diff --git a/lib/fluent/config/v1_parser.rb b/lib/fluent/config/v1_parser.rb index af20945271..08e83adfb7 100644 --- a/lib/fluent/config/v1_parser.rb +++ b/lib/fluent/config/v1_parser.rb @@ -166,6 +166,11 @@ def eval_include(attrs, elems, uri) Dir.glob(pattern).sort.each { |entry| basepath = File.dirname(entry) fname = File.basename(entry) + suspicious_backup_extensions = %w(bak old backup orig prev conf tmp temp debug wip) + if path.end_with?('*.conf') and + suspicious_backup_extensions.any? { |ext| fname.end_with?(".#{ext}.conf", "_#{ext}.conf") } + @logger.warn "There is a possibility that '@include #{uri}' includes duplicated backed-up config file such as <#{fname}>" if @logger + end data = File.read(entry) data.force_encoding('UTF-8') ss = StringScanner.new(data) diff --git a/test/command/test_fluentd.rb b/test/command/test_fluentd.rb index d02c27ca29..6fe1a1655f 100644 --- a/test/command/test_fluentd.rb +++ b/test/command/test_fluentd.rb @@ -1616,4 +1616,67 @@ def create_config_include_dir_configuration(config_path, config_dir, yaml_format "#0 fluentd worker is now running worker=0" ) end + + sub_test_case "test suspicious harmful backed-up configuration" do + data('suspicious .bak.conf' => 'dummy.bak.conf', + 'suspicious .old.conf' => 'dummy.old.conf', + 'suspicious .backup.conf' => 'dummy.backup.conf', + 'suspicious .orig.conf' => 'dummy.orig.conf', + 'suspicious .prev.conf' => 'dummy.prev.conf', + 'suspicious .conf.conf' => 'dummy.conf.conf', + 'suspicious .tmp.conf' => 'dummy.tmp.conf', + 'suspicious .temp.conf' => 'dummy.temp.conf', + 'suspicious .debug.conf' => 'dummy.debug.conf', + 'suspicious .wip.conf' => 'dummy.wip.conf' + ) + test "warn suspicious backed-up file will be loaded" do |suspicious_conf| + create_conf_file("dummy.conf", <<~EOF) + + @type forward + + EOF + create_conf_file(suspicious_conf, <<~EOF) + + @type forward + + EOF + working_dir = File.join(@tmp_dir, 'working') + FileUtils.mkdir_p(working_dir) + conf_path = create_conf_file("working/fluent.conf", <<~EOF) + + config_include_dir "" + + @include #{@tmp_dir}/*.conf + EOF + expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{suspicious_conf}>" + assert_log_matches(create_cmdline(conf_path, '--dry-run'), + expected_warning_message) + end + + data('non suspicious bar.conf' => 'bar.conf') + test "no warn message" do |non_suspicious_conf| + create_conf_file("foo.conf", <<~EOF) + + @type forward + + EOF + create_conf_file(non_suspicious_conf, <<~EOF) + + @type forward + + EOF + working_dir = File.join(@tmp_dir, 'working') + FileUtils.mkdir_p(working_dir) + conf_path = create_conf_file("working/fluent.conf", <<~EOF) + + config_include_dir "" + + @include #{@tmp_dir}/*.conf + EOF + expected_warning_message = "[warn]: There is a possibility that '@include #{@tmp_dir}/*.conf' includes duplicated backed-up config file such as <#{non_suspicious_conf}>" + assert_log_matches(create_cmdline(conf_path, '--dry-run'), + "as dry run mode", patterns_not_match: [expected_warning_message]) + end + end + end