Skip to content

Commit 98bdda9

Browse files
Backport(v1.19): warn when backed-up conf file will be included (#5240) (#5252)
**Which issue(s) this PR fixes**: Backport #5240 Fixes # **What this PR does / why we need it**: There is a case that unintentionally backed-up conf file will be loaded by wild card @include. This commit try to mitigate such a careless mistakes by warning. **Docs Changes**: N/A **Release Note**: N/A Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Kentaro Hayashi <hayashi@clear-code.com>
1 parent a722be0 commit 98bdda9

File tree

2 files changed

+68
-0
lines changed

2 files changed

+68
-0
lines changed

lib/fluent/config/v1_parser.rb

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,11 @@ def eval_include(attrs, elems, uri)
166166
Dir.glob(pattern).sort.each { |entry|
167167
basepath = File.dirname(entry)
168168
fname = File.basename(entry)
169+
suspicious_backup_extensions = %w(bak old backup orig prev conf tmp temp debug wip)
170+
if path.end_with?('*.conf') and
171+
suspicious_backup_extensions.any? { |ext| fname.end_with?(".#{ext}.conf", "_#{ext}.conf") }
172+
@logger.warn "There is a possibility that '@include #{uri}' includes duplicated backed-up config file such as <#{fname}>" if @logger
173+
end
169174
data = File.read(entry)
170175
data.force_encoding('UTF-8')
171176
ss = StringScanner.new(data)

test/command/test_fluentd.rb

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1616,4 +1616,67 @@ def create_config_include_dir_configuration(config_path, config_dir, yaml_format
16161616
"#0 fluentd worker is now running worker=0"
16171617
)
16181618
end
1619+
1620+
sub_test_case "test suspicious harmful backed-up configuration" do
1621+
data('suspicious .bak.conf' => 'dummy.bak.conf',
1622+
'suspicious .old.conf' => 'dummy.old.conf',
1623+
'suspicious .backup.conf' => 'dummy.backup.conf',
1624+
'suspicious .orig.conf' => 'dummy.orig.conf',
1625+
'suspicious .prev.conf' => 'dummy.prev.conf',
1626+
'suspicious .conf.conf' => 'dummy.conf.conf',
1627+
'suspicious .tmp.conf' => 'dummy.tmp.conf',
1628+
'suspicious .temp.conf' => 'dummy.temp.conf',
1629+
'suspicious .debug.conf' => 'dummy.debug.conf',
1630+
'suspicious .wip.conf' => 'dummy.wip.conf'
1631+
)
1632+
test "warn suspicious backed-up file will be loaded" do |suspicious_conf|
1633+
create_conf_file("dummy.conf", <<~EOF)
1634+
<source>
1635+
@type forward
1636+
</source>
1637+
EOF
1638+
create_conf_file(suspicious_conf, <<~EOF)
1639+
<source>
1640+
@type forward
1641+
</source>
1642+
EOF
1643+
working_dir = File.join(@tmp_dir, 'working')
1644+
FileUtils.mkdir_p(working_dir)
1645+
conf_path = create_conf_file("working/fluent.conf", <<~EOF)
1646+
<system>
1647+
config_include_dir ""
1648+
</system>
1649+
@include #{@tmp_dir}/*.conf
1650+
EOF
1651+
expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{suspicious_conf}>"
1652+
assert_log_matches(create_cmdline(conf_path, '--dry-run'),
1653+
expected_warning_message)
1654+
end
1655+
1656+
data('non suspicious bar.conf' => 'bar.conf')
1657+
test "no warn message" do |non_suspicious_conf|
1658+
create_conf_file("foo.conf", <<~EOF)
1659+
<source>
1660+
@type forward
1661+
</source>
1662+
EOF
1663+
create_conf_file(non_suspicious_conf, <<~EOF)
1664+
<source>
1665+
@type forward
1666+
</source>
1667+
EOF
1668+
working_dir = File.join(@tmp_dir, 'working')
1669+
FileUtils.mkdir_p(working_dir)
1670+
conf_path = create_conf_file("working/fluent.conf", <<~EOF)
1671+
<system>
1672+
config_include_dir ""
1673+
</system>
1674+
@include #{@tmp_dir}/*.conf
1675+
EOF
1676+
expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{non_suspicious_conf}>"
1677+
assert_log_matches(create_cmdline(conf_path, '--dry-run'),
1678+
"as dry run mode", patterns_not_match: [expected_warning_message])
1679+
end
1680+
end
1681+
16191682
end

0 commit comments

Comments
 (0)