Missing hash['@metadata'].nil? check in extract_tls_peer
markwj opened this issue · 3 comments
- Version: 6.0.0
- Operating System: Linux
- Steps to Reproduce:
The code in logstash/inputs/beats/message_listener.rb for onNewMessage has the @metadata hash setting protected:
hash['@metadata']['ip_address'] = ip_address unless ip_address.nil? || hash['@metadata'].nil?
However, the code in extract_tls_peer 'if tls_verified does not:
if tls_verified
hash['@metadata']['tls_peer'] = {
:status => "verified",
:protocol => tls_session.getProtocol(),
:subject => tls_session.getPeerPrincipal().getName(),
:cipher_suite => tls_session.getCipherSuite()
}
else
hash['@metadata']['tls_peer'] = {
:status => "unverified"
}
This causes a crash if the input message does not have @metadata, but a TLS client certificate is used and ssl_peer_metadata => true:
[2019-04-12T01:55:13,548][INFO ][org.logstash.beats.BeatsHandler] [local: :20162, remote: :60835] Handling exception: (NoMethodError) undefined method
[]=' for nil:NilClass [2019-04-12T01:55:13,548][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception. org.jruby.exceptions.RaiseException: (NoMethodError) undefined method
[]=' for nil:NilClass
at usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_beats_minus_6_dot_0_dot_0_minus_java.lib.logstash.inputs.beats.message_listener.extract_tls_peer(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-6.0.0-java/lib/logstash/inputs/beats/message_listener.rb:149) ~[?:?]
at usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_beats_minus_6_dot_0_dot_0_minus_java.lib.logstash.inputs.beats.message_listener.onNewMessage(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-6.0.0-java/lib/logstash/inputs/beats/message_listener.rb:37) ~[?:?]
In general, perhaps it is better to create the @metadata hash entry if it does not exists (rather than relying on it to be there).
I have the same problem with 5.1.8:
[2019-05-27T16:04:21,921][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
org.jruby.exceptions.NoMethodError: (NoMethodError) undefined method `[]=' for nil:NilClass
at usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_beats_minus_5_dot_1_dot_8_minus_java.lib.logstash.inputs.beats.message_listener.extract_tls_peer(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-5.1.8-java/lib/logstash/inputs/beats/message_listener.rb:147) ~[?:?]
at usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_beats_minus_5_dot_1_dot_8_minus_java.lib.logstash.inputs.beats.message_listener.onNewMessage(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-5.1.8-java/lib/logstash/inputs/beats/message_listener.rb:37) ~[?:?]
For the record: including , "@metadata":{},
in the incoming events avoids the problem.
believe this is resolved since 6.1 (specifically in 6.2.1 I was wondering about this and am quite solid it won't happen)