{type}s-{plugin}-secure>> |<<boolean,boolean>>|No
|
61
|
+
| <<plugins-{type}s-{plugin}-sincedb_path>> |<<string,string>>|No
|
47
62
|
| <<plugins-{type}s-{plugin}-strip_attachments>> |<<boolean,boolean>>|No
|
63
|
+
| <<plugins-{type}s-{plugin}-uid_tracking>> |<<boolean,boolean>>|No
|
48
64
|
| <<plugins-{type}s-{plugin}-user>> |<<string,string>>|Yes
|
49
65
|
| <<plugins-{type}s-{plugin}-verify_cert>> |<<boolean,boolean>>|No
|
50
66
|
|=======================================================================
|
@@ -54,8 +70,18 @@ input plugins.
|
|
54
70
|
|
55
71
|
|
56
72
|
|
73
|
+
[id="plugins-{type}s-{plugin}-attachments_target"]
|
74
|
+
===== `attachments_target`
|
75
|
+
|
76
|
+
* Value type is <<string,string>>
|
77
|
+
* Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
|
78
|
+
** ECS Compatibility disabled: `"[attachments]"`
|
79
|
+
** ECS Compatibility enabled: `"[@metadata][input][imap][attachments]"
|
80
|
+
|
81
|
+
The name of the field under which mail attachments information will be added, if <<plugins-{type}s-{plugin}-save_attachments>> is set.
|
82
|
+
|
57
83
|
[id="plugins-{type}s-{plugin}-check_interval"]
|
58
|
-
===== `check_interval`
|
84
|
+
===== `check_interval`
|
59
85
|
|
60
86
|
* Value type is <<number,number>>
|
61
87
|
* Default value is `300`
|
@@ -63,24 +89,38 @@ input plugins.
|
|
63
89
|
|
64
90
|
|
65
91
|
[id="plugins-{type}s-{plugin}-content_type"]
|
66
|
-
===== `content_type`
|
92
|
+
===== `content_type`
|
67
93
|
|
68
94
|
* Value type is <<string,string>>
|
69
95
|
* Default value is `"text/plain"`
|
70
96
|
|
71
|
-
For multipart messages, use the first part that has this
|
72
|
-
content-type as the event message.
|
97
|
+
For multipart messages, use the first part that has this content-type as the event message.
|
73
98
|
|
74
99
|
[id="plugins-{type}s-{plugin}-delete"]
|
75
|
-
===== `delete`
|
100
|
+
===== `delete`
|
76
101
|
|
77
102
|
* Value type is <<boolean,boolean>>
|
78
103
|
* Default value is `false`
|
79
104
|
|
80
105
|
|
81
106
|
|
107
|
+
[id="plugins-{type}s-{plugin}-ecs_compatibility"]
|
108
|
+
===== `ecs_compatibility`
|
109
|
+
|
110
|
+
* Value type is <<string,string>>
|
111
|
+
* Supported values are:
|
112
|
+
** `disabled`: does not use ECS-compatible field names (for example, `From` header field is added to the event)
|
113
|
+
** `v1`, `v8`: avoids field names that might conflict with Elastic Common Schema (for example, the `From` header is added as metadata)
|
114
|
+
* Default value depends on which version of Logstash is running:
|
115
|
+
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
116
|
+
** Otherwise, the default value is `disabled`.
|
117
|
+
|
118
|
+
Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
|
119
|
+
The value of this setting affects the _default_ value of <<plugins-{type}s-{plugin}-headers_target>> and
|
120
|
+
<<plugins-{type}s-{plugin}-attachments_target>>.
|
121
|
+
|
82
122
|
[id="plugins-{type}s-{plugin}-expunge"]
|
83
|
-
===== `expunge`
|
123
|
+
===== `expunge`
|
84
124
|
|
85
125
|
* Value type is <<boolean,boolean>>
|
86
126
|
* Default value is `false`
|
@@ -88,7 +128,7 @@ content-type as the event message.
|
|
88
128
|
|
89
129
|
|
90
130
|
[id="plugins-{type}s-{plugin}-fetch_count"]
|
91
|
-
===== `fetch_count`
|
131
|
+
===== `fetch_count`
|
92
132
|
|
93
133
|
* Value type is <<number,number>>
|
94
134
|
* Default value is `50`
|
@@ -96,15 +136,28 @@ content-type as the event message.
|
|
96
136
|
|
97
137
|
|
98
138
|
[id="plugins-{type}s-{plugin}-folder"]
|
99
|
-
===== `folder`
|
139
|
+
===== `folder`
|
100
140
|
|
101
141
|
* Value type is <<string,string>>
|
102
142
|
* Default value is `"INBOX"`
|
103
143
|
|
104
144
|
|
105
145
|
|
146
|
+
[id="plugins-{type}s-{plugin}-headers_target"]
|
147
|
+
===== `headers_target`
|
148
|
+
|
149
|
+
* Value type is <<string,string>>
|
150
|
+
* Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
|
151
|
+
** ECS Compatibility disabled: no default value (for example, the subject header is stored under the `"subject"` name)
|
152
|
+
** ECS Compatibility enabled: `"[@metadata][input][imap][headers]"`
|
153
|
+
|
154
|
+
The name of the field under which mail headers will be added.
|
155
|
+
|
156
|
+
Setting `headers_target => ''` skips headers processing and no header is added to the event.
|
157
|
+
Except the date header, if present, which is always used as the event's `@timestamp`.
|
158
|
+
|
106
159
|
[id="plugins-{type}s-{plugin}-host"]
|
107
|
-
===== `host`
|
160
|
+
===== `host`
|
108
161
|
|
109
162
|
* This is a required setting.
|
110
163
|
* Value type is <<string,string>>
|
@@ -113,7 +166,7 @@ content-type as the event message.
|
|
113
166
|
|
114
167
|
|
115
168
|
[id="plugins-{type}s-{plugin}-lowercase_headers"]
|
116
|
-
===== `lowercase_headers`
|
169
|
+
===== `lowercase_headers`
|
117
170
|
|
118
171
|
* Value type is <<boolean,boolean>>
|
119
172
|
* Default value is `true`
|
@@ -121,7 +174,7 @@ content-type as the event message.
|
|
121
174
|
|
122
175
|
|
123
176
|
[id="plugins-{type}s-{plugin}-password"]
|
124
|
-
===== `password`
|
177
|
+
===== `password`
|
125
178
|
|
126
179
|
* This is a required setting.
|
127
180
|
* Value type is <<password,password>>
|
@@ -130,31 +183,64 @@ content-type as the event message.
|
|
130
183
|
|
131
184
|
|
132
185
|
[id="plugins-{type}s-{plugin}-port"]
|
133
|
-
===== `port`
|
186
|
+
===== `port`
|
134
187
|
|
135
188
|
* Value type is <<number,number>>
|
136
189
|
* There is no default value for this setting.
|
137
190
|
|
191
|
+
[id="plugins-{type}s-{plugin}-save_attachments"]
|
192
|
+
===== `save_attachments`
|
193
|
+
|
194
|
+
* Value type is <<boolean,boolean>>
|
195
|
+
* Default value is `false`
|
138
196
|
|
197
|
+
When set to true the content of attachments will be included in the `attachments.data` field.
|
139
198
|
|
140
199
|
[id="plugins-{type}s-{plugin}-secure"]
|
141
|
-
===== `secure`
|
200
|
+
===== `secure`
|
142
201
|
|
143
202
|
* Value type is <<boolean,boolean>>
|
144
203
|
* Default value is `true`
|
145
204
|
|
205
|
+
[id="plugins-{type}s-{plugin}-sincedb_path"]
|
206
|
+
===== `sincedb_path`
|
207
|
+
|
208
|
+
* Value type is <<string,string>>
|
209
|
+
* There is no default value for this setting.
|
146
210
|
|
211
|
+
Path of the sincedb database file (keeps track of the UID of the last processed
|
212
|
+
mail) that will be written to disk. The default will write sincedb file to
|
213
|
+
`<path.data>/plugins/inputs/imap` directory.
|
214
|
+
NOTE: it must be a file path and not a directory path.
|
147
215
|
|
148
216
|
[id="plugins-{type}s-{plugin}-strip_attachments"]
|
149
|
-
===== `strip_attachments`
|
217
|
+
===== `strip_attachments`
|
150
218
|
|
151
219
|
* Value type is <<boolean,boolean>>
|
152
220
|
* Default value is `false`
|
153
221
|
|
154
222
|
|
155
223
|
|
224
|
+
[id="plugins-{type}s-{plugin}-uid_tracking"]
|
225
|
+
===== `uid_tracking`
|
226
|
+
|
227
|
+
* Value type is <<boolean,boolean>>
|
228
|
+
* Default value is `false`
|
229
|
+
|
230
|
+
When the IMAP input plugin connects to the mailbox for the first time and
|
231
|
+
the UID of the last processed mail is not yet known, the unread mails are
|
232
|
+
first downloaded and the UID of the last processed mail is saved. From
|
233
|
+
this point on, if `uid_tracking` is set to `true`, all new mail will be
|
234
|
+
downloaded regardless of whether they are marked as read or unread. This
|
235
|
+
allows users or other services to use the mailbox simultaneously with the
|
236
|
+
IMAP input plugin. UID of the last processed mail is always saved regardles
|
237
|
+
of the `uid_tracking` value, so you can switch its value as needed. In
|
238
|
+
transition from the previous IMAP input plugin version, first process at least
|
239
|
+
one mail with `uid_tracking` set to `false` to save the UID of the last
|
240
|
+
processed mail and then switch `uid_tracking` to `true`.
|
241
|
+
|
156
242
|
[id="plugins-{type}s-{plugin}-user"]
|
157
|
-
===== `user`
|
243
|
+
===== `user`
|
158
244
|
|
159
245
|
* This is a required setting.
|
160
246
|
* Value type is <<string,string>>
|
@@ -163,7 +249,7 @@ content-type as the event message.
|
|
163
249
|
|
164
250
|
|
165
251
|
[id="plugins-{type}s-{plugin}-verify_cert"]
|
166
|
-
===== `verify_cert`
|
252
|
+
===== `verify_cert`
|
167
253
|
|
168
254
|
* Value type is <<boolean,boolean>>
|
169
255
|
* Default value is `true`
|
@@ -173,4 +259,6 @@ content-type as the event message.
|
|
173
259
|
|
174
260
|
|
175
261
|
[id="plugins-{type}s-{plugin}-common-options"]
|
176
|
-
include::{include_path}/{type}.asciidoc[]
|
262
|
+
include::{include_path}/{type}.asciidoc[]
|
263
|
+
|
264
|
+
:default_codec!:
|
data/lib/logstash/inputs/imap.rb
CHANGED
@@ -3,13 +3,22 @@ require "logstash/inputs/base"
|
|
3
3
|
require "logstash/namespace"
|
4
4
|
require "logstash/timestamp"
|
5
5
|
require "stud/interval"
|
6
|
-
require
|
6
|
+
require 'fileutils'
|
7
|
+
|
8
|
+
require 'logstash/plugin_mixins/ecs_compatibility_support'
|
9
|
+
require 'logstash/plugin_mixins/ecs_compatibility_support/target_check'
|
10
|
+
require 'logstash/plugin_mixins/validator_support/field_reference_validation_adapter'
|
7
11
|
|
8
12
|
# Read mails from IMAP server
|
9
13
|
#
|
10
14
|
# Periodically scan an IMAP folder (`INBOX` by default) and move any read messages
|
11
15
|
# to the trash.
|
12
16
|
class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
17
|
+
|
18
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
|
19
|
+
|
20
|
+
extend LogStash::PluginMixins::ValidatorSupport::FieldReferenceValidationAdapter
|
21
|
+
|
13
22
|
config_name "imap"
|
14
23
|
|
15
24
|
default :codec, "plain"
|
@@ -24,16 +33,57 @@ class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
|
24
33
|
|
25
34
|
config :folder, :validate => :string, :default => 'INBOX'
|
26
35
|
config :fetch_count, :validate => :number, :default => 50
|
27
|
-
config :lowercase_headers, :validate => :boolean, :default => true
|
28
36
|
config :check_interval, :validate => :number, :default => 300
|
37
|
+
|
38
|
+
config :lowercase_headers, :validate => :boolean, :default => true
|
39
|
+
|
40
|
+
config :headers_target, :validate => :field_reference # ECS default: [@metadata][input][imap][headers]
|
41
|
+
|
29
42
|
config :delete, :validate => :boolean, :default => false
|
30
43
|
config :expunge, :validate => :boolean, :default => false
|
44
|
+
|
31
45
|
config :strip_attachments, :validate => :boolean, :default => false
|
32
|
-
|
33
|
-
|
34
|
-
#
|
46
|
+
config :save_attachments, :validate => :boolean, :default => false
|
47
|
+
|
48
|
+
# Legacy default: [attachments]
|
49
|
+
# ECS default: [@metadata][input][imap][attachments]
|
50
|
+
config :attachments_target, :validate => :field_reference
|
51
|
+
|
52
|
+
# For multipart messages, use the first part that has this content-type as the event message.
|
35
53
|
config :content_type, :validate => :string, :default => "text/plain"
|
36
54
|
|
55
|
+
# Whether to use IMAP uid to track last processed message
|
56
|
+
config :uid_tracking, :validate => :boolean, :default => false
|
57
|
+
|
58
|
+
# Path to file with last run time metadata
|
59
|
+
config :sincedb_path, :validate => :string, :required => false
|
60
|
+
|
61
|
+
def initialize(*params)
|
62
|
+
super
|
63
|
+
|
64
|
+
if original_params.include?('headers_target')
|
65
|
+
@headers_target = normalize_field_ref(headers_target)
|
66
|
+
else
|
67
|
+
# NOTE: user specified `headers_target => ''` means disable headers (@headers_target == nil)
|
68
|
+
# unlike our default here (@headers_target == '') causes setting headers at top level ...
|
69
|
+
@headers_target = ecs_compatibility != :disabled ? '[@metadata][input][imap][headers]' : ''
|
70
|
+
end
|
71
|
+
|
72
|
+
if original_params.include?('attachments_target')
|
73
|
+
@attachments_target = normalize_field_ref(attachments_target)
|
74
|
+
else
|
75
|
+
@attachments_target = ecs_compatibility != :disabled ? '[@metadata][input][imap][attachments]' : '[attachments]'
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
# @note a '' target value is normalized to nil
|
80
|
+
def normalize_field_ref(target)
|
81
|
+
return nil if target.nil? || target.empty?
|
82
|
+
# so we can later event.set("#{target}[#{name}]", ...)
|
83
|
+
target.match?(/\A[^\[\]]+\z/) ? "[#{target}]" : target
|
84
|
+
end
|
85
|
+
private :normalize_field_ref
|
86
|
+
|
37
87
|
def register
|
38
88
|
require "net/imap" # in stdlib
|
39
89
|
require "mail" # gem 'mail'
|
@@ -50,6 +100,23 @@ class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
|
50
100
|
end
|
51
101
|
end
|
52
102
|
|
103
|
+
# Load last processed IMAP uid from file if exists
|
104
|
+
if @sincedb_path.nil?
|
105
|
+
datapath = File.join(LogStash::SETTINGS.get_value("path.data"), "plugins", "inputs", "imap")
|
106
|
+
# Ensure that the filepath exists before writing, since it's deeply nested.
|
107
|
+
FileUtils::mkdir_p datapath
|
108
|
+
@sincedb_path = File.join(datapath, ".sincedb_" + Digest::MD5.hexdigest("#{@user}_#{@host}_#{@port}_#{@folder}"))
|
109
|
+
@logger.debug? && @logger.debug("Generated sincedb path", sincedb_path: @sincedb_path)
|
110
|
+
end
|
111
|
+
@logger.info("Using", sincedb_path: @sincedb_path)
|
112
|
+
if File.exist?(@sincedb_path)
|
113
|
+
if File.directory?(@sincedb_path)
|
114
|
+
raise ArgumentError.new("The \"sincedb_path\" argument must point to a file, received a directory: \"#{@sincedb_path}\"")
|
115
|
+
end
|
116
|
+
@uid_last_value = File.read(@sincedb_path).to_i
|
117
|
+
@logger.debug? && @logger.debug("Loaded from sincedb", uid_last_value: @uid_last_value)
|
118
|
+
end
|
119
|
+
|
53
120
|
@content_type_re = Regexp.new("^" + @content_type)
|
54
121
|
end # def register
|
55
122
|
|
@@ -75,39 +142,73 @@ class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
|
75
142
|
# EOFError, OpenSSL::SSL::SSLError
|
76
143
|
imap = connect
|
77
144
|
imap.select(@folder)
|
78
|
-
|
145
|
+
if @uid_tracking && @uid_last_value
|
146
|
+
# If there are no new messages, uid_search returns @uid_last_value
|
147
|
+
# because it is the last message, so we need to delete it.
|
148
|
+
ids = imap.uid_search(["UID", (@uid_last_value+1..-1)]).delete_if { |uid|
|
149
|
+
uid <= @uid_last_value
|
150
|
+
}
|
151
|
+
else
|
152
|
+
ids = imap.uid_search("NOT SEEN")
|
153
|
+
end
|
79
154
|
|
80
155
|
ids.each_slice(@fetch_count) do |id_set|
|
81
|
-
items = imap.
|
156
|
+
items = imap.uid_fetch(id_set, ["BODY.PEEK[]", "UID"])
|
82
157
|
items.each do |item|
|
83
|
-
next unless item.attr.has_key?("
|
84
|
-
mail = Mail.read_from_string(item.attr["
|
158
|
+
next unless item.attr.has_key?("BODY[]")
|
159
|
+
mail = Mail.read_from_string(item.attr["BODY[]"])
|
85
160
|
if @strip_attachments
|
86
161
|
queue << parse_mail(mail.without_attachments!)
|
87
162
|
else
|
88
163
|
queue << parse_mail(mail)
|
89
164
|
end
|
165
|
+
# Mark message as processed
|
166
|
+
@uid_last_value = item.attr["UID"]
|
167
|
+
imap.uid_store(@uid_last_value, '+FLAGS', @delete || @expunge ? :Deleted : :Seen)
|
168
|
+
|
169
|
+
# Stop message processing if it is requested
|
170
|
+
break if stop?
|
90
171
|
end
|
91
172
|
|
92
|
-
|
93
|
-
|
173
|
+
# Expunge deleted messages
|
174
|
+
imap.expunge() if @expunge
|
175
|
+
|
176
|
+
# Stop message fetching if it is requested
|
177
|
+
break if stop?
|
94
178
|
end
|
95
179
|
|
96
|
-
|
97
|
-
|
98
|
-
#
|
99
|
-
|
100
|
-
|
101
|
-
|
180
|
+
rescue => e
|
181
|
+
@logger.error("Encountered error #{e.class}", :message => e.message, :backtrace => e.backtrace)
|
182
|
+
# Do not raise error, check_mail will be invoked in the next run time
|
183
|
+
ensure
|
184
|
+
# Close the connection (and ignore errors)
|
185
|
+
imap.close rescue nil
|
186
|
+
imap.disconnect rescue nil
|
187
|
+
|
188
|
+
# Always save @uid_last_value so when tracking is switched from
|
189
|
+
# "NOT SEEN" to "UID" we will continue from first unprocessed message
|
190
|
+
if @uid_last_value
|
191
|
+
@logger.debug? && @logger.debug("Saving to sincedb", uid_last_value: @uid_last_value)
|
192
|
+
File.write(@sincedb_path, @uid_last_value)
|
102
193
|
end
|
194
|
+
end
|
103
195
|
|
104
|
-
|
105
|
-
|
196
|
+
def parse_attachments(mail)
|
197
|
+
attachments = []
|
198
|
+
mail.attachments.each do |attachment|
|
199
|
+
if @save_attachments
|
200
|
+
attachments << { "filename" => attachment.filename, "data" => attachment.body.encoded }
|
201
|
+
else
|
202
|
+
attachments << { "filename" => attachment.filename}
|
203
|
+
end
|
204
|
+
end
|
205
|
+
return attachments
|
106
206
|
end
|
107
207
|
|
108
208
|
def parse_mail(mail)
|
109
209
|
# Add a debug message so we can track what message might cause an error later
|
110
|
-
@logger.debug? && @logger.debug("
|
210
|
+
@logger.debug? && @logger.debug("Processing mail", message_id: mail.message_id)
|
211
|
+
|
111
212
|
# TODO(sissel): What should a multipart message look like as an event?
|
112
213
|
# For now, just take the plain-text part and set it as the message.
|
113
214
|
if mail.parts.count == 0
|
@@ -117,36 +218,20 @@ class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
|
117
218
|
# Multipart message; use the first text/plain part we find
|
118
219
|
part = mail.parts.find { |p| p.content_type.match @content_type_re } || mail.parts.first
|
119
220
|
message = part.decoded
|
221
|
+
|
222
|
+
# Parse attachments
|
223
|
+
attachments = parse_attachments(mail)
|
120
224
|
end
|
121
225
|
|
122
226
|
@codec.decode(message) do |event|
|
123
227
|
# Use the 'Date' field as the timestamp
|
124
228
|
event.timestamp = LogStash::Timestamp.new(mail.date.to_time)
|
125
229
|
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
# Details at:
|
132
|
-
# https://github.com/mikel/mail/blob/master/README.md#encodings
|
133
|
-
# http://tools.ietf.org/html/rfc2047#section-2
|
134
|
-
value = transcode_to_utf8(header.decoded.to_s)
|
135
|
-
|
136
|
-
# Assume we already processed the 'date' above.
|
137
|
-
next if name == "Date"
|
138
|
-
|
139
|
-
case (field = event.get(name))
|
140
|
-
when String
|
141
|
-
# promote string to array if a header appears multiple times
|
142
|
-
# (like 'received')
|
143
|
-
event.set(name, [field, value])
|
144
|
-
when Array
|
145
|
-
field << value
|
146
|
-
event.set(name, field)
|
147
|
-
when nil
|
148
|
-
event.set(name, value)
|
149
|
-
end
|
230
|
+
process_headers(mail, event) if @headers_target
|
231
|
+
|
232
|
+
# Add attachments
|
233
|
+
if attachments && attachments.length > 0 && @attachments_target
|
234
|
+
event.set(@attachments_target, attachments)
|
150
235
|
end
|
151
236
|
|
152
237
|
decorate(event)
|
@@ -154,9 +239,35 @@ class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
|
154
239
|
end
|
155
240
|
end
|
156
241
|
|
242
|
+
def process_headers(mail, event)
|
243
|
+
# Add fields: Add message.header_fields { |h| h.name=> h.value }
|
244
|
+
mail.header_fields.each do |header|
|
245
|
+
# 'header.name' can sometimes be a Mail::Multibyte::Chars, get it in String form
|
246
|
+
name = header.name.to_s
|
247
|
+
name = name.downcase if @lowercase_headers
|
248
|
+
|
249
|
+
# Call .decoded on the header in case it's in encoded-word form.
|
250
|
+
# Details at:
|
251
|
+
# https://github.com/mikel/mail/blob/master/README.md#encodings
|
252
|
+
# http://tools.ietf.org/html/rfc2047#section-2
|
253
|
+
value = transcode_to_utf8(header.decoded)
|
254
|
+
|
255
|
+
targeted_name = "#{@headers_target}[#{name}]"
|
256
|
+
case (field = event.get(targeted_name))
|
257
|
+
when String
|
258
|
+
# promote string to array if a header appears multiple times (like 'received')
|
259
|
+
event.set(targeted_name, [field, value])
|
260
|
+
when Array
|
261
|
+
field << value
|
262
|
+
event.set(targeted_name, field)
|
263
|
+
when nil
|
264
|
+
event.set(targeted_name, value)
|
265
|
+
end
|
266
|
+
end
|
267
|
+
end
|
268
|
+
|
157
269
|
def stop
|
158
270
|
Stud.stop!(@run_thread)
|
159
|
-
$stdin.close
|
160
271
|
end
|
161
272
|
|
162
273
|
private
|
@@ -165,8 +276,7 @@ class LogStash::Inputs::IMAP < LogStash::Inputs::Base
|
|
165
276
|
# the mail gem will set the correct encoding on header strings decoding
|
166
277
|
# and we want to transcode it to utf8
|
167
278
|
def transcode_to_utf8(s)
|
168
|
-
|
169
|
-
|
170
|
-
end
|
279
|
+
return nil if s.nil?
|
280
|
+
s.encode(Encoding::UTF_8, :invalid => :replace, :undef => :replace)
|
171
281
|
end
|
172
282
|
end
|
data/logstash-input-imap.gemspec
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-input-imap'
|
4
|
-
s.version = '3.0
|
4
|
+
s.version = '3.2.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Reads mail from an IMAP server"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -21,6 +21,8 @@ Gem::Specification.new do |s|
|
|
21
21
|
|
22
22
|
# Gem dependencies
|
23
23
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
24
|
+
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~> 1.3'
|
25
|
+
s.add_runtime_dependency 'logstash-mixin-validator_support', '~> 1.0'
|
24
26
|
s.add_runtime_dependency 'logstash-codec-plain'
|
25
27
|
s.add_runtime_dependency 'mail', '~> 2.6.3'
|
26
28
|
s.add_runtime_dependency 'mime-types', '2.6.2'
|
data/spec/inputs/imap_spec.rb
CHANGED
@@ -1,9 +1,11 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
require "logstash/devutils/rspec/spec_helper"
|
3
|
+
require "logstash/devutils/rspec/shared_examples"
|
4
|
+
require 'logstash/plugin_mixins/ecs_compatibility_support/spec_helper'
|
3
5
|
require "logstash/inputs/imap"
|
4
6
|
require "mail"
|
5
7
|
require "net/imap"
|
6
|
-
|
8
|
+
require "base64"
|
7
9
|
|
8
10
|
describe LogStash::Inputs::IMAP do
|
9
11
|
|
@@ -25,7 +27,7 @@ describe LogStash::Inputs::IMAP do
|
|
25
27
|
allow(imap).to receive(:store)
|
26
28
|
allow(ids).to receive(:each_slice).and_return([])
|
27
29
|
|
28
|
-
allow(imap).to receive(:
|
30
|
+
allow(imap).to receive(:uid_search).with("NOT SEEN").and_return(ids)
|
29
31
|
allow(Net::IMAP).to receive(:new).and_return(imap)
|
30
32
|
end
|
31
33
|
end
|
@@ -33,103 +35,233 @@ describe LogStash::Inputs::IMAP do
|
|
33
35
|
|
34
36
|
end
|
35
37
|
|
36
|
-
describe LogStash::Inputs::IMAP do
|
38
|
+
describe LogStash::Inputs::IMAP, :ecs_compatibility_support do
|
37
39
|
user = "logstash"
|
38
40
|
password = "secret"
|
39
41
|
msg_time = Time.new
|
40
42
|
msg_text = "foo\nbar\nbaz"
|
41
43
|
msg_html = "<p>a paragraph</p>\n\n"
|
44
|
+
msg_binary = "\x42\x43\x44"
|
45
|
+
msg_unencoded = "raw text 🐐"
|
46
|
+
|
47
|
+
let(:config) do
|
48
|
+
{ "host" => "localhost", "user" => "#{user}", "password" => "#{password}" }
|
49
|
+
end
|
50
|
+
|
51
|
+
subject(:input) do
|
52
|
+
LogStash::Inputs::IMAP.new config
|
53
|
+
end
|
42
54
|
|
43
|
-
|
55
|
+
let(:mail) do
|
44
56
|
Mail.new do
|
45
57
|
from "me@example.com"
|
46
58
|
to "you@example.com"
|
47
59
|
subject "logstash imap input test"
|
48
60
|
date msg_time
|
49
61
|
body msg_text
|
62
|
+
message_id '<123@message.id>' # 'Message-ID' header
|
63
|
+
# let's have some headers:
|
64
|
+
header['X-Priority'] = '3'
|
65
|
+
header['X-Bot-ID'] = '111'
|
66
|
+
header['X-AES-Category'] = 'LEGIT'
|
67
|
+
header['X-Spam-Category'] = 'LEGIT'
|
68
|
+
header['Spam-Stopper-Id'] = '464bbb1a-1b86-4006-8a09-ce797fb56346'
|
69
|
+
header['Spam-Stopper-v2'] = 'Yes'
|
70
|
+
header['X-Mailer'] = 'Microsoft Outlook Express 6.00.2800.1106'
|
71
|
+
header['X-MimeOLE'] = 'Produced By Microsoft MimeOLE V6.00.2800.1106'
|
50
72
|
add_file :filename => "some.html", :content => msg_html
|
73
|
+
add_file :filename => "image.png", :content => msg_binary
|
74
|
+
add_file :filename => "unencoded.data", :content => msg_unencoded, :content_transfer_encoding => "7bit"
|
51
75
|
end
|
52
76
|
end
|
53
77
|
|
54
|
-
|
78
|
+
before do
|
79
|
+
input.register
|
80
|
+
end
|
81
|
+
|
82
|
+
ecs_compatibility_matrix(:disabled, :v1, :v8) do |ecs_select|
|
83
|
+
|
84
|
+
let(:ecs_compatibility?) { ecs_select.active_mode != :disabled }
|
85
|
+
|
86
|
+
let (:config) { super().merge('ecs_compatibility' => ecs_select.active_mode) }
|
87
|
+
|
55
88
|
context "when no content-type selected" do
|
56
89
|
it "should select text/plain part" do
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
input = LogStash::Inputs::IMAP.new config
|
61
|
-
input.register
|
62
|
-
event = input.parse_mail(subject)
|
63
|
-
insist { event.get("message") } == msg_text
|
90
|
+
event = input.parse_mail(mail)
|
91
|
+
expect( event.get("message") ).to eql msg_text
|
64
92
|
end
|
65
93
|
end
|
66
94
|
|
67
95
|
context "when text/html content-type selected" do
|
96
|
+
let(:config) { super().merge("content_type" => "text/html") }
|
97
|
+
|
68
98
|
it "should select text/html part" do
|
69
|
-
|
70
|
-
|
71
|
-
|
99
|
+
event = input.parse_mail(mail)
|
100
|
+
expect( event.get("message") ).to eql msg_html
|
101
|
+
end
|
102
|
+
end
|
72
103
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
104
|
+
context "mail headers" do
|
105
|
+
let(:config) { super().merge("lowercase_headers" => true) } # default
|
106
|
+
|
107
|
+
before { @event = input.parse_mail(mail) }
|
108
|
+
|
109
|
+
it "sets all header fields" do
|
110
|
+
if ecs_compatibility?
|
111
|
+
expect( @event.get("[@metadata][input][imap][headers][x-spam-category]") ).to eql 'LEGIT'
|
112
|
+
expect( @event.get("[@metadata][input][imap][headers][x-aes-category]") ).to eql 'LEGIT'
|
113
|
+
expect( @event.get("[@metadata][input][imap][headers][x-bot-id]") ).to eql '111'
|
114
|
+
['spam-stopper-id', 'spam-stopper-v2', 'x-mimeole', 'message-id', 'x-priority'].each do |name|
|
115
|
+
expect( @event.include?("[@metadata][input][imap][headers][#{name}]") ).to be true
|
116
|
+
end
|
117
|
+
expect( @event.get("[@metadata][input][imap][headers][from]") ).to eql 'me@example.com'
|
118
|
+
expect( @event.get("[@metadata][input][imap][headers][to]") ).to eql 'you@example.com'
|
119
|
+
expect( @event.get("[@metadata][input][imap][headers][subject]") ).to eql 'logstash imap input test'
|
120
|
+
else
|
121
|
+
expect( @event.get("x-spam-category") ).to eql 'LEGIT'
|
122
|
+
expect( @event.get("x-aes-category") ).to eql 'LEGIT'
|
123
|
+
expect( @event.get("x-bot-id") ).to eql '111'
|
124
|
+
['spam-stopper-id', 'spam-stopper-v2', 'x-mimeole', 'message-id', 'x-priority'].each do |name|
|
125
|
+
expect( @event.include?(name) ).to be true
|
126
|
+
end
|
127
|
+
expect( @event.get("from") ).to eql 'me@example.com'
|
128
|
+
expect( @event.get("to") ).to eql 'you@example.com'
|
129
|
+
expect( @event.get("subject") ).to eql 'logstash imap input test'
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
it 'does include the date header' do
|
134
|
+
expect( @event.include?('date') ).to be true unless ecs_compatibility?
|
135
|
+
expect( @event.include?('Date') ).to be false
|
77
136
|
end
|
78
137
|
end
|
79
|
-
end
|
80
138
|
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
139
|
+
context "mail headers (not lower-cased)" do
|
140
|
+
let(:config) { super().merge("lowercase_headers" => false) }
|
141
|
+
|
142
|
+
before { @event = input.parse_mail(mail) }
|
143
|
+
|
144
|
+
it "sets all header fields" do
|
145
|
+
if ecs_compatibility?
|
146
|
+
expect( @event.get("[@metadata][input][imap][headers][X-Spam-Category]") ).to eql 'LEGIT'
|
147
|
+
expect( @event.get("[@metadata][input][imap][headers][X-AES-Category]") ).to eql 'LEGIT'
|
148
|
+
expect( @event.get("[@metadata][input][imap][headers][X-Bot-ID]") ).to eql '111'
|
149
|
+
['Spam-Stopper-Id', 'Spam-Stopper-v2', 'X-MimeOLE', 'Message-ID', 'X-Priority'].each do |name|
|
150
|
+
expect( @event.include?("[@metadata][input][imap][headers][#{name}]") ).to be true
|
151
|
+
end
|
152
|
+
expect( @event.get("[@metadata][input][imap][headers][From]") ).to eql 'me@example.com'
|
153
|
+
expect( @event.get("[@metadata][input][imap][headers][To]") ).to eql 'you@example.com'
|
154
|
+
expect( @event.get("[@metadata][input][imap][headers][Subject]") ).to eql 'logstash imap input test'
|
155
|
+
else
|
156
|
+
expect( @event.get("X-Spam-Category") ).to eql 'LEGIT'
|
157
|
+
expect( @event.get("X-AES-Category") ).to eql 'LEGIT'
|
158
|
+
expect( @event.get("X-Bot-ID") ).to eql '111'
|
159
|
+
['Spam-Stopper-Id', 'Spam-Stopper-v2', 'X-MimeOLE', 'Message-ID', 'X-Priority'].each do |name|
|
160
|
+
expect( @event.include?(name) ).to be true
|
161
|
+
end
|
162
|
+
expect( @event.get("From") ).to eql 'me@example.com'
|
163
|
+
expect( @event.get("To") ).to eql 'you@example.com'
|
164
|
+
expect( @event.get("Subject") ).to eql 'logstash imap input test'
|
165
|
+
end
|
166
|
+
end
|
86
167
|
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
insist { event.get("subject") } == "foo : bar"
|
168
|
+
it 'does include the date header' do
|
169
|
+
expect( @event.include?('Date') ).to be true unless ecs_compatibility?
|
170
|
+
end
|
91
171
|
end
|
92
|
-
end
|
93
172
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
173
|
+
context "headers_target => ''" do
|
174
|
+
let(:config) { super().merge("headers_target" => '') }
|
175
|
+
|
176
|
+
before { @event = input.parse_mail(mail) }
|
177
|
+
|
178
|
+
it "does not set any header fields" do
|
179
|
+
['From', 'To', 'Subject', 'subject', 'Date', 'date'].each do |name|
|
180
|
+
expect( @event.include?(name) ).to be false # legacy
|
181
|
+
expect( @event.include?("[@metadata][input][imap][headers][#{name}]") ).to be false # ecs
|
182
|
+
end
|
183
|
+
end
|
184
|
+
end
|
185
|
+
|
186
|
+
context "when subject is in RFC 2047 encoded-word format" do
|
187
|
+
before do
|
188
|
+
mail.subject = "=?iso-8859-1?Q?foo_:_bar?="
|
189
|
+
end
|
190
|
+
|
191
|
+
it "should be decoded" do
|
192
|
+
event = input.parse_mail(mail)
|
193
|
+
if ecs_compatibility?
|
194
|
+
expect( event.get("[@metadata][input][imap][headers][subject]") ).to eql "foo : bar"
|
195
|
+
else
|
196
|
+
expect( event.get("subject") ).to eql "foo : bar"
|
197
|
+
end
|
198
|
+
end
|
199
|
+
end
|
200
|
+
|
201
|
+
context "with multiple values for same header" do
|
202
|
+
it "should add 2 values as array in event" do
|
203
|
+
mail.received = "test1"
|
204
|
+
mail.received = "test2"
|
205
|
+
|
206
|
+
event = input.parse_mail(mail)
|
207
|
+
expected_value = ["test1", "test2"]
|
208
|
+
if ecs_compatibility?
|
209
|
+
expect( event.get("[@metadata][input][imap][headers][received]") ).to eql expected_value
|
210
|
+
else
|
211
|
+
expect( event.get("received") ).to eql expected_value
|
212
|
+
end
|
213
|
+
end
|
98
214
|
|
99
|
-
|
100
|
-
|
215
|
+
it "should add more than 2 values as array in event" do
|
216
|
+
mail.received = "test1"
|
217
|
+
mail.received = "test2"
|
218
|
+
mail.received = "test3"
|
101
219
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
220
|
+
event = input.parse_mail(mail)
|
221
|
+
expected_value = ["test1", "test2", "test3"]
|
222
|
+
if ecs_compatibility?
|
223
|
+
expect( event.get("[@metadata][input][imap][headers][received]") ).to eql expected_value
|
224
|
+
else
|
225
|
+
expect( event.get("received") ).to eql expected_value
|
226
|
+
end
|
227
|
+
end
|
106
228
|
end
|
107
229
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
subject.received = "test3"
|
230
|
+
context "when a header field is nil" do
|
231
|
+
it "should parse mail" do
|
232
|
+
mail.header['X-Custom-Header'] = nil
|
112
233
|
|
113
|
-
|
114
|
-
|
234
|
+
event = input.parse_mail(mail)
|
235
|
+
expect( event.get("message") ).to eql msg_text
|
236
|
+
end
|
237
|
+
end
|
115
238
|
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
239
|
+
context "attachments" do
|
240
|
+
it "should extract filenames" do
|
241
|
+
event = input.parse_mail(mail)
|
242
|
+
target = ecs_compatibility? ? '[@metadata][input][imap][attachments]' : 'attachments'
|
243
|
+
expect( event.get(target) ).to eql [
|
244
|
+
{"filename"=>"some.html"},
|
245
|
+
{"filename"=>"image.png"},
|
246
|
+
{"filename"=>"unencoded.data"}
|
247
|
+
]
|
248
|
+
end
|
120
249
|
end
|
121
|
-
end
|
122
250
|
|
123
|
-
|
124
|
-
|
125
|
-
subject.header['X-Custom-Header'] = nil
|
126
|
-
config = {"type" => "imap", "host" => "localhost",
|
127
|
-
"user" => "#{user}", "password" => "#{password}"}
|
251
|
+
context "with attachments saving" do
|
252
|
+
let(:config) { super().merge("save_attachments" => true) }
|
128
253
|
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
254
|
+
it "should extract the encoded content" do
|
255
|
+
event = input.parse_mail(mail)
|
256
|
+
target = ecs_compatibility? ? '[@metadata][input][imap][attachments]' : 'attachments'
|
257
|
+
expect( event.get(target) ).to eql [
|
258
|
+
{"data"=> Base64.encode64(msg_html).encode(crlf_newline: true), "filename"=>"some.html"},
|
259
|
+
{"data"=> Base64.encode64(msg_binary).encode(crlf_newline: true), "filename"=>"image.png"},
|
260
|
+
{"data"=> msg_unencoded, "filename"=>"unencoded.data"}
|
261
|
+
]
|
262
|
+
end
|
133
263
|
end
|
264
|
+
|
134
265
|
end
|
266
|
+
|
135
267
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-imap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-12-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -30,6 +30,34 @@ dependencies:
|
|
30
30
|
- - "<="
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '2.99'
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
requirement: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - "~>"
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '1.3'
|
39
|
+
name: logstash-mixin-ecs_compatibility_support
|
40
|
+
prerelease: false
|
41
|
+
type: :runtime
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '1.3'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - "~>"
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: '1.0'
|
53
|
+
name: logstash-mixin-validator_support
|
54
|
+
prerelease: false
|
55
|
+
type: :runtime
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '1.0'
|
33
61
|
- !ruby/object:Gem::Dependency
|
34
62
|
requirement: !ruby/object:Gem::Requirement
|
35
63
|
requirements:
|
@@ -139,8 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
139
167
|
- !ruby/object:Gem::Version
|
140
168
|
version: '0'
|
141
169
|
requirements: []
|
142
|
-
|
143
|
-
rubygems_version: 2.6.11
|
170
|
+
rubygems_version: 3.1.6
|
144
171
|
signing_key:
|
145
172
|
specification_version: 4
|
146
173
|
summary: Reads mail from an IMAP server
|