logstash-input-imap 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    N2YwMWY0NWI1MDA1NDcxZWIxMTc4NGEzOWRjZmQyODc3MWI5MzA3Mg==
+  data.tar.gz: !binary |-
+    OTcxZDc3ZTBmODUzZDc0YWU1YmQ3ZWRmNzdhMzhjMzMwNDkyODJjNg==
+SHA512:
+  metadata.gz: !binary |-
+    ZDUyODZlNDEyMDczYzBlNzhiODBhNWQyYWQ4MTdmODJiM2Q1ZjcxODgwYWFh
+    OTI1YmI2YzIyNTkzYTk5ZDY5NTNlMDc0MjUxNGZmYWY4MjUxNTYwY2ZiODhm
+    ZjY2OGJmODZjMDljYmE0ODQ5ODc2MGZkMjA2ZTQ1ZTYzM2NlNDc=
+  data.tar.gz: !binary |-
+    MjQ2MmUxYjQ1MzgxY2FjN2Q2MjEyYmIwNWRhZDQ2YWM2OTQxOWQ2OTg0Njg4
+    MTYxZTQ1ZWYwZWM2MmViZWQ5YjQ1MmI5ZGIxODAzZmI3ODg3MDJkYTMzZjE4
+    M2YzM2FkN2M3ZTg5ZGUxMjQ2NDM4ZmQ4ZGFjNTZjZGQ1ZTE4MjM=

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+Gemfile.lock
+.bundle
+vendor

data/Gemfile

@@ -0,0 +1,4 @@
+source 'http://rubygems.org'
+gem 'rake'
+gem 'gem_publisher'
+gem 'archive-tar-minitar'

data/Rakefile

@@ -0,0 +1,6 @@
+@files=[]
+
+task :default do
+  system("rake -T")
+end
+

data/lib/logstash/inputs/imap.rb

@@ -0,0 +1,157 @@
+# encoding: utf-8
+require "logstash/inputs/base"
+require "logstash/namespace"
+require "logstash/timestamp"
+require "stud/interval"
+require "socket" # for Socket.gethostname
+
+# Read mail from IMAP servers
+#
+# Periodically scans INBOX and moves any read messages
+# to the trash.
+class LogStash::Inputs::IMAP < LogStash::Inputs::Base
+  config_name "imap"
+  milestone 1
+
+  default :codec, "plain"
+
+  config :host, :validate => :string, :required => true
+  config :port, :validate => :number
+
+  config :user, :validate => :string, :required => true
+  config :password, :validate => :password, :required => true
+  config :secure, :validate => :boolean, :default => true
+  config :verify_cert, :validate => :boolean, :default => true
+
+  config :fetch_count, :validate => :number, :default => 50
+  config :lowercase_headers, :validate => :boolean, :default => true
+  config :check_interval, :validate => :number, :default => 300
+  config :delete, :validate => :boolean, :default => false
+
+  # For multipart messages, use the first part that has this
+  # content-type as the event message.
+  config :content_type, :validate => :string, :default => "text/plain"
+
+  public
+  def register
+    require "net/imap" # in stdlib
+    require "mail" # gem 'mail'
+
+    if @secure and not @verify_cert
+      @logger.warn("Running IMAP without verifying the certificate may grant attackers unauthorized access to your mailbox or data")
+    end
+
+    if @port.nil?
+      if @secure
+        @port = 993
+      else
+        @port = 143
+      end
+    end
+
+    @content_type_re = Regexp.new("^" + @content_type)
+  end # def register
+
+  def connect
+    sslopt = @secure
+    if @secure and not @verify_cert
+        sslopt = { :verify_mode => OpenSSL::SSL::VERIFY_NONE }
+    end
+    imap = Net::IMAP.new(@host, :port => @port, :ssl => sslopt)
+    imap.login(@user, @password.value)
+    return imap
+  end
+
+  def run(queue)
+    Stud.interval(@check_interval) do
+      check_mail(queue)
+    end
+  end
+
+  def check_mail(queue)
+    # TODO(sissel): handle exceptions happening during runtime:
+    # EOFError, OpenSSL::SSL::SSLError
+    imap = connect
+    imap.select("INBOX")
+    ids = imap.search("NOT SEEN")
+
+    ids.each_slice(@fetch_count) do |id_set|
+      items = imap.fetch(id_set, "RFC822")
+      items.each do |item|
+        next unless item.attr.has_key?("RFC822")
+        mail = Mail.read_from_string(item.attr["RFC822"])
+        queue << parse_mail(mail)
+      end
+
+      imap.store(id_set, '+FLAGS', @delete ? :Deleted : :Seen)
+    end
+
+    imap.close
+    imap.disconnect
+  end # def run
+
+  def parse_mail(mail)
+    # TODO(sissel): What should a multipart message look like as an event?
+    # For now, just take the plain-text part and set it as the message.
+    if mail.parts.count == 0
+      # No multipart message, just use the body as the event text
+      message = mail.body.decoded
+    else
+      # Multipart message; use the first text/plain part we find
+      part = mail.parts.find { |p| p.content_type.match @content_type_re } || mail.parts.first
+      message = part.decoded
+    end
+
+    @codec.decode(message) do |event|
+      # event = LogStash::Event.new("message" => message)
+
+      # Use the 'Date' field as the timestamp
+      event.timestamp = LogStash::Timestamp.new(mail.date.to_time)
+
+      # Add fields: Add message.header_fields { |h| h.name=> h.value }
+      mail.header_fields.each do |header|
+        if @lowercase_headers
+          # 'header.name' can sometimes be a Mail::Multibyte::Chars, get it in
+          # String form
+          name = header.name.to_s.downcase
+        else
+          name = header.name.to_s
+        end
+        # Call .decoded on the header in case it's in encoded-word form.
+        # Details at:
+        #   https://github.com/mikel/mail/blob/master/README.md#encodings
+        #   http://tools.ietf.org/html/rfc2047#section-2
+        value = transcode_to_utf8(header.decoded)
+
+        # Assume we already processed the 'date' above.
+        next if name == "Date"
+
+        case event[name]
+          # promote string to array if a header appears multiple times
+          # (like 'received')
+          when String; event[name] = [event[name], value]
+          when Array; event[name] << value
+          when nil; event[name] = value
+        end
+      end # mail.header_fields.each
+
+      decorate(event)
+      event
+    end
+  end # def handle
+
+  public
+  def teardown
+    $stdin.close
+    finished
+  end # def teardown
+
+  private
+
+  # transcode_to_utf8 is meant for headers transcoding.
+  # the mail gem will set the correct encoding on header strings decoding
+  # and we want to transcode it to utf8
+  def transcode_to_utf8(s)
+    s.encode(Encoding::UTF_8, :invalid => :replace, :undef => :replace)
+  end
+end # class LogStash::Inputs::IMAP

data/logstash-input-imap.gemspec

@@ -0,0 +1,30 @@
+Gem::Specification.new do |s|
+
+  s.name            = 'logstash-input-imap'
+  s.version         = '0.1.0'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "Read mail from IMAP servers"
+  s.description     = "Read mail from IMAP servers. Periodically scans INBOX and moves any read messages to the trash."
+  s.authors         = ["Elasticsearch"]
+  s.email           = 'richard.pijnenburg@elasticsearch.com'
+  s.homepage        = "http://logstash.net/"
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "group" => "input" }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
+
+  s.add_runtime_dependency 'logstash-codec-plain'
+  s.add_runtime_dependency 'mail'
+  s.add_runtime_dependency 'stud'
+
+end
+

data/rakelib/publish.rake

@@ -0,0 +1,9 @@
+require "gem_publisher"
+
+desc "Publish gem to RubyGems.org"
+task :publish_gem do |t|
+  gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
+  gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
+  puts "Published #{gem}" if gem
+end
+

data/rakelib/vendor.rake

@@ -0,0 +1,169 @@
+require "net/http"
+require "uri"
+require "digest/sha1"
+
+def vendor(*args)
+  return File.join("vendor", *args)
+end
+
+directory "vendor/" => ["vendor"] do |task, args|
+  mkdir task.name
+end
+
+def fetch(url, sha1, output)
+
+  puts "Downloading #{url}"
+  actual_sha1 = download(url, output)
+
+  if actual_sha1 != sha1
+    fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
+  end
+end # def fetch
+
+def file_fetch(url, sha1)
+  filename = File.basename( URI(url).path )
+  output = "vendor/#{filename}"
+  task output => [ "vendor/" ] do
+    begin
+      actual_sha1 = file_sha1(output)
+      if actual_sha1 != sha1
+        fetch(url, sha1, output)
+      end
+    rescue Errno::ENOENT
+      fetch(url, sha1, output)
+    end
+  end.invoke
+
+  return output
+end
+
+def file_sha1(path)
+  digest = Digest::SHA1.new
+  fd = File.new(path, "r")
+  while true
+    begin
+      digest << fd.sysread(16384)
+    rescue EOFError
+      break
+    end
+  end
+  return digest.hexdigest
+ensure
+  fd.close if fd
+end
+
+def download(url, output)
+  uri = URI(url)
+  digest = Digest::SHA1.new
+  tmp = "#{output}.tmp"
+  Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
+    request = Net::HTTP::Get.new(uri.path)
+    http.request(request) do |response|
+      fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
+      size = (response["content-length"].to_i || -1).to_f
+      count = 0
+      File.open(tmp, "w") do |fd|
+        response.read_body do |chunk|
+          fd.write(chunk)
+          digest << chunk
+          if size > 0 && $stdout.tty?
+            count += chunk.bytesize
+            $stdout.write(sprintf("\r%0.2f%%", count/size * 100))
+          end
+        end
+      end
+      $stdout.write("\r      \r") if $stdout.tty?
+    end
+  end
+
+  File.rename(tmp, output)
+
+  return digest.hexdigest
+rescue SocketError => e
+  puts "Failure while downloading #{url}: #{e}"
+  raise
+ensure
+  File.unlink(tmp) if File.exist?(tmp)
+end # def download
+
+def untar(tarball, &block)
+  require "archive/tar/minitar"
+  tgz = Zlib::GzipReader.new(File.open(tarball))
+  # Pull out typesdb
+  tar = Archive::Tar::Minitar::Input.open(tgz)
+  tar.each do |entry|
+    path = block.call(entry)
+    next if path.nil?
+    parent = File.dirname(path)
+    
+    mkdir_p parent unless File.directory?(parent)
+
+    # Skip this file if the output file is the same size
+    if entry.directory?
+      mkdir path unless File.directory?(path)
+    else
+      entry_mode = entry.instance_eval { @mode } & 0777
+      if File.exists?(path)
+        stat = File.stat(path)
+        # TODO(sissel): Submit a patch to archive-tar-minitar upstream to
+        # expose headers in the entry.
+        entry_size = entry.instance_eval { @size }
+        # If file sizes are same, skip writing.
+        next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
+      end
+      puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
+      File.open(path, "w") do |fd|
+        # eof? check lets us skip empty files. Necessary because the API provided by
+        # Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
+        # IO object. Something about empty files in this EntryStream causes
+        # IO.copy_stream to throw "can't convert nil into String" on JRuby
+        # TODO(sissel): File a bug about this.
+        while !entry.eof?
+          chunk = entry.read(16384)
+          fd.write(chunk)
+        end
+          #IO.copy_stream(entry, fd)
+      end
+      File.chmod(entry_mode, path)
+    end
+  end
+  tar.close
+  File.unlink(tarball) if File.file?(tarball)
+end # def untar
+
+def ungz(file)
+
+  outpath = file.gsub('.gz', '')
+  tgz = Zlib::GzipReader.new(File.open(file))
+  begin
+    File.open(outpath, "w") do |out|
+      IO::copy_stream(tgz, out)
+    end
+    File.unlink(file)
+  rescue
+    File.unlink(outpath) if File.file?(outpath)
+   raise
+  end
+  tgz.close
+end
+
+desc "Process any vendor files required for this plugin"
+task "vendor" do |task, args|
+
+  @files.each do |file| 
+    download = file_fetch(file['url'], file['sha1'])
+    if download =~ /.tar.gz/
+      prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
+      untar(download) do |entry|
+        if !file['files'].nil?
+          next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
+          out = entry.full_name.split("/").last
+        end
+        File.join('vendor', out)
+      end
+    elsif download =~ /.gz/
+      ungz(download)
+    end
+  end
+
+end

data/spec/inputs/imap_spec.rb

@@ -0,0 +1,93 @@
+# encoding: utf-8
+#
+require 'spec_helper'
+require "logstash/inputs/imap"
+require "mail"
+
+describe LogStash::Inputs::IMAP do
+  user = "logstash"
+  password = "secret"
+  msg_time = Time.new
+  msg_text = "foo\nbar\nbaz"
+  msg_html = "<p>a paragraph</p>\n\n"
+
+  subject do
+    Mail.new do
+      from     "me@example.com"
+      to       "you@example.com"
+      subject  "logstash imap input test"
+      date     msg_time
+      body     msg_text
+      add_file :filename => "some.html", :content => msg_html
+    end
+  end
+
+  context "with both text and html parts" do
+    context "when no content-type selected" do
+      it "should select text/plain part" do
+        config = {"type" => "imap", "host" => "localhost",
+                  "user" => "#{user}", "password" => "#{password}"}
+
+        input = LogStash::Inputs::IMAP.new config
+        input.register
+        event = input.parse_mail(subject)
+        insist { event["message"] } == msg_text
+      end
+    end
+
+    context "when text/html content-type selected" do
+      it "should select text/html part" do
+        config = {"type" => "imap", "host" => "localhost",
+                  "user" => "#{user}", "password" => "#{password}",
+                  "content_type" => "text/html"}
+
+        input = LogStash::Inputs::IMAP.new config
+        input.register
+        event = input.parse_mail(subject)
+        insist { event["message"] } == msg_html
+      end
+    end
+  end
+
+  context "when subject is in RFC 2047 encoded-word format" do
+    it "should be decoded" do
+      subject.subject = "=?iso-8859-1?Q?foo_:_bar?="
+      config = {"type" => "imap", "host" => "localhost",
+                "user" => "#{user}", "password" => "#{password}"}
+
+      input = LogStash::Inputs::IMAP.new config
+      input.register
+      event = input.parse_mail(subject)
+      insist { event["subject"] } == "foo : bar"
+    end
+  end
+
+  context "with multiple values for same header" do
+    it "should add 2 values as array in event" do
+      subject.received = "test1"
+      subject.received = "test2"
+
+      config = {"type" => "imap", "host" => "localhost",
+                "user" => "#{user}", "password" => "#{password}"}
+
+      input = LogStash::Inputs::IMAP.new config
+      input.register
+      event = input.parse_mail(subject)
+      insist { event["received"] } == ["test1", "test2"]
+    end
+
+    it "should add more than 2 values as array in event" do
+      subject.received = "test1"
+      subject.received = "test2"
+      subject.received = "test3"
+
+      config = {"type" => "imap", "host" => "localhost",
+                "user" => "#{user}", "password" => "#{password}"}
+
+      input = LogStash::Inputs::IMAP.new config
+      input.register
+      event = input.parse_mail(subject)
+      insist { event["received"] } == ["test1", "test2", "test3"]
+    end
+  end
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: logstash-input-imap
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Elasticsearch
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-11-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: logstash-codec-plain
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: stud
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Read mail from IMAP servers. Periodically scans INBOX and moves any read
+  messages to the trash.
+email: richard.pijnenburg@elasticsearch.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Rakefile
+- lib/logstash/inputs/imap.rb
+- logstash-input-imap.gemspec
+- rakelib/publish.rake
+- rakelib/vendor.rake
+- spec/inputs/imap_spec.rb
+homepage: http://logstash.net/
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  group: input
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.1
+signing_key: 
+specification_version: 4
+summary: Read mail from IMAP servers
+test_files:
+- spec/inputs/imap_spec.rb