Backport(v1.19): warn when backed-up conf file will be included (#5240) (#5252)

**Which issue(s) this PR fixes**: 
Backport #5240
Fixes #

**What this PR does / why we need it**: 

There is a case that unintentionally backed-up
conf file will be loaded by wild card @include.

This commit try to mitigate such a careless mistakes by warning.


**Docs Changes**:

N/A

**Release Note**: 

N/A

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Kentaro Hayashi <hayashi@clear-code.com>

Author: github-actions[bot]

lib/fluent/config/v1_parser.rb

@@ -166,6 +166,11 @@ def eval_include(attrs, elems, uri)
           Dir.glob(pattern).sort.each { |entry|
             basepath = File.dirname(entry)
             fname = File.basename(entry)
+            suspicious_backup_extensions = %w(bak old backup orig prev conf tmp temp debug wip)
+            if path.end_with?('*.conf') and
+              suspicious_backup_extensions.any? { |ext| fname.end_with?(".#{ext}.conf", "_#{ext}.conf") }
+              @logger.warn "There is a possibility that '@include #{uri}' includes duplicated backed-up config file such as <#{fname}>" if @logger
+            end
             data = File.read(entry)
             data.force_encoding('UTF-8')
             ss = StringScanner.new(data)

test/command/test_fluentd.rb

@@ -1616,4 +1616,67 @@ def create_config_include_dir_configuration(config_path, config_dir, yaml_format
       "#0 fluentd worker is now running worker=0"
     )
   end
+
+  sub_test_case "test suspicious harmful backed-up configuration" do
+    data('suspicious .bak.conf' => 'dummy.bak.conf',
+         'suspicious .old.conf' => 'dummy.old.conf',
+         'suspicious .backup.conf' => 'dummy.backup.conf',
+         'suspicious .orig.conf' => 'dummy.orig.conf',
+         'suspicious .prev.conf' => 'dummy.prev.conf',
+         'suspicious .conf.conf' => 'dummy.conf.conf',
+         'suspicious .tmp.conf' => 'dummy.tmp.conf',
+         'suspicious .temp.conf' => 'dummy.temp.conf',
+         'suspicious .debug.conf' => 'dummy.debug.conf',
+         'suspicious .wip.conf' => 'dummy.wip.conf'
+        )
+    test "warn suspicious backed-up file will be loaded" do |suspicious_conf|
+      create_conf_file("dummy.conf", <<~EOF)
+        <source>
+          @type forward
+        </source>
+      EOF
+      create_conf_file(suspicious_conf, <<~EOF)
+        <source>
+          @type forward
+        </source>
+      EOF
+      working_dir = File.join(@tmp_dir, 'working')
+      FileUtils.mkdir_p(working_dir)
+      conf_path = create_conf_file("working/fluent.conf", <<~EOF)
+        <system>
+          config_include_dir ""
+        </system>
+        @include #{@tmp_dir}/*.conf
+      EOF
+      expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{suspicious_conf}>"
+      assert_log_matches(create_cmdline(conf_path, '--dry-run'),
+                         expected_warning_message)
+    end
+
+    data('non suspicious bar.conf' => 'bar.conf')
+    test "no warn message" do |non_suspicious_conf|
+      create_conf_file("foo.conf", <<~EOF)
+        <source>
+          @type forward
+        </source>
+      EOF
+      create_conf_file(non_suspicious_conf, <<~EOF)
+        <source>
+          @type forward
+        </source>
+      EOF
+      working_dir = File.join(@tmp_dir, 'working')
+      FileUtils.mkdir_p(working_dir)
+      conf_path = create_conf_file("working/fluent.conf", <<~EOF)
+        <system>
+          config_include_dir ""
+        </system>
+        @include #{@tmp_dir}/*.conf
+      EOF
+      expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{non_suspicious_conf}>"
+      assert_log_matches(create_cmdline(conf_path, '--dry-run'),
+                         "as dry run mode", patterns_not_match: [expected_warning_message])
+    end
+  end
+
 end