Class: Fluent::Plugin::SanitizerFilter

Inherits:

Filter

• Object
• Filter
• Fluent::Plugin::SanitizerFilter

Defined in:

lib/fluent/plugin/filter_sanitizer.rb

Instance Method Summary

• #configure(conf) ⇒ Object
• #filter(tag, time, record) ⇒ Object
• #include_fqdn?(str) ⇒ Boolean
• #include_ipv4?(str) ⇒ Boolean
• #is_fqdn?(str) ⇒ Boolean
• #is_fqdn_port?(str) ⇒ Boolean
• #is_ipv4?(str) ⇒ Boolean
• #is_ipv4_port?(str) ⇒ Boolean
• #is_url?(str) ⇒ Boolean
• #sanitize_fqdn(str) ⇒ Object
• #sanitize_fqdn_port(str) ⇒ Object
• #sanitize_fqdn_url(str) ⇒ Object
• #sanitize_fqdn_val(v) ⇒ Object
• #sanitize_ipv4(str) ⇒ Object
• #sanitize_ipv4_port(str) ⇒ Object
• #sanitize_ipv4_url(str) ⇒ Object
• #sanitize_ipv4_val(v) ⇒ Object
• #sanitize_keyword(str, prefix) ⇒ Object
• #sanitize_keywords_val(v, keywords, prefix) ⇒ Object
• #sanitize_regex(str, prefix, regex) ⇒ Object
• #sanitize_regex_capture(str, prefix, regex, capture_group) ⇒ Object
• #sanitize_regex_val(v, prefix, regex) ⇒ Object
• #sanitize_regex_val_capture(v, prefix, regex, capture_group) ⇒ Object
• #sanitize_val(str, prefix) ⇒ Object
• #subtract_quotations(str) ⇒ Object

Instance Method Details

#configure(conf) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 51

def configure(conf)
  super 
  @salt = conf['hash_salt']
  @salt = "" if @salt.nil?
  @hash_scheme = conf['hash_scheme']
  @sanitize_func =
    case @hash_scheme
      when "sha1"
        Proc.new { |str| Digest::SHA1.hexdigest(@salt + str) }
      when "sha256"
        Proc.new { |str| Digest::SHA256.hexdigest(@salt +str) }
      when "sha384"
        Proc.new { |str| Digest::SHA384.hexdigest(@salt +str) }
      when "sha512"
        Proc.new { |str| Digest::SHA512.hexdigest(@salt +str) }
      else
        Proc.new { |str| Digest::MD5.hexdigest(@salt +str) }
    end

  @sanitizerules = []
  @rules.each do |rule|
    if rule.keys.empty?
      raise Fluent::ConfigError, "You need to specify at least one key in rule statement."
    else
      keys = rule.keys
    end
    
    if rule.pattern_ipv4 || !rule.pattern_ipv4
      pattern_ipv4 = rule.pattern_ipv4
    else
      raise Fluent::ConfigError, "true or false is available for pattern_ipv4 option."
    end
 
    if rule.pattern_fqdn || !rule.pattern_fqdn
      pattern_fqdn = rule.pattern_fqdn
    else
      raise Fluent::ConfigError, "true or false is available for pattern_fqdn option."
    end
    
    if rule.pattern_regex.class == Regexp
      pattern_regex = rule.pattern_regex
      regex_capture_group = rule.regex_capture_group
    else
      raise Fluent::ConfigError, "Your need to specify Regexp for pattern_regex option."
    end

    pattern_keywords = rule.pattern_keywords

    regex_prefix = rule.pattern_regex_prefix
    keywords_prefix = rule.pattern_keywords_prefix

    @sanitizerules.push([keys, pattern_ipv4, pattern_fqdn, pattern_regex, regex_capture_group, pattern_keywords, regex_prefix, keywords_prefix])
  end
end

#filter(tag, time, record) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 106

def filter(tag, time, record)
  @sanitizerules.each do |keys, pattern_ipv4, pattern_fqdn, pattern_regex, regex_capture_group, pattern_keywords, regex_prefix, keywords_prefix|  
    keys.each do |key|
      accessor = record_accessor_create("$."+key.to_s)
      begin
          if pattern_ipv4 && accessor.call(record)
            accessor.set(record, sanitize_ipv4_val(accessor.call(record).to_s))
          end
          if pattern_fqdn && accessor.call(record)
            accessor.set(record, sanitize_fqdn_val(accessor.call(record).to_s))
          end
          if !pattern_regex.to_s.eql?("(?-mix:^$)") && accessor.call(record)
            if regex_capture_group.empty?
              accessor.set(record, sanitize_regex_val(accessor.call(record), regex_prefix, pattern_regex))
            else
              accessor.set(record, sanitize_regex_val_capture(accessor.call(record), regex_prefix, pattern_regex, regex_capture_group))
            end
          #end
          end
          if !pattern_keywords.empty? && accessor.call(record)
            accessor.set(record, sanitize_keywords_val(accessor.call(record).to_s, pattern_keywords, keywords_prefix))
          end
        rescue => e
            log.warn "Skipping this key", error_class: e.class, error: e.message
        end
    end
  end
  record
end

#include_fqdn?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 148

def include_fqdn?(str)
  str.match?(/^.*\b(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.){2,}([A-Za-z]|[A-Za-z][A-Za-z\-]*[A-Za-z]){2,}.*$/)
end

#include_ipv4?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 136

def include_ipv4?(str)
  str.match?(/^.*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.*$/)
end

#is_fqdn?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 152

def is_fqdn?(str)
  str.match?(/^\b(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.){2,}([A-Za-z]|[A-Za-z][A-Za-z\-]*[A-Za-z]){2,}$/)
end

#is_fqdn_port?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 156

def is_fqdn_port?(str)
  str.match?(/^\b(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.){2,}([A-Za-z]|[A-Za-z][A-Za-z\-]*[A-Za-z]){2,}:[0-9]{1,5}$/)
end

#is_ipv4?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 140

def is_ipv4?(str)
  str.match?(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
end

#is_ipv4_port?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 144

def is_ipv4_port?(str)
  str.match?(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:[0-9]{1,5}$/)
end

#is_url?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 160

def is_url?(str)
  str.match?(/^[a-zA-Z0-9]{2,}:\/\/.*$/)
end

#sanitize_fqdn(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 172

def sanitize_fqdn(str)
  return "FQDN_"+ @sanitize_func.call(str)
end

#sanitize_fqdn_port(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 234

def sanitize_fqdn_port(str)
  fqdn_port = []
  str.split(":").each do |s|
    s = sanitize_fqdn(s) if is_fqdn?(s)
    fqdn_port.push(s)
  end
  return fqdn_port.join(":")
end

#sanitize_fqdn_url(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 263

def sanitize_fqdn_url(str)
  fqdn_url = []
  str.split("://").each do |s|
    if s.include?("/")
      url_slash = []
      s.split("/").each do |ss|
        ss = sanitize_fqdn(ss) if is_fqdn?(ss)
        ss = sanitize_fqdn_port(ss) if is_fqdn_port?(ss)
        url_slash.push(ss)
      end
      s = url_slash.join("/")
    else
      s = sanitize_fqdn(s) if is_fqdn?(s)
      s = sanitize_fqdn_port(s) if is_fqdn_port?(s)
    end
    fqdn_url.push(s)
  end
  return fqdn_url.join("://")
end

#sanitize_fqdn_val(v) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 317

def sanitize_fqdn_val(v)
  line = []
  if v.include?(",")
    v.split(",").each do |s|
      s = subtract_quotations(s)
      if include_fqdn?(s)
        if is_url?(s)
          s = sanitize_fqdn_url(s)
        else
          s = sanitize_fqdn(s) if is_fqdn?(s)
          s = sanitize_fqdn_port(s) if is_fqdn_port?(s)
        end
      end
      line.push(s)
    end
    return line.join(",")
  else
    v.split().each do |s|
      s = subtract_quotations(s)
      if include_fqdn?(s)
        if is_url?(s)
          s = sanitize_fqdn_url(s)
        else
          s = sanitize_fqdn(s) if is_fqdn?(s)
          s = sanitize_fqdn_port(s) if is_fqdn_port?(s)
        end
      end
      line.push(s)
    end
    $log.debug "[pattern_fqdn] sanitize '#{v}' to '#{line.join(" ")}'" if v != line.join(" ")
    return line.join(" ")
  end
end

#sanitize_ipv4(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 168

def sanitize_ipv4(str)
  return "IPv4_"+ @sanitize_func.call(str)
end

#sanitize_ipv4_port(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 225

def sanitize_ipv4_port(str)
  ip_port = []
  str.split(":").each do |s|
    s =  sanitize_ipv4(s) if is_ipv4?(s)
    ip_port.push(s)
  end
  return ip_port.join(":")
end

#sanitize_ipv4_url(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 243

def sanitize_ipv4_url(str)
  ip_url = []
  str.split("://").each do |s|
    if s.include?("/")
      url_slash = []
      s.split("/").each do |ss|
        ss = sanitize_ipv4(ss) if is_ipv4?(ss)
        ss = sanitize_ipv4_port(ss) if is_ipv4_port?(ss)
        url_slash.push(ss)
      end
      s = url_slash.join("/")
    else
      s = sanitize_ipv4_port(s) if is_ipv4_port?(s)
      s = sanitize_ipv4_port(s) if is_ipv4_port?(s)
    end
    ip_url.push(s)
  end
  return ip_url.join("://")
end

#sanitize_ipv4_val(v) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 283

def sanitize_ipv4_val(v)
  line = []
  if v.include?(",")
    v.split(",").each do |s|
      s = subtract_quotations(s)
      if include_ipv4?(s)
        if is_url?(s)
          s = sanitize_ipv4_url(s)
        else
          s = sanitize_ipv4(s) if is_ipv4?(s)
          s = sanitize_ipv4_port(s) if is_ipv4_port?(s)
        end
      end
      line.push(s)
    end
    return line.join(",")
  else
    v.split().each do |s|
      s = subtract_quotations(s)
      if include_ipv4?(s)
        if is_url?(s)
          s = sanitize_ipv4_url(s)
        else
          s = sanitize_ipv4(s) if is_ipv4?(s)
          s = sanitize_ipv4_port(s) if is_ipv4_port?(s)
        end
      end
      line.push(s)
    end
    $log.debug "[pattern_ipv4] sanitize '#{v}' to '#{line.join(" ")}'" if v != line.join(" ")
    return line.join(" ")
  end
end

#sanitize_keyword(str, prefix) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 221

def sanitize_keyword(str, prefix)
  return prefix + "_" + @sanitize_func.call(str)
end

#sanitize_keywords_val(v, keywords, prefix) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 363

def sanitize_keywords_val(v, keywords, prefix)
  line = []
  v.split().each do |vv|
    if keywords.include?(vv)
      line.push(sanitize_keyword(vv, prefix))
    else
      line.push(vv)
     end
  end
  $log.debug "[pattern_keywords] sanitize '#{v}' to '#{line.join(" ")}'" if v != line.join(" ")
  return line.join(" ")
end

#sanitize_regex(str, prefix, regex) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 182

def sanitize_regex(str, prefix, regex)
  regex_p = Regexp.new(regex)
  if str =~ regex_p
    scans = str.scan(regex).flatten
    if scans.any?{ |e| e.nil? }
      return prefix + "_" + @sanitize_func.call(str)
    else
      scans.each do |s|
        mask = prefix + "_" + @sanitize_func.call(str)
        str = str.gsub(s, mask)
      end
    end
    return str
  else
    $log.debug "[pattern_regex] #{str} does not match given regex #{regex}. skip this rule."
    return str
  end
end

#sanitize_regex_capture(str, prefix, regex, capture_group) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 201

def sanitize_regex_capture(str, prefix, regex, capture_group)
  regex_p = Regexp.new(regex)
  if str =~ regex_p
    if str.match(regex).names.include?(capture_group)
      scans = str.scan(regex).flatten
      scans.each do |s|
        mask = prefix + "_" + @sanitize_func.call(str)
        str = str.gsub(s, mask)
      end
      return str
    else
       $log.debug "[pattern_regex] regex pattern matched but capture group '#{capture_group}' does not exist. Skip this rule."
       return str
    end
  else
    $log.debug "[pattern_regex] #{str} does not match given regex #{regex}. Skip this rule."
    return str
  end
end

#sanitize_regex_val(v, prefix, regex) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 351

def sanitize_regex_val(v, prefix, regex)
  s = sanitize_regex(v, prefix, regex)  
  $log.debug "[pattern_regex] sanitize '#{v}' to '#{s}'" if v != s
  return s
end

#sanitize_regex_val_capture(v, prefix, regex, capture_group) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 357

def sanitize_regex_val_capture(v, prefix, regex, capture_group)
  s = sanitize_regex_capture(v, prefix, regex, capture_group)
  $log.debug "[pattern_regex] sanitize '#{v}' to '#{s}'" if v != s
  return s
end

#sanitize_val(str, prefix) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 176

def sanitize_val(str, prefix)
  s = prefix + "_" + @sanitize_func.call(str)
  $log.debug "[pattern_regex] sanitize '#{str}' to '#{s}'" if str != s
  return s
end

#subtract_quotations(str) ⇒ Object

# File 'lib/fluent/plugin/filter_sanitizer.rb', line 164

def subtract_quotations(str)
  str.gsub(/\\\"|\'|\"|\\\'/,'')
end