Skip to content

Commit

Permalink
swp_all: use triple-brace templating (#11287)
Browse files Browse the repository at this point in the history
The mustache templating system used by ingest pipelines has two levels of
escaping available, not escaped (triple stache) and HTML escaped
(double stache) — see man mustache[1] under "tag types: variables". This can
lead to data corruption, particularly in cases where an operating system has
chosen to use a character requiring escaping in its path syntax.

[1]http://mustache.github.io/mustache.5.html

[git-generate]
for f in $(
	(
		for p in $(
			yq 'select(.owner.github == "elastic/sec-windows-platform")|.name' packages/**/manifest.yml \
			| grep -v -- '---'
		); do
			rg -l -g '*.yml' ": ('\{\{[^{][ .a-zA-Z0-9_]*[^}]}}'|\"\{\{[^{][ .a-zA-Z0-9_]*[^}]}}\")" packages/$p
		done
	)|grep "elasticsearch/ingest_pipeline"|sort|uniq
); do
	sed -i -r "s/: (['\"])\{\{([^{][ .a-zA-Z0-9_]*[^}])}}['\"]/: \1{{{\2}}}\1/g" $f
done
for p in $(git diff --name-only HEAD~1|cut -d/ -f1,2|sort|uniq); do
	(
		cd $p
		elastic-package test pipeline -g
		elastic-package changelog add \
			--description "Use triple-brace Mustache templating when referencing variables in ingest pipelines." \
			--type bugfix \
			--next patch \
			--link #11287
	)>/dev/null 2>&1
done
  • Loading branch information
efd6 authored Oct 2, 2024
1 parent 992a01e commit 4adf550
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 9 deletions.
5 changes: 5 additions & 0 deletions packages/hid_bravura_monitor/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.18.2"
changes:
- description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
type: bugfix
link: https://github.com/elastic/integrations/pull/11287
- version: "1.18.1"
changes:
- description: Convert error.code to string
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ processors:
field: logdate
formats:
- 'yyyy-MM-dd HH:mm:ss.SSS'
timezone: '{{event.timezone}}'
timezone: '{{{event.timezone}}}'
description: Convert logdate to @timestamp
- rename:
target_field: message
Expand Down
2 changes: 1 addition & 1 deletion packages/hid_bravura_monitor/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: hid_bravura_monitor
title: Bravura Monitor
version: "1.18.1"
version: "1.18.2"
categories: ["security", "iam"]
description: Collect logs from Bravura Security Fabric with Elastic Agent.
type: integration
Expand Down
5 changes: 5 additions & 0 deletions packages/mysql_enterprise/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.14.3"
changes:
- description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
type: bugfix
link: https://github.com/elastic/integrations/pull/11287
- version: "1.14.2"
changes:
- description: Changed owners
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ processors:
ignore_missing: true
- set:
field: user.name
value: "{{server.user.name}}"
value: "{{{server.user.name}}}"
ignore_empty_value: true
if: "ctx.user?.target != null"
- append:
Expand Down Expand Up @@ -202,27 +202,27 @@ processors:
ignore_missing: true
- append:
field: related.user
value: "{{server.user.name}}"
value: "{{{server.user.name}}}"
allow_duplicates: false
if: ctx?.server?.user?.name != null
- append:
field: related.user
value: "{{client.user.name}}"
value: "{{{client.user.name}}}"
allow_duplicates: false
if: ctx?.client?.user?.name != null
- append:
field: related.user
value: "{{user.target.name}}"
value: "{{{user.target.name}}}"
allow_duplicates: false
if: ctx?.user?.target?.name != null
- append:
field: related.ip
value: "{{client.ip}}"
value: "{{{client.ip}}}"
allow_duplicates: false
if: ctx?.client?.ip != null
- append:
field: related.hosts
value: "{{client.domain}}"
value: "{{{client.domain}}}"
allow_duplicates: false
if: ctx?.client?.domain != null
- date:
Expand Down
2 changes: 1 addition & 1 deletion packages/mysql_enterprise/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.0"
name: mysql_enterprise
title: "MySQL Enterprise"
version: "1.14.2"
version: "1.14.3"
description: Collect audit logs from MySQL Enterprise with Elastic Agent.
type: integration
categories:
Expand Down

0 comments on commit 4adf550

Please sign in to comment.