logstash-logger 0.22.1 → 0.23.0

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.23.0
+
+- Adds support for SSL host verification to the TCP device. [#114](https://github.com/dwbutler/logstash-logger/pull/114)
+- Fixes `NoMethodError` when `nil` tags are used in tagged logging. [#123](https://github.com/dwbutler/logstash-logger/issues/123)
+
 ## 0.22.1
 
 - Fixes compatibility with ActiveJob. [#112](https://github.com/dwbutler/logstash-logger/issues/112)

data/README.md

@@ -1,9 +1,10 @@
 # LogStashLogger
 [![Build Status](https://travis-ci.org/dwbutler/logstash-logger.svg?branch=master)](https://travis-ci.org/dwbutler/logstash-logger) [![Code Climate](https://codeclimate.com/github/dwbutler/logstash-logger/badges/gpa.svg)](https://codeclimate.com/github/dwbutler/logstash-logger) [![codecov.io](http://codecov.io/github/dwbutler/logstash-logger/coverage.svg?branch=master)](http://codecov.io/github/dwbutler/logstash-logger?branch=master)
 
-LogStashLogger extends Ruby's `Logger` class to log directly to [logstash](http://logstash.net).
+LogStashLogger extends Ruby's `Logger` class to log directly to
+[Logstash](https://www.elastic.co/products/logstash).
 It supports writing to various outputs in logstash JSON format. This is an improvement over
-writing to a file or syslog since logstash can receive the structured data directly.
+writing to a file or syslog since Logstash can receive the structured data directly.
 
 ## Features
 
@@ -185,6 +186,15 @@ You can also enable SSL without a certificate:
 LogStashLogger.new(type: :tcp, port: 5228, ssl_enable: true)
 ```
 
+Specify an SSL context to have more control over the behavior. For example,
+set the verify mode:
+
+```ruby
+ctx = OpenSSL::SSL::SSLContext.new
+ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
+LogStashLogger.new(type: :tcp, port: 5228, ssl_context: ctx)
+```
+
 The following Logstash configuration is required for SSL:
 
 ```ruby
@@ -200,6 +210,53 @@ input {
 }
 ```
 
+### Hostname Verification
+
+Hostname verification is enabled by default. Without further configuration,
+the hostname supplied to `:host` will be used to verify the server's certificate
+identity.
+
+If you don't pass an `:ssl_context` or pass a falsey value to the
+`:verify_hostname` option, hostname verification will not occur.
+
+#### Examples
+
+**Verify the hostname from the `:host` option**
+
+```ruby
+ctx = OpenSSL::SSL::SSLContext.new
+ctx.cert = '/path/to/cert.pem'
+ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+LogStashLogger.new \
+  type: :tcp,
+  host: 'logstash.example.com'
+  port: 5228,
+  ssl_context: ctx
+```
+
+**Verify a hostname different from the `:host` option**
+
+```ruby
+LogStashLogger.new \
+  type: :tcp,
+  host: '1.2.3.4'
+  port: 5228,
+  ssl_context: ctx,
+  verify_hostname: 'server.example.com'
+```
+
+**Explicitly disable hostname verification**
+
+```ruby
+LogStashLogger.new \
+  type: :tcp,
+  host: '1.2.3.4'
+  port: 5228,
+  ssl_context: ctx,
+  verify_hostname: false
+```
+
 ## Custom Log Fields
 
 `LogStashLogger` by default will log a JSON object with the format below.
@@ -719,6 +776,9 @@ logger = LogStashLogger.new('localhost', 5228, :tcp)
 * [Courtland Caldwell](https://github.com/caldwecr)
 * [Bibek Shrestha](https://github.com/bibstha)
 * [Alex Ianus](https://github.com/aianus)
+* [Craig Read](https://github.com/Catharz)
+* [glaszig](https://github.com/glaszig)
+* [Bin Lan](https://github.com/lanxx019)
 
 ## Contributing
 

data/lib/logstash-logger/device/base.rb

@@ -35,12 +35,6 @@ module LogStashLogger
         end
       end
 
-      def write_batch(messages, group = nil)
-        messages.each do |message|
-          @io.write(message)
-        end
-      end
-
       def flush
         @io && @io.flush
       end

data/lib/logstash-logger/device/tcp.rb

@@ -9,36 +9,75 @@ module LogStashLogger
         super
 
         @ssl_certificate = opts[:ssl_certificate]
-        @use_ssl = !!(@ssl_certificate || opts[:use_ssl] || opts[:ssl_enable])
+        @ssl_context = opts[:ssl_context]
+        @use_ssl = !!(@ssl_certificate || opts[:ssl_context])
+        @use_ssl = opts[:ssl_enable] if opts.has_key? :ssl_enable
+        if opts.has_key?(:use_ssl)
+          @use_ssl = opts[:use_ssl]
+          warn "[LogStashLogger] The use_ssl option is deprecated. Use ssl_enable instead."
+        end
+        @verify_hostname = opts.fetch(:verify_hostname, true)
+      end
+
+      def ssl_context
+        return unless use_ssl?
+        @ssl_context || certificate_context
       end
 
       def use_ssl?
-        @use_ssl || !@ssl_certificate.nil?
+        @use_ssl
       end
 
       def connect
         if use_ssl?
-          ssl_connect
-        else
-          non_ssl_connect
+          io.connect
+          verify_hostname!
         end
+        io
+      end
 
-        @io
+      def io
+        @io ||= if use_ssl?
+          ssl_io
+        else
+          tcp_io
+        end
       end
 
       protected
 
-      def non_ssl_connect
-        @io = TCPSocket.new(@host, @port).tap do |socket|
+      def tcp_io
+        TCPSocket.new(@host, @port).tap do |socket|
           socket.sync = sync unless sync.nil?
         end
       end
 
-      def ssl_connect
-        non_ssl_connect
-        #openssl_cert = OpenSSL::X509::Certificate.new(::File.read(@ssl_certificate))
-        @io = OpenSSL::SSL::SSLSocket.new(@io)
-        @io.connect
+      def ssl_io
+        OpenSSL::SSL::SSLSocket.new(tcp_io, ssl_context)
+      end
+
+      def certificate_context
+        return unless @ssl_certificate
+        @certificate_context ||= OpenSSL::SSL::SSLContext.new.tap do |ctx|
+          ctx.set_params(cert: @ssl_certificate)
+        end
+      end
+
+      def verify_hostname?
+        return false unless ssl_context
+        !! @verify_hostname
+      end
+
+      def verify_hostname!
+        @io.post_connection_check(hostname) if verify_hostname?
+      end
+
+      def hostname
+        if String === @verify_hostname
+          @verify_hostname
+        else
+          @host
+        end
       end
     end
   end

data/lib/logstash-logger/tagged_logging.rb

@@ -19,7 +19,7 @@ module LogStashLogger
       end
 
       def push_tags(*tags)
-        tags.flatten.reject(&:empty?).tap do |new_tags|
+        tags.flatten.reject{ |t| t.nil? || t.empty? }.tap do |new_tags|
           current_tags.concat new_tags
         end
       end

data/lib/logstash-logger/version.rb

@@ -1,3 +1,3 @@
 module LogStashLogger
-  VERSION = "0.22.1"
+  VERSION = "0.23.0"
 end

data/spec/device/tcp_spec.rb

@@ -12,6 +12,8 @@ describe LogStashLogger::Device::TCP do
 
     allow(OpenSSL::SSL::SSLSocket).to receive(:new) { ssl_socket }
     allow(ssl_socket).to receive(:connect)
+    allow(ssl_socket).to receive(:post_connection_check)
+    allow(ssl_tcp_device).to receive(:warn)
   end
 
   context "when not using SSL" do
@@ -23,6 +25,10 @@ describe LogStashLogger::Device::TCP do
     it "returns false for #use_ssl?" do
       expect(tcp_device.use_ssl?).to be_falsey
     end
+
+    it "exposes the TCP socket via #io" do
+      expect(tcp_device.io).to eq tcp_socket
+    end
   end
 
   context "when using SSL" do
@@ -31,8 +37,84 @@ describe LogStashLogger::Device::TCP do
       ssl_tcp_device.write('test')
     end
 
-    it "returns false for #use_ssl?" do
+    it "returns true for #use_ssl?" do
       expect(ssl_tcp_device.use_ssl?).to be_truthy
     end
+
+    it "exposes the SSL socket via #io" do
+      expect(ssl_tcp_device.io).to eq ssl_socket
+    end
+
+    context 'hostname validation' do
+      let(:ssl_context) { double('test_ssl_context', verify_mode: OpenSSL::SSL::VERIFY_PEER) }
+      let(:ssl_tcp_options) { { type: :tcp, port: port, sync: true, ssl_context: ssl_context } }
+
+      context 'is enabled by default' do
+        let(:ssl_tcp_device) { LogStashLogger::Device.new(ssl_tcp_options) }
+
+        it 'validates' do
+          expect(ssl_tcp_device.send(:verify_hostname?)).to be_truthy
+          expect(ssl_socket).to receive(:post_connection_check).with HOST
+          ssl_tcp_device.connect
+        end
+      end
+
+      context 'is disabled explicitly' do
+        let(:ssl_tcp_device) { LogStashLogger::Device.new(ssl_tcp_options.merge(verify_hostname: false)) }
+
+        it 'does not validate' do
+          expect(ssl_tcp_device.send(:verify_hostname?)).to be_falsey
+          expect(ssl_socket).not_to receive(:post_connection_check)
+          ssl_tcp_device.connect
+        end
+      end
+
+      context 'is implicitly enabled by providing a hostname' do
+        let(:hostname) { 'www.example.com' }
+        let(:ssl_tcp_device) { LogStashLogger::Device.new(ssl_tcp_options.merge(verify_hostname: hostname)) }
+
+        it 'validates with supplied hostname' do
+          expect(ssl_socket).to receive(:post_connection_check).with hostname
+          ssl_tcp_device.connect
+        end
+      end
+    end
+
+    context 'with a provided SSL context' do
+      let(:ssl_context) { double('test_ssl_context', verify_mode: OpenSSL::SSL::VERIFY_PEER) }
+      let(:ssl_tcp_device) { LogStashLogger::Device.new(type: :tcp, port: port, sync: true, ssl_context: ssl_context) }
+
+      it 'creates the socket using that context' do
+        expect(OpenSSL::SSL::SSLSocket).to receive(:new).with(tcp_socket, ssl_context)
+        ssl_tcp_device.connect
+      end
+
+      it 'implicitly sets @use_ssl to true' do
+        expect(ssl_tcp_device.use_ssl?).to be_truthy
+      end
+
+      context 'and :ssl_enable explicitly set to false' do
+        let(:ssl_tcp_device) { LogStashLogger::Device.new(type: :tcp, port: port, sync: true, ssl_enable: false, ssl_context: ssl_context) }
+
+        it 'explicitly sets @use_ssl to false' do
+          expect(ssl_tcp_device.use_ssl?).to be_falsey
+        end
+      end
+    end
+
+    context 'without a provided SSL context' do
+      it 'ssl_context returns nil' do
+        expect(ssl_tcp_device.ssl_context).to be_nil
+      end
+    end
+
+    context 'only providing a certificate file' do
+      let(:ssl_tcp_device) { LogStashLogger::Device.new(type: :tcp, port: port, ssl_enable: true, sync: true, ssl_certificate: '/path/to/cert.pem') }
+
+      it 'implicitly uses a context with the configured certificate' do
+        expect(ssl_tcp_device.ssl_context.cert).to eq('/path/to/cert.pem')
+      end
+    end
   end
+
 end

data/spec/tagged_logging_spec.rb

@@ -29,4 +29,4 @@ describe LogStashLogger do
       logger.info(message)
     end
   end
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-logger
 version: !ruby/object:Gem::Version
-  version: 0.22.1
+  version: 0.23.0
 platform: ruby
 authors:
 - David Butler
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-25 00:00:00.000000000 Z
+date: 2017-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -171,8 +171,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".codeclimate.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - Appraisals
 - CHANGELOG.md