Skip to content

Commit

Permalink
in_splunk: Add length checking for storing credentials strictly
Browse files Browse the repository at this point in the history 
Signed-off-by: Hiroshi Hatake <[email protected]>
  • Loading branch information
@cosmo0920 @edsiper
cosmo0920 authored and edsiper committed Jul 16, 2024
1 parent b6e1864 commit 653227b
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 4 deletions.
1 change: 1 addition & 0 deletions plugins/in_splunk/splunk.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ struct flb_splunk {
/* Token Auth */
struct mk_list auth_tokens;
flb_sds_t ingested_auth_header;
size_t ingested_auth_header_len;
int store_token_in_metadata;
flb_sds_t store_token_key;

Expand Down
16 changes: 12 additions & 4 deletions plugins/in_splunk/splunk_prot.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,8 @@ static int process_raw_payload_pack(struct flb_splunk *ctx, flb_sds_t tag, char
ret = flb_log_event_encoder_append_metadata_values(
&ctx->log_encoder,
FLB_LOG_EVENT_CSTRING_VALUE("hec_token"),
FLB_LOG_EVENT_CSTRING_VALUE(ctx->ingested_auth_header));
FLB_LOG_EVENT_STRING_VALUE(ctx->ingested_auth_header,
ctx->ingested_auth_header_len));
}
}
}
Expand All @@ -251,7 +252,8 @@ static int process_raw_payload_pack(struct flb_splunk *ctx, flb_sds_t tag, char
ret = flb_log_event_encoder_append_body_values(
&ctx->log_encoder,
FLB_LOG_EVENT_CSTRING_VALUE(ctx->store_token_key),
FLB_LOG_EVENT_CSTRING_VALUE(ctx->ingested_auth_header),
FLB_LOG_EVENT_STRING_VALUE(ctx->ingested_auth_header,
ctx->ingested_auth_header_len),
FLB_LOG_EVENT_CSTRING_VALUE("log"),
FLB_LOG_EVENT_STRING_VALUE(buf, size));

Expand Down Expand Up @@ -315,7 +317,8 @@ static void process_flb_log_append(struct flb_splunk *ctx, msgpack_object *recor
ret = flb_log_event_encoder_append_metadata_values(
&ctx->log_encoder,
FLB_LOG_EVENT_CSTRING_VALUE("hec_token"),
FLB_LOG_EVENT_CSTRING_VALUE(ctx->ingested_auth_header));
FLB_LOG_EVENT_STRING_VALUE(ctx->ingested_auth_header,
ctx->ingested_auth_header_len));
}
}
}
Expand All @@ -334,7 +337,8 @@ static void process_flb_log_append(struct flb_splunk *ctx, msgpack_object *recor
ret = flb_log_event_encoder_append_body_values(
&ctx->log_encoder,
FLB_LOG_EVENT_CSTRING_VALUE(ctx->store_token_key),
FLB_LOG_EVENT_CSTRING_VALUE(ctx->ingested_auth_header));
FLB_LOG_EVENT_STRING_VALUE(ctx->ingested_auth_header,
ctx->ingested_auth_header_len));
}
}
else {
Expand Down Expand Up @@ -598,6 +602,7 @@ static int process_hec_payload(struct flb_splunk *ctx, struct splunk_conn *conn,
if (header_auth->key.data != NULL) {
if (strncasecmp(header_auth->val.data, "Splunk ", 7) == 0) {
ctx->ingested_auth_header = header_auth->val.data;
ctx->ingested_auth_header_len = header_auth->val.len;
}
}

Expand Down Expand Up @@ -663,6 +668,7 @@ static int process_hec_raw_payload(struct flb_splunk *ctx, struct splunk_conn *c
if (header_auth->key.data != NULL) {
if (strncasecmp(header_auth->val.data, "Splunk ", 7) == 0) {
ctx->ingested_auth_header = header_auth->val.data;
ctx->ingested_auth_header_len = header_auth->val.len;
}
}

Expand Down Expand Up @@ -1022,6 +1028,7 @@ static int process_hec_payload_ng(struct flb_http_request *request,
if (ret != 0 && size > 0) {
if (strncasecmp(auth_header, "Splunk ", 7) == 0) {
ctx->ingested_auth_header = auth_header;
ctx->ingested_auth_header_len = strlen(auth_header);
}
}

Expand Down Expand Up @@ -1057,6 +1064,7 @@ static int process_hec_raw_payload_ng(struct flb_http_request *request,
if (ret != 0 && size > 0) {
if (strncasecmp(auth_header, "Splunk ", 7) == 0) {
ctx->ingested_auth_header = auth_header;
ctx->ingested_auth_header_len = strlen(auth_header);
}
}

Expand Down

0 comments on commit 653227b

Please sign in to comment.