├── .github ├── CONTRIBUTING.md ├── ISSUE_TEMPLATE.md └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── CONTRIBUTORS ├── DEVELOPER.md ├── Gemfile ├── LICENSE ├── NOTICE.TXT ├── README.md ├── Rakefile ├── docs └── index.asciidoc ├── lib └── logstash │ └── inputs │ └── github.rb ├── logstash-input-github.gemspec └── spec ├── fixtures └── event_create.json └── inputs └── github_spec.rb /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Logstash 2 | 3 | All contributions are welcome: ideas, patches, documentation, bug reports, 4 | complaints, etc! 5 | 6 | Programming is not a required skill, and there are many ways to help out! 7 | It is more important to us that you are able to contribute. 8 | 9 | That said, some basic guidelines, which you are free to ignore :) 10 | 11 | ## Want to learn? 12 | 13 | Want to lurk about and see what others are doing with Logstash? 14 | 15 | * The irc channel (#logstash on irc.freenode.org) is a good place for this 16 | * The [forum](https://discuss.elastic.co/c/logstash) is also 17 | great for learning from others. 18 | 19 | ## Got Questions? 20 | 21 | Have a problem you want Logstash to solve for you? 22 | 23 | * You can ask a question in the [forum](https://discuss.elastic.co/c/logstash) 24 | * Alternately, you are welcome to join the IRC channel #logstash on 25 | irc.freenode.org and ask for help there! 26 | 27 | ## Have an Idea or Feature Request? 28 | 29 | * File a ticket on [GitHub](https://github.com/elastic/logstash/issues). Please remember that GitHub is used only for issues and feature requests. If you have a general question, the [forum](https://discuss.elastic.co/c/logstash) or IRC would be the best place to ask. 30 | 31 | ## Something Not Working? Found a Bug? 32 | 33 | If you think you found a bug, it probably is a bug. 34 | 35 | * If it is a general Logstash or a pipeline issue, file it in [Logstash GitHub](https://github.com/elasticsearch/logstash/issues) 36 | * If it is specific to a plugin, please file it in the respective repository under [logstash-plugins](https://github.com/logstash-plugins) 37 | * or ask the [forum](https://discuss.elastic.co/c/logstash). 38 | 39 | # Contributing Documentation and Code Changes 40 | 41 | If you have a bugfix or new feature that you would like to contribute to 42 | logstash, and you think it will take more than a few minutes to produce the fix 43 | (ie; write code), it is worth discussing the change with the Logstash users and developers first! You can reach us via [GitHub](https://github.com/elastic/logstash/issues), the [forum](https://discuss.elastic.co/c/logstash), or via IRC (#logstash on freenode irc) 44 | Please note that Pull Requests without tests will not be merged. If you would like to contribute but do not have experience with writing tests, please ping us on IRC/forum or create a PR and ask our help. 45 | 46 | ## Contributing to plugins 47 | 48 | Check our [documentation](https://www.elastic.co/guide/en/logstash/current/contributing-to-logstash.html) on how to contribute to plugins or write your own! It is super easy! 49 | 50 | ## Contribution Steps 51 | 52 | 1. Test your changes! [Run](https://github.com/elastic/logstash#testing) the test suite 53 | 2. Please make sure you have signed our [Contributor License 54 | Agreement](https://www.elastic.co/contributor-agreement/). We are not 55 | asking you to assign copyright to us, but to give us the right to distribute 56 | your code without restriction. We ask this of all contributors in order to 57 | assure our users of the origin and continuing existence of the code. You 58 | only need to sign the CLA once. 59 | 3. Send a pull request! Push your changes to your fork of the repository and 60 | [submit a pull 61 | request](https://help.github.com/articles/using-pull-requests). In the pull 62 | request, describe what your changes do and mention any bugs/issues related 63 | to the pull request. 64 | 65 | 66 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please post all product and debugging questions on our [forum](https://discuss.elastic.co/c/logstash). Your questions will reach our wider community members there, and if we confirm that there is a bug, then we can open a new issue here. 2 | 3 | For all general issues, please provide the following details for fast resolution: 4 | 5 | - Version: 6 | - Operating System: 7 | - Config File (if you have sensitive info, please remove it): 8 | - Sample Data: 9 | - Steps to Reproduce: 10 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Thanks for contributing to Logstash! If you haven't already signed our CLA, here's a handy link: https://www.elastic.co/contributor-agreement/ 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.lock 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | import: 2 | - logstash-plugins/.ci:travis/travis.yml@1.x -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 3.0.11 2 | - Change `secret_token` config type to `password` for better protection from leaks in debug logs [#23](https://github.com/logstash-plugins/logstash-input-github/pull/23) 3 | 4 | ## 3.0.10 5 | - Changed the transitive dependency `http_parser.rb` (ftw) version to `~-> 0.6.0` as newer versions are published without the java support. 6 | - Fixed crashing when the request body payload is not a JSON object. [#24](https://github.com/logstash-plugins/logstash-input-github/pull/24) 7 | 8 | ## 3.0.9 9 | - Bump ftw dependency to 0.0.49, for compatibility with Logstash 7.x 10 | 11 | ## 3.0.8 12 | - Require x-hub-signature header if secret_token defined 13 | 14 | ## 3.0.7 15 | - Docs: Set the default_codec doc attribute. 16 | 17 | ## 3.0.6 18 | - Improve malformed-input handling by using updated FTW 19 | - Improve webserver crash recovery 20 | - Properly support plugin stopping & reloading 21 | 22 | ## 3.0.5 23 | - Update gemspec summary 24 | 25 | ## 3.0.4 26 | - Fix some documentation issues 27 | 28 | ## 3.0.1 29 | - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99 30 | 31 | ## 3.0.0 32 | - breaking: Updated plugin to use new Java Event APIs 33 | 34 | ## 2.0.5 35 | - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash 36 | 37 | ## 2.0.4 38 | - New dependency requirements for logstash-core for the 5.0 release 39 | 40 | ## 2.0.0 41 | - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 42 | instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895 43 | - Dependency on logstash-core update to 2.0 44 | -------------------------------------------------------------------------------- /CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | The following is a list of people who have contributed ideas, code, bug 2 | reports, or in general have helped logstash along its way. 3 | 4 | Contributors: 5 | * Jason Kendall (coolacid) 6 | * Pier-Hugues Pellerin (ph) 7 | 8 | Note: If you've sent us patches, bug reports, or otherwise contributed to 9 | Logstash, and you aren't on the list above and want to be, please let us know 10 | and we'll make sure you're here. Contributions from folks like you are what make 11 | open source awesome. 12 | -------------------------------------------------------------------------------- /DEVELOPER.md: -------------------------------------------------------------------------------- 1 | logstash-github 2 | =================== 3 | 4 | This plugin accepts github webhook connections and passes the data into the logstash pipeline. 5 | 6 | Usage 7 | ===== 8 | 9 | Example config: 10 | 11 | input { 12 | stdin {} 13 | github { 14 | port => 8080 15 | } 16 | } 17 | 18 | output { 19 | stdout { 20 | codec => rubydebug 21 | } 22 | } 23 | 24 | Example Test Case using Curl: 25 | 26 | curl -H "Content-Type: application/json" -d '{"Something":"xyz","somethingelse":"xyz"}' http://localhost:8080/api/login 27 | 28 | Configuration 29 | ============= 30 | 31 | * ip - The IP you want to listen on (Default: 0.0.0.0) 32 | * port - The port you want to listen on 33 | * secret_token - The shared secret set for github webhook 34 | * drop_invalid - Drop events that don't match the secret_token 35 | 36 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gemspec 4 | 5 | logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash" 6 | use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1" 7 | 8 | if Dir.exist?(logstash_path) && use_logstash_source 9 | gem 'logstash-core', :path => "#{logstash_path}/logstash-core" 10 | gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api" 11 | end 12 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright 2020 Elastic and contributors 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /NOTICE.TXT: -------------------------------------------------------------------------------- 1 | Elasticsearch 2 | Copyright 2012-2015 Elasticsearch 3 | 4 | This product includes software developed by The Apache Software 5 | Foundation (http://www.apache.org/). -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Logstash Plugin 2 | 3 | [![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-input-github.svg)](https://travis-ci.com/logstash-plugins/logstash-input-github) 4 | 5 | This is a plugin for [Logstash](https://github.com/elastic/logstash). 6 | 7 | It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. 8 | 9 | ## Documentation 10 | 11 | Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/). 12 | 13 | - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive 14 | - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide 15 | 16 | ## Need Help? 17 | 18 | Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum. 19 | 20 | ## Developing 21 | 22 | ### 1. Plugin Developement and Testing 23 | 24 | #### Code 25 | - To get started, you'll need JRuby with the Bundler gem installed. 26 | 27 | - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example). 28 | 29 | - Install dependencies 30 | ```sh 31 | bundle install 32 | ``` 33 | 34 | #### Test 35 | 36 | - Update your dependencies 37 | 38 | ```sh 39 | bundle install 40 | ``` 41 | 42 | - Run tests 43 | 44 | ```sh 45 | bundle exec rspec 46 | ``` 47 | 48 | ### 2. Running your unpublished Plugin in Logstash 49 | 50 | #### 2.1 Run in a local Logstash clone 51 | 52 | - Edit Logstash `Gemfile` and add the local plugin path, for example: 53 | ```ruby 54 | gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome" 55 | ``` 56 | - Install plugin 57 | ```sh 58 | # Logstash 2.3 and higher 59 | bin/logstash-plugin install --no-verify 60 | 61 | # Prior to Logstash 2.3 62 | bin/plugin install --no-verify 63 | 64 | ``` 65 | - Run Logstash with your plugin 66 | ```sh 67 | bin/logstash -e 'filter {awesome {}}' 68 | ``` 69 | At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash. 70 | 71 | #### 2.2 Run in an installed Logstash 72 | 73 | You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using: 74 | 75 | - Build your plugin gem 76 | ```sh 77 | gem build logstash-filter-awesome.gemspec 78 | ``` 79 | - Install the plugin from the Logstash home 80 | ```sh 81 | # Logstash 2.3 and higher 82 | bin/logstash-plugin install --no-verify 83 | 84 | # Prior to Logstash 2.3 85 | bin/plugin install --no-verify 86 | 87 | ``` 88 | - Start Logstash and proceed to test the plugin 89 | 90 | ## Contributing 91 | 92 | All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin. 93 | 94 | Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here. 95 | 96 | It is more important to the community that you are able to contribute. 97 | 98 | For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file. -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | @files=[] 2 | 3 | task :default do 4 | system("rake -T") 5 | end 6 | 7 | require "logstash/devutils/rake" 8 | -------------------------------------------------------------------------------- /docs/index.asciidoc: -------------------------------------------------------------------------------- 1 | :plugin: github 2 | :type: input 3 | :default_codec: plain 4 | 5 | /////////////////////////////////////////// 6 | START - GENERATED VARIABLES, DO NOT EDIT! 7 | /////////////////////////////////////////// 8 | :version: %VERSION% 9 | :release_date: %RELEASE_DATE% 10 | :changelog_url: %CHANGELOG_URL% 11 | :include_path: ../../../../logstash/docs/include 12 | /////////////////////////////////////////// 13 | END - GENERATED VARIABLES, DO NOT EDIT! 14 | /////////////////////////////////////////// 15 | 16 | [id="plugins-{type}s-{plugin}"] 17 | 18 | === Github input plugin 19 | 20 | include::{include_path}/plugin_header.asciidoc[] 21 | 22 | ==== Description 23 | 24 | Read events from github webhooks 25 | 26 | [id="plugins-{type}s-{plugin}-options"] 27 | ==== Github Input Configuration Options 28 | 29 | This plugin supports the following configuration options plus the <> described later. 30 | 31 | [cols="<,<,<",options="header",] 32 | |======================================================================= 33 | |Setting |Input type|Required 34 | | <> |<>|No 35 | | <> |<>|No 36 | | <> |<>|Yes 37 | | <> |<>|No 38 | |======================================================================= 39 | 40 | Also see <> for a list of options supported by all 41 | input plugins. 42 | 43 |   44 | 45 | [id="plugins-{type}s-{plugin}-drop_invalid"] 46 | ===== `drop_invalid` 47 | 48 | * Value type is <> 49 | * Default value is `false` 50 | 51 | If Secret is defined, we drop the events that don't match. 52 | Otherwise, we'll just add an invalid tag 53 | 54 | [id="plugins-{type}s-{plugin}-ip"] 55 | ===== `ip` 56 | 57 | * Value type is <> 58 | * Default value is `"0.0.0.0"` 59 | 60 | The ip to listen on 61 | 62 | [id="plugins-{type}s-{plugin}-port"] 63 | ===== `port` 64 | 65 | * This is a required setting. 66 | * Value type is <> 67 | * There is no default value for this setting. 68 | 69 | The port to listen on 70 | 71 | [id="plugins-{type}s-{plugin}-secret_token"] 72 | ===== `secret_token` 73 | 74 | * Value type is <> 75 | * There is no default value for this setting. 76 | 77 | Your GitHub Secret Token for the webhook 78 | 79 | 80 | 81 | [id="plugins-{type}s-{plugin}-common-options"] 82 | include::{include_path}/{type}.asciidoc[] 83 | 84 | :default_codec!: -------------------------------------------------------------------------------- /lib/logstash/inputs/github.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | require "logstash/inputs/base" 3 | require "logstash/namespace" 4 | require "socket" 5 | require "json" 6 | require "rack" 7 | 8 | # Read events from github webhooks 9 | class LogStash::Inputs::GitHub < LogStash::Inputs::Base 10 | config_name "github" 11 | 12 | # The ip to listen on 13 | config :ip, :validate => :string, :default => "0.0.0.0" 14 | 15 | # The port to listen on 16 | config :port, :validate => :number, :required => true 17 | 18 | # Your GitHub Secret Token for the webhook 19 | config :secret_token, :validate => :password, :required => false 20 | 21 | # If Secret is defined, we drop the events that don't match. 22 | # Otherwise, we'll just add an invalid tag 23 | config :drop_invalid, :validate => :boolean, :default => false 24 | 25 | def register 26 | require "ftw" 27 | end # def register 28 | 29 | public 30 | def run(output_queue) 31 | @server = FTW::WebServer.new(@ip, @port) do |request, response| 32 | body = request.read_body 33 | event = build_event_from_request(body, request.headers.to_hash) 34 | valid_event = verify_signature(event,body) 35 | if !valid_event && @drop_invalid 36 | @logger.info("Dropping invalid Github message") 37 | else 38 | decorate(event) 39 | output_queue << event 40 | end 41 | response.status = 200 42 | response.body = "Accepted!" 43 | end 44 | @server.run 45 | rescue Exception => original_exception 46 | # If our server crashes, it may not have cleaned up after itself; 47 | # since `FTW::WebServer#stop` is idempotent, make one last attempt 48 | # before propagating the original exception. 49 | @server && @server.stop rescue logger.error("Error while stopping FTW::WebServer", exception: $!.message, backtrace: $!.backtrace) 50 | 51 | raise original_exception 52 | end # def run 53 | 54 | def build_event_from_request(body, headers) 55 | begin 56 | data = JSON.parse(body) 57 | # The JSON specification defines single values as valid JSONs, it can be a string in double quotes, 58 | # a number, true or false or null. When the body is parsed, those values are transformed into its 59 | # corresponding types. When those types aren't a Hash (aka object), it breaks the LogStash::Event 60 | # contract and crashes. 61 | if data.is_a?(::Hash) 62 | event = LogStash::Event.new(data) 63 | else 64 | event = LogStash::Event.new("message" => body, "tags" => "_invalidjsonobject") 65 | end 66 | rescue JSON::ParserError => e 67 | @logger.info("JSON parse failure. Falling back to plain-text", :error => e, :data => body) 68 | event = LogStash::Event.new("message" => body, "tags" => "_invalidjson") 69 | end 70 | event.set('headers', headers) 71 | return event 72 | end 73 | 74 | def verify_signature(event,body) 75 | # skip validation if we have no secret token 76 | return true unless @secret_token 77 | 78 | sign_header = event.get("[headers][x-hub-signature]") 79 | if sign_header 80 | hash = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), @secret_token.value, body) 81 | event.set("hash", hash) 82 | return true if Rack::Utils.secure_compare(hash, sign_header) 83 | end 84 | 85 | event.tag("_Invalid_Github_Message") 86 | return false 87 | end 88 | 89 | def stop 90 | @server && @server.stop 91 | end # def stop 92 | 93 | end # class LogStash::Inputs::Github 94 | -------------------------------------------------------------------------------- /logstash-input-github.gemspec: -------------------------------------------------------------------------------- 1 | Gem::Specification.new do |s| 2 | 3 | s.name = 'logstash-input-github' 4 | s.version = '3.0.11' 5 | s.licenses = ['Apache License (2.0)'] 6 | s.summary = "Reads events from a GitHub webhook" 7 | s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program" 8 | s.authors = ["Elastic"] 9 | s.email = 'jason.kendall@elastic.co' 10 | s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html" 11 | s.require_paths = ["lib"] 12 | 13 | # Files 14 | s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"] 15 | 16 | # Tests 17 | s.test_files = s.files.grep(%r{^(test|spec|features)/}) 18 | 19 | # Special flag to let us know this is actually a logstash plugin 20 | s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" } 21 | 22 | # Gem dependencies 23 | s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99" 24 | 25 | s.add_runtime_dependency 'addressable' 26 | s.add_runtime_dependency 'logstash-codec-plain' 27 | s.add_runtime_dependency 'http_parser.rb', '~> 0.6.0' 28 | s.add_runtime_dependency 'ftw', '~> 0.0.49' 29 | 30 | s.add_development_dependency 'logstash-devutils' 31 | end 32 | -------------------------------------------------------------------------------- /spec/fixtures/event_create.json: -------------------------------------------------------------------------------- 1 | { 2 | "ref": "0.0.1", 3 | "ref_type": "tag", 4 | "master_branch": "master", 5 | "description": "", 6 | "pusher_type": "user", 7 | "repository": { 8 | "id": 35129377, 9 | "name": "public-repo", 10 | "full_name": "baxterthehacker/public-repo", 11 | "owner": { 12 | "login": "baxterthehacker", 13 | "id": 6752317, 14 | "avatar_url": "https://avatars.githubusercontent.com/u/6752317?v=3", 15 | "gravatar_id": "", 16 | "url": "https://api.github.com/users/baxterthehacker", 17 | "html_url": "https://github.com/baxterthehacker", 18 | "followers_url": "https://api.github.com/users/baxterthehacker/followers", 19 | "following_url": "https://api.github.com/users/baxterthehacker/following{/other_user}", 20 | "gists_url": "https://api.github.com/users/baxterthehacker/gists{/gist_id}", 21 | "starred_url": "https://api.github.com/users/baxterthehacker/starred{/owner}{/repo}", 22 | "subscriptions_url": "https://api.github.com/users/baxterthehacker/subscriptions", 23 | "organizations_url": "https://api.github.com/users/baxterthehacker/orgs", 24 | "repos_url": "https://api.github.com/users/baxterthehacker/repos", 25 | "events_url": "https://api.github.com/users/baxterthehacker/events{/privacy}", 26 | "received_events_url": "https://api.github.com/users/baxterthehacker/received_events", 27 | "type": "User", 28 | "site_admin": false 29 | }, 30 | "private": false, 31 | "html_url": "https://github.com/baxterthehacker/public-repo", 32 | "description": "", 33 | "fork": false, 34 | "url": "https://api.github.com/repos/baxterthehacker/public-repo", 35 | "forks_url": "https://api.github.com/repos/baxterthehacker/public-repo/forks", 36 | "keys_url": "https://api.github.com/repos/baxterthehacker/public-repo/keys{/key_id}", 37 | "collaborators_url": "https://api.github.com/repos/baxterthehacker/public-repo/collaborators{/collaborator}", 38 | "teams_url": "https://api.github.com/repos/baxterthehacker/public-repo/teams", 39 | "hooks_url": "https://api.github.com/repos/baxterthehacker/public-repo/hooks", 40 | "issue_events_url": "https://api.github.com/repos/baxterthehacker/public-repo/issues/events{/number}", 41 | "events_url": "https://api.github.com/repos/baxterthehacker/public-repo/events", 42 | "assignees_url": "https://api.github.com/repos/baxterthehacker/public-repo/assignees{/user}", 43 | "branches_url": "https://api.github.com/repos/baxterthehacker/public-repo/branches{/branch}", 44 | "tags_url": "https://api.github.com/repos/baxterthehacker/public-repo/tags", 45 | "blobs_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/blobs{/sha}", 46 | "git_tags_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/tags{/sha}", 47 | "git_refs_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/refs{/sha}", 48 | "trees_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/trees{/sha}", 49 | "statuses_url": "https://api.github.com/repos/baxterthehacker/public-repo/statuses/{sha}", 50 | "languages_url": "https://api.github.com/repos/baxterthehacker/public-repo/languages", 51 | "stargazers_url": "https://api.github.com/repos/baxterthehacker/public-repo/stargazers", 52 | "contributors_url": "https://api.github.com/repos/baxterthehacker/public-repo/contributors", 53 | "subscribers_url": "https://api.github.com/repos/baxterthehacker/public-repo/subscribers", 54 | "subscription_url": "https://api.github.com/repos/baxterthehacker/public-repo/subscription", 55 | "commits_url": "https://api.github.com/repos/baxterthehacker/public-repo/commits{/sha}", 56 | "git_commits_url": "https://api.github.com/repos/baxterthehacker/public-repo/git/commits{/sha}", 57 | "comments_url": "https://api.github.com/repos/baxterthehacker/public-repo/comments{/number}", 58 | "issue_comment_url": "https://api.github.com/repos/baxterthehacker/public-repo/issues/comments{/number}", 59 | "contents_url": "https://api.github.com/repos/baxterthehacker/public-repo/contents/{+path}", 60 | "compare_url": "https://api.github.com/repos/baxterthehacker/public-repo/compare/{base}...{head}", 61 | "merges_url": "https://api.github.com/repos/baxterthehacker/public-repo/merges", 62 | "archive_url": "https://api.github.com/repos/baxterthehacker/public-repo/{archive_format}{/ref}", 63 | "downloads_url": "https://api.github.com/repos/baxterthehacker/public-repo/downloads", 64 | "issues_url": "https://api.github.com/repos/baxterthehacker/public-repo/issues{/number}", 65 | "pulls_url": "https://api.github.com/repos/baxterthehacker/public-repo/pulls{/number}", 66 | "milestones_url": "https://api.github.com/repos/baxterthehacker/public-repo/milestones{/number}", 67 | "notifications_url": "https://api.github.com/repos/baxterthehacker/public-repo/notifications{?since,all,participating}", 68 | "labels_url": "https://api.github.com/repos/baxterthehacker/public-repo/labels{/name}", 69 | "releases_url": "https://api.github.com/repos/baxterthehacker/public-repo/releases{/id}", 70 | "created_at": "2015-05-05T23:40:12Z", 71 | "updated_at": "2015-05-05T23:40:30Z", 72 | "pushed_at": "2015-05-05T23:40:38Z", 73 | "git_url": "git://github.com/baxterthehacker/public-repo.git", 74 | "ssh_url": "git@github.com:baxterthehacker/public-repo.git", 75 | "clone_url": "https://github.com/baxterthehacker/public-repo.git", 76 | "svn_url": "https://github.com/baxterthehacker/public-repo", 77 | "homepage": null, 78 | "size": 0, 79 | "stargazers_count": 0, 80 | "watchers_count": 0, 81 | "language": null, 82 | "has_issues": true, 83 | "has_downloads": true, 84 | "has_wiki": true, 85 | "has_pages": true, 86 | "forks_count": 0, 87 | "mirror_url": null, 88 | "open_issues_count": 2, 89 | "forks": 0, 90 | "open_issues": 2, 91 | "watchers": 0, 92 | "default_branch": "master" 93 | }, 94 | "sender": { 95 | "login": "baxterthehacker", 96 | "id": 6752317, 97 | "avatar_url": "https://avatars.githubusercontent.com/u/6752317?v=3", 98 | "gravatar_id": "", 99 | "url": "https://api.github.com/users/baxterthehacker", 100 | "html_url": "https://github.com/baxterthehacker", 101 | "followers_url": "https://api.github.com/users/baxterthehacker/followers", 102 | "following_url": "https://api.github.com/users/baxterthehacker/following{/other_user}", 103 | "gists_url": "https://api.github.com/users/baxterthehacker/gists{/gist_id}", 104 | "starred_url": "https://api.github.com/users/baxterthehacker/starred{/owner}{/repo}", 105 | "subscriptions_url": "https://api.github.com/users/baxterthehacker/subscriptions", 106 | "organizations_url": "https://api.github.com/users/baxterthehacker/orgs", 107 | "repos_url": "https://api.github.com/users/baxterthehacker/repos", 108 | "events_url": "https://api.github.com/users/baxterthehacker/events{/privacy}", 109 | "received_events_url": "https://api.github.com/users/baxterthehacker/received_events", 110 | "type": "User", 111 | "site_admin": false 112 | } 113 | } -------------------------------------------------------------------------------- /spec/inputs/github_spec.rb: -------------------------------------------------------------------------------- 1 | require "logstash/devutils/rspec/spec_helper" 2 | require "logstash/plugin" 3 | require "logstash/inputs/github" 4 | 5 | describe LogStash::Inputs::GitHub do 6 | 7 | let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999} ) } 8 | 9 | it "register without errors" do 10 | expect { plugin.register }.to_not raise_error 11 | end 12 | 13 | describe "building Logstash event from webhook" do 14 | let(:body) {IO.read("spec/fixtures/event_create.json")} 15 | let(:headers) { {"fake_header" => "fake_value"} } 16 | let(:event) {plugin.build_event_from_request(body,headers)} 17 | 18 | it "initialize event from webhook body" do 19 | JSON.parse(body).each do |k,v| 20 | expect(event.get(k)).to eq(v) 21 | end 22 | end 23 | 24 | it "copy webhook http headers to event[headers]" do 25 | expect(event.get('headers')).to eq (headers) 26 | end 27 | end 28 | 29 | describe "verify webhook signature if token provided" do 30 | let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => ::LogStash::Util::Password.new("my_secret")} ) } 31 | let(:body) {IO.read("spec/fixtures/event_create.json")} 32 | let(:headers) { {"x-hub-signature" => "hash"} } 33 | let(:event) {plugin.build_event_from_request(body,headers)} 34 | let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" } 35 | 36 | it "reject event without signature" do 37 | event.set('headers',{}) 38 | expect(plugin.verify_signature(event,body)).to eq(false) 39 | expect(event.get("hash")).to be_nil 40 | expect(event.get("tags")).to eq(["_Invalid_Github_Message"]) 41 | end 42 | 43 | it "reject event with invalid signature" do 44 | event.set('headers',{"x-hub-signature" => "invalid"}) 45 | expect(plugin.verify_signature(event,body)).to eq(false) 46 | expect(event.get("hash")).to eq(hash) 47 | expect(event.get("tags")).to eq(["_Invalid_Github_Message"]) 48 | end 49 | 50 | it "accept event with valid signature" do 51 | event.set('headers', {"x-hub-signature" => hash}) 52 | expect(plugin.verify_signature(event,body)).to eq(true) 53 | expect(event.get("hash")).to eq(hash) 54 | expect(event.get("tags")).to be_nil 55 | end 56 | 57 | end 58 | 59 | describe "don't validate webhook if token missing" do 60 | let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999} ) } 61 | let(:body) {IO.read("spec/fixtures/event_create.json")} 62 | let(:headers) { {"x-hub-signature" => "hash"} } 63 | let(:event) {plugin.build_event_from_request(body,headers)} 64 | let(:hash) { "sha1=43b113fc453c47f1cd4d5b4ded2985581c00a715" } 65 | 66 | it "accept event without signature" do 67 | event.set('headers',{}) 68 | expect(plugin.verify_signature(event,body)).to eq(true) 69 | expect(event.get("hash")).to be_nil 70 | expect(event.get("tags")).to be_nil 71 | end 72 | 73 | it "accept event with invalid signature" do 74 | event.set('headers',{"x-hub-signature" => "invalid"}) 75 | expect(plugin.verify_signature(event,body)).to eq(true) 76 | expect(event.get("hash")).to be_nil 77 | expect(event.get("tags")).to be_nil 78 | end 79 | 80 | it "accept event with valid signature" do 81 | event.set('headers', {"x-hub-signature" => hash}) 82 | expect(plugin.verify_signature(event,body)).to eq(true) 83 | expect(event.get("hash")).to be_nil 84 | expect(event.get("tags")).to be_nil 85 | end 86 | 87 | end 88 | 89 | describe "verify event builder" do 90 | let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999} ) } 91 | let(:body) {"{}"} 92 | let(:event) {plugin.build_event_from_request(body, {})} 93 | 94 | context 'when request body is a minimal JSON value' do 95 | let(:body) {"123"} 96 | it 'should add the body string into the message field and tag' do 97 | expect(event.get("message")).to eq("123") 98 | expect(event.get("tags")).to eq("_invalidjsonobject") 99 | end 100 | end 101 | 102 | context 'when request body is a JSON object' do 103 | let(:body) {'{"action": "create"}'} 104 | it 'should parse the body' do 105 | expect(event.get("action")).to eq("create") 106 | end 107 | end 108 | end 109 | 110 | describe 'graceful shutdown' do 111 | context 'when underlying webserver crashes' do 112 | 113 | # Stubbing out our FTW::WebServer allows us to force it to raise an exception when we try to run it. 114 | let(:mock_webserver_class) { double('FTW::WebServer::class').as_null_object } 115 | let(:mock_webserver) { double('FTW::WebServer').as_null_object } 116 | before(:each) do 117 | stub_const('FTW::WebServer', mock_webserver_class) 118 | allow(mock_webserver_class).to receive(:new).and_return(mock_webserver) 119 | expect(mock_webserver).to receive(:run).and_raise('testing: intentional uncaught exception') 120 | end 121 | 122 | it 'makes an attempt to stop the webserver' do 123 | expect(mock_webserver).to receive(:stop) 124 | 125 | plugin.run([]) rescue nil 126 | end 127 | 128 | it 'propagates the original exception' do 129 | expect do 130 | plugin.run([]) 131 | end.to raise_exception('testing: intentional uncaught exception') 132 | end 133 | 134 | context 'and an attempt to stop the webserver also crashes' do 135 | let(:mock_logger) { double('Logger').as_null_object } 136 | before(:each) do 137 | allow(plugin).to receive(:logger).and_return(mock_logger) 138 | allow(mock_webserver).to receive(:stop).and_raise('yo dawg') 139 | end 140 | 141 | it 'logs helpfully' do 142 | expect(mock_logger).to receive(:error).with("Error while stopping FTW::WebServer", 143 | exception: 'yo dawg', backtrace: instance_of(Array)) 144 | 145 | plugin.run([]) rescue nil 146 | end 147 | 148 | it 'propagates the original exception' do 149 | expect do 150 | plugin.run([]) 151 | end.to raise_exception('testing: intentional uncaught exception') 152 | end 153 | end 154 | end 155 | end 156 | 157 | describe "debugging `secret_token`" do 158 | let(:plugin) { LogStash::Plugin.lookup("input", "github").new( {"port" => 9999, "secret_token" => ::LogStash::Util::Password.new("my_secret")} ) } 159 | 160 | it "should not show origin value" do 161 | expect(plugin.logger).to receive(:debug).with('') 162 | 163 | plugin.register 164 | plugin.logger.send(:debug, plugin.secret_token.to_s) 165 | end 166 | end 167 | end 168 | --------------------------------------------------------------------------------