Missing hash['@metadata'].nil? check in extract_tls_peer

Question

Missing hash['@metadata'].nil? check in extract_tls_peer

markwj opened this issue 5 years ago · 3 comments

Version: 6.0.0
Operating System: Linux
Steps to Reproduce:

The code in logstash/inputs/beats/message_listener.rb for onNewMessage has the @metadata hash setting protected:

hash['@metadata']['ip_address'] = ip_address unless ip_address.nil? || hash['@metadata'].nil?

However, the code in extract_tls_peer 'if tls_verified does not:

if tls_verified
          hash['@metadata']['tls_peer'] = {
            :status       => "verified",
            :protocol     => tls_session.getProtocol(),
            :subject      => tls_session.getPeerPrincipal().getName(),
            :cipher_suite => tls_session.getCipherSuite()
          }
        else
          hash['@metadata']['tls_peer'] = {
            :status     => "unverified"
          }

This causes a crash if the input message does not have @metadata, but a TLS client certificate is used and ssl_peer_metadata => true:

[2019-04-12T01:55:13,548][INFO ][org.logstash.beats.BeatsHandler] [local: :20162, remote: :60835] Handling exception: (NoMethodError) undefined method []=' for nil:NilClass [2019-04-12T01:55:13,548][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception. org.jruby.exceptions.RaiseException: (NoMethodError) undefined method []=' for nil:NilClass
at usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_beats_minus_6_dot_0_dot_0_minus_java.lib.logstash.inputs.beats.message_listener.extract_tls_peer(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-6.0.0-java/lib/logstash/inputs/beats/message_listener.rb:149) ~[?:?]
at usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_beats_minus_6_dot_0_dot_0_minus_java.lib.logstash.inputs.beats.message_listener.onNewMessage(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-6.0.0-java/lib/logstash/inputs/beats/message_listener.rb:37) ~[?:?]

In general, perhaps it is better to create the @metadata hash entry if it does not exists (rather than relying on it to be there).

Answer 1 · 2019-05-27T16:12:36.000Z

I have the same problem with 5.1.8:

[2019-05-27T16:04:21,921][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
org.jruby.exceptions.NoMethodError: (NoMethodError) undefined method `[]=' for nil:NilClass
	at usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_beats_minus_5_dot_1_dot_8_minus_java.lib.logstash.inputs.beats.message_listener.extract_tls_peer(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-5.1.8-java/lib/logstash/inputs/beats/message_listener.rb:147) ~[?:?]
	at usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_beats_minus_5_dot_1_dot_8_minus_java.lib.logstash.inputs.beats.message_listener.onNewMessage(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-5.1.8-java/lib/logstash/inputs/beats/message_listener.rb:37) ~[?:?]

Answer 2 · 2019-05-28T09:01:14.000Z

For the record: including , "@metadata":{}, in the incoming events avoids the problem.

Answer 3 · 2021-10-11T12:21:16.000Z

believe this is resolved since 6.1 (specifically in 6.2.1 I was wondering about this and am quite solid it won't happen)