logstash-filter-ruby icon indicating copy to clipboard operation
logstash-filter-ruby copied to clipboard

Published 20 hours ago verified publisher icon logstash-plugins

`tag_on_exception` configuration parameter is an unvalidated string.

Open robbavey opened this issue 2 years ago • 0 comments

The tag_on_exception configuration parameter is not validated, which allows users to add invalid values, which will go undetected until an exception occurs inside the plugin, which will then kill the plugin instead of catching the exception, and tagging the event. This is particularly problematic as the parameter is defined as a string type - it is a common pattern in other Logstash plugins to allow multiple tags to be added by configuring such settings with an array of strings, but doing that in this plugin will cause the exception to escape, and the plugin to crash:

Simple Ruby filter with a single exception correctly tags the event and carries on:

filter { ruby {  code => "bogus.get" tag_on_exception => "failed"}}

[2023-06-15T12:24:09,986][ERROR][logstash.filters.ruby    ][main][4d7292b9d4c8703ca0ea53c1467ec7c63d156961c9f2b2e13915a348e8642b1e] Ruby exception occurred: undefined local variable or method `bogus' for #<LogStash::Filters::Ruby:0x75d5a06a> {:class=>"NameError", :backtrace=>["(ruby filter code):2:in `block in filter_method'", "/Users/robbavey/logstash-8.7.0/vendor/bundle/jruby/2.6.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/Users/robbavey/logstash-8.7.0/vendor/bundle/jruby/2.6.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1865:in `each'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:133:in `multi_filter'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/java_pipeline.rb:304:in `block in start_workers'"]}
{
      "@version" => "1",
          "host" => {
        "hostname" => "robbaveys-MacBook-Pro.local"
    },
         "event" => {
        "original" => "1"
    },
    "@timestamp" => 2023-06-15T16:20:06.717245Z,
       "message" => "1",
          "tags" => [
        [0] "failed"
    ]
}

Changing that to an array:

filter { ruby {  code => "bogus.get" tag_on_exception => ["failed", "really_failed"]}}

Causes the exception to escape and the pipeline to shutdown:

[2023-06-15T12:26:30,755][ERROR][logstash.filters.ruby    ][main][a24ce623f875d2bbe4ea00758a4db30ee2636e5a91440579aafba607364911bc] Ruby exception occurred: undefined local variable or method `bogus' for #<LogStash::Filters::Ruby:0x3d1273e2> {:class=>"NameError", :backtrace=>["(ruby filter code):2:in `block in filter_method'", "/Users/robbavey/logstash-8.7.0/vendor/bundle/jruby/2.6.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/Users/robbavey/logstash-8.7.0/vendor/bundle/jruby/2.6.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1865:in `each'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:133:in `multi_filter'", "/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/java_pipeline.rb:304:in `block in start_workers'"]}
[2023-06-15T12:26:30,757][ERROR][logstash.javapipeline    ][main] Pipeline worker error, the pipeline will be stopped {:pipeline_id=>"main", :error=>"(TypeError) no implicit conversion of Array into String", :exception=>Java::OrgJrubyExceptions::TypeError, :backtrace=>["RUBY.inline_script(/Users/robbavey/logstash-8.7.0/vendor/bundle/jruby/2.6.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:105)", "RUBY.filter(/Users/robbavey/logstash-8.7.0/vendor/bundle/jruby/2.6.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89)", "RUBY.do_filter(/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:159)", "RUBY.multi_filter(/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:178)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1865)", "RUBY.multi_filter(/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/filters/base.rb:175)", "org.logstash.config.ir.compiler.AbstractFilterDelegatorExt.multi_filter(org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:133)", "RUBY.start_workers(/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/java_pipeline.rb:304)"], :thread=>"#<Thread:0x3258cee5@/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/java_pipeline.rb:134 sleep>"}
[2023-06-15T12:26:30,758][WARN ][logstash.javapipeline    ][main] Waiting for input plugin to close {:pipeline_id=>"main", :thread=>"#<Thread:0x3258cee5@/Users/robbavey/logstash-8.7.0/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2023-06-15T12:26:33,363][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main"}
[2023-06-15T12:26:33,838][INFO ][logstash.pipelinesregistry] Removed pipeline from registry successfully {:pipeline_id=>:main}

robbavey avatar Jun 15 '23 16:06 robbavey