Skip to content

Commit 7a3ebf6

Browse files
authored
in_debug_agent: accept only from local machine by default (#5272)
**Which issue(s) this PR fixes**: Fixes # **What this PR does / why we need it**: Usually, in_debug_agent must be explicitly enabled by users who know what you do. But, there is an security concern which accepts external access by default even though user must enable it explicitly. With this commit, change that behavior a bit secure by default. **Docs Changes**: Need to update default. https://docs.fluentd.org/monitoring-fluentd/monitoring-rest-api#datadog-dd-agent-integration **Release Note**: N/A Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
1 parent f741d4e commit 7a3ebf6

2 files changed

Lines changed: 9 additions & 1 deletion

File tree

lib/fluent/plugin/in_debug_agent.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ def initialize
2626
super
2727
end
2828

29-
config_param :bind, :string, default: '0.0.0.0'
29+
config_param :bind, :string, default: '127.0.0.1'
3030
config_param :port, :integer, default: 24230
3131
config_param :unix_path, :string, default: nil
3232
#config_param :unix_mode # TODO

test/plugin/test_in_debug_agent.rb

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,4 +46,12 @@ def test_multi_worker_environment_with_unix_path
4646
assert_false d.instance.multi_workers_ready?
4747
end
4848
end
49+
50+
def test_default_configuration
51+
assert_nothing_raised do
52+
d = create_driver
53+
assert_equal(['127.0.0.1', 24230, 'Fluent::Engine'],
54+
[d.instance.bind, d.instance.port, d.instance.object])
55+
end
56+
end
4957
end

0 commit comments

Comments
 (0)