Merging funct filter in fingerprint filter

2025-04-24 14:47:19 -04:00 · 2014-02-25 21:41:47 +01:00 · 2014-02-25 21:41:47 +01:00 · 6d1ffc3583
commit 6d1ffc3583
parent 0a4516b37e
2 changed files with 46 additions and 22 deletions
--- a/lib/logstash/filters/fingerprint.rb
+++ b/lib/logstash/filters/fingerprint.rb
@ -20,7 +20,7 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
  config :key, :validate => :string

  # Fingerprint method
-  config :method, :validate => ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5', "MURMUR3", "IPV4_NETWORK", "UUID"], :required => true, :default => 'SHA1'
+  config :method, :validate => ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5', "MURMUR3", "IPV4_NETWORK", "UUID", "PUNCT"], :required => true, :default => 'SHA1'

  # When set to true, we concatenate the values of all fields into 1 string like the old checksum filter.
  config :concatenate_sources, :validate => :boolean, :default => false
@ -37,6 +37,8 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
        class << self; alias_method :anonymize, :anonymize_murmur3; end
      when "UUID"
        require "securerandom"
+      when "PUNCT"
+        # nothing required
      else
        require 'openssl'
        @logger.error("Key value is empty. Please fill in an encryption key") if @key.nil?
@ -47,29 +49,36 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
  public
  def filter(event)
    return unless filter?(event)
-    if @method == "UUID"
-      event[@target] = SecureRandom.uuid
-    else
-      if @concatenate_sources 
-        to_string = ''
-        @source.sort.each do |k|
-          @logger.debug("Adding key to string")
-          to_string << "|#{k}|#{event[k]}"
-        end
-        to_string << "|"
-        @logger.debug("String built", :to_checksum => to_string)
-        event[@target] = anonymize(to_string)
-      else 
-        @source.each do |field|
+    case @method
+      when "UUID"
+        event[@target] = SecureRandom.uuid
+      when "PUNCT"
+        @source.sort.each do |field|
          next unless event.include?(field)
-          if event[field].is_a?(Array)
-            event[@target] = event[field].collect { |v| anonymize(v) }
-          else
-            event[@target] = anonymize(event[field])
+          event[@target] = event[field].tr('A-Za-z0-9 \t','')
+        end
+      else
+        if @concatenate_sources 
+          to_string = ''
+          @source.sort.each do |k|
+            @logger.debug("Adding key to string")
+            to_string << "|#{k}|#{event[k]}"
          end
-        end # @source.each
-      end # concatenate_sources
-    end # @method
+          to_string << "|"
+          @logger.debug("String built", :to_checksum => to_string)
+          event[@target] = anonymize(to_string)
+        else 
+          @source.each do |field|
+            next unless event.include?(field)
+            if event[field].is_a?(Array)
+              event[@target] = event[field].collect { |v| anonymize(v) }
+            else
+              event[@target] = anonymize(event[field])
+            end
+          end # @source.each
+        end # concatenate_sources
+
+    end # casse @method
  end # def filter

  private
--- a/spec/filters/fingerprint.rb
+++ b/spec/filters/fingerprint.rb
@ -147,4 +147,19 @@ describe LogStash::Filters::Fingerprint do
    end
  end

+  describe "PUNCT method" do
+    config <<-CONFIG
+      filter {
+        fingerprint {
+          source => 'field1'
+          method => 'PUNCT'
+        }
+      }
+    CONFIG
+
+    sample("field1" =>  "PHP Warning:  json_encode() [<a href='function.json-encode'>function.json-encode</a>]: Invalid UTF-8 sequence in argument in /var/www/htdocs/test.php on line 233") do
+      insist { subject["fingerprint"] } == ":_()[<='.-'>.-</>]:-////."
+    end
+  end
+
 end