diff --git a/lib/fluent/config/v1_parser.rb b/lib/fluent/config/v1_parser.rb
index af20945271..08e83adfb7 100644
--- a/lib/fluent/config/v1_parser.rb
+++ b/lib/fluent/config/v1_parser.rb
@@ -166,6 +166,11 @@ def eval_include(attrs, elems, uri)
Dir.glob(pattern).sort.each { |entry|
basepath = File.dirname(entry)
fname = File.basename(entry)
+ suspicious_backup_extensions = %w(bak old backup orig prev conf tmp temp debug wip)
+ if path.end_with?('*.conf') and
+ suspicious_backup_extensions.any? { |ext| fname.end_with?(".#{ext}.conf", "_#{ext}.conf") }
+ @logger.warn "There is a possibility that '@include #{uri}' includes duplicated backed-up config file such as <#{fname}>" if @logger
+ end
data = File.read(entry)
data.force_encoding('UTF-8')
ss = StringScanner.new(data)
diff --git a/test/command/test_fluentd.rb b/test/command/test_fluentd.rb
index d02c27ca29..6fe1a1655f 100644
--- a/test/command/test_fluentd.rb
+++ b/test/command/test_fluentd.rb
@@ -1616,4 +1616,67 @@ def create_config_include_dir_configuration(config_path, config_dir, yaml_format
"#0 fluentd worker is now running worker=0"
)
end
+
+ sub_test_case "test suspicious harmful backed-up configuration" do
+ data('suspicious .bak.conf' => 'dummy.bak.conf',
+ 'suspicious .old.conf' => 'dummy.old.conf',
+ 'suspicious .backup.conf' => 'dummy.backup.conf',
+ 'suspicious .orig.conf' => 'dummy.orig.conf',
+ 'suspicious .prev.conf' => 'dummy.prev.conf',
+ 'suspicious .conf.conf' => 'dummy.conf.conf',
+ 'suspicious .tmp.conf' => 'dummy.tmp.conf',
+ 'suspicious .temp.conf' => 'dummy.temp.conf',
+ 'suspicious .debug.conf' => 'dummy.debug.conf',
+ 'suspicious .wip.conf' => 'dummy.wip.conf'
+ )
+ test "warn suspicious backed-up file will be loaded" do |suspicious_conf|
+ create_conf_file("dummy.conf", <<~EOF)
+
+ @type forward
+
+ EOF
+ create_conf_file(suspicious_conf, <<~EOF)
+
+ @type forward
+
+ EOF
+ working_dir = File.join(@tmp_dir, 'working')
+ FileUtils.mkdir_p(working_dir)
+ conf_path = create_conf_file("working/fluent.conf", <<~EOF)
+
+ config_include_dir ""
+
+ @include #{@tmp_dir}/*.conf
+ EOF
+ expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{suspicious_conf}>"
+ assert_log_matches(create_cmdline(conf_path, '--dry-run'),
+ expected_warning_message)
+ end
+
+ data('non suspicious bar.conf' => 'bar.conf')
+ test "no warn message" do |non_suspicious_conf|
+ create_conf_file("foo.conf", <<~EOF)
+
+ @type forward
+
+ EOF
+ create_conf_file(non_suspicious_conf, <<~EOF)
+
+ @type forward
+
+ EOF
+ working_dir = File.join(@tmp_dir, 'working')
+ FileUtils.mkdir_p(working_dir)
+ conf_path = create_conf_file("working/fluent.conf", <<~EOF)
+
+ config_include_dir ""
+
+ @include #{@tmp_dir}/*.conf
+ EOF
+ expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{non_suspicious_conf}>"
+ assert_log_matches(create_cmdline(conf_path, '--dry-run'),
+ "as dry run mode", patterns_not_match: [expected_warning_message])
+ end
+ end
+
end