logstash-integration-snmp 4.0.6-java → 4.0.7-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87e91726f2da35d5c128693fe731cabd216590807964ffc0181160eb8a19b216
-  data.tar.gz: 6174140288b22f07ca266fe3a9d929ee4a0777e7b90f6fa2c8c10c41942ced34
+  metadata.gz: f5e701d04ad501b4d2dd73fe4c4ff37ddd64211012889ac138cd7b9a72308cd3
+  data.tar.gz: 2e2d4749b6ea158edd89b24919b85a1dcdc31043ee7493d0d06b00e73af9c907
 SHA512:
-  metadata.gz: cf3f6eb1b7b4588a3516387c5d2a26f4234d4697a3384653c150e2a91cfb12551f9ce3e8f2a7370bcc4f68ac54a897e0533e5e1da6feb6082559eeff65d34c69
-  data.tar.gz: aaaead569d07cb2b4622740cc8fe9bcc0ae97101fb699133650e8e759f60bcb101f4f3ee22f7e232a26e16d67cb3915034077d896258764d4da71701d3947c71
+  metadata.gz: d4ca76a297d01d22ab35c0288e571aaee48693e112fea175bf79f6a95d4868f53896ef9c8f28468bd2362bfe9f338eef8ff80115dff218f902512ccd0ce3690b
+  data.tar.gz: 2d44682187f14ebaee40af56288c37a517e07e0b4adf03fbf7a63db81b8aef6332285a9f3a265af20aa5b988758ad26dd4e554e2d13bb41af6795c732627434e

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 4.0.7
+  - FIX: The `snmptrap` input now correctly enforces the user security level set by `security_level` config, and drops received events that do not match the configured value [#75](https://github.com/logstash-plugins/logstash-integration-snmp/pull/75)
+
 ## 4.0.6
   - [DOC] Fix typo in snmptrap migration section [#74](https://github.com/logstash-plugins/logstash-integration-snmp/pull/74)
 

data/VERSION

@@ -1 +1 @@
-4.0.6
+4.0.7

data/docs/input-snmptrap.asciidoc

@@ -350,8 +350,11 @@ The `priv_protocol` option specifies the SNMPv3 privacy/encryption protocol.
 [id="plugins-{type}s-{plugin}-security_level"]
 ===== `security_level`
 
-  * Value can be any of: `noAuthNoPriv`, `authNoPriv`, `authPriv`
-  * There is no default value for this setting
+  * Value can be any of:
+    - `noAuthNoPriv`: allows receiving traps messages without authentication or encryption.
+    - `authNoPriv`: trap messages must be authenticated according to <<plugins-{type}s-{plugin}-security_name>>/<<plugins-{type}s-{plugin}-auth_protocol>>/<<plugins-{type}s-{plugin}-auth_pass>>. Encrypted messages are allowed but not required.
+    - `authPriv`: trap messages must be both authenticated according to <<plugins-{type}s-{plugin}-security_name>>/<<plugins-{type}s-{plugin}-auth_protocol>>/<<plugins-{type}s-{plugin}-auth_pass>> and encrypted according to <<plugins-{type}s-{plugin}-priv_protocol>>/<<plugins-{type}s-{plugin}-priv_pass>>.
+  * The default value is `noAuthNoPriv`.
 
 The `security_level` option specifies the SNMPv3 security level between
 Authentication, No Privacy; Authentication, Privacy; or no Authentication, no Privacy.

data/lib/logstash/plugin_mixins/snmp/common.rb

@@ -118,7 +118,7 @@ module LogStash
           validate_usm_user! if validate_usm_user
 
           unless @security_name.nil?
-            client_builder.addUsmUser(@security_name, @auth_protocol, @auth_pass&.value, @priv_protocol, @priv_pass&.value)
+            client_builder.addUsmUser(@security_name, @auth_protocol, @auth_pass&.value, @priv_protocol, @priv_pass&.value, @security_level || 'noAuthNoPriv')
           end
 
           client_builder.setMapOidVariableValues(@oid_map_field_values)

data/lib/logstash-integration-snmp_jars.rb

@@ -2,5 +2,6 @@
 
 require 'jar_dependencies'
 require_jar('org.snmp4j', 'snmp4j', '3.8.0')
+require_jar('org.snmp4j', 'snmp4j-log4j', '2.8.11')
 require_jar('org.snakeyaml', 'snakeyaml-engine', '2.7')
-require_jar('org.logstash.integrations', 'plugin', '4.0.6')
+require_jar('org.logstash.integrations', 'plugin', '4.0.7')

data/spec/integration/inputs/snmptrap_spec.rb

@@ -185,6 +185,27 @@ describe LogStash::Inputs::Snmptrap, :integration => true do
           expect(queue.size).to eq(0)
         end
       end
+
+      context 'when receiving a request with invalid security level' do
+        it 'should not process the message' do
+          queue = run_plugin_and_get_queue(plugin, timeout: 3) do
+            @trap_sender.send_trap_v3(target_address, security_name, auth_protocol, auth_pass, priv_protocol, priv_pass, 'noAuthNoPriv', {'1.1' => 'foo'})
+          end
+
+          expect(queue.size).to eq(0)
+        end
+      end
+
+      context 'when receiving a request with higher security level' do
+        let(:security_level) { 'authNoPriv' }
+        it 'should process the message' do
+          queue = run_plugin_and_get_queue(plugin, timeout: 3) do
+            @trap_sender.send_trap_v3(target_address, security_name, auth_protocol, auth_pass, priv_protocol, priv_pass, 'authPriv', {'1.1' => 'foo'})
+          end
+
+          expect(queue.size).to eq(1)
+        end
+      end
     end
 
     context 'with supported_versions' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-integration-snmp
 version: !ruby/object:Gem::Version
-  version: 4.0.6
+  version: 4.0.7
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-23 00:00:00.000000000 Z
+date: 2025-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -469,8 +469,9 @@ files:
 - spec/unit/inputs/common_spec.rb
 - spec/unit/inputs/snmp_spec.rb
 - spec/unit/inputs/snmptrap_spec.rb
-- vendor/jar-dependencies/org/logstash/integrations/plugin/4.0.6/plugin-4.0.6.jar
+- vendor/jar-dependencies/org/logstash/integrations/plugin/4.0.7/plugin-4.0.7.jar
 - vendor/jar-dependencies/org/snakeyaml/snakeyaml-engine/2.7/snakeyaml-engine-2.7.jar
+- vendor/jar-dependencies/org/snmp4j/snmp4j-log4j/2.8.11/snmp4j-log4j-2.8.11.jar
 - vendor/jar-dependencies/org/snmp4j/snmp4j/3.8.0/snmp4j-3.8.0.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses: