elastic · bhapas · Apr 25, 2023 · Apr 20, 2023 · Apr 21, 2023 · Apr 21, 2023
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -110,9 +110,10 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff]
 - Fix panic in TCP and UDP inputs on Linux when collecting socket metrics from OS. {issue}35064[35064]
 - Correctly collect TCP and UDP metrics for unspecified address values. {pull}35111[35111]
 - Fix base for UDP and TCP queue metrics and UDP drops metric. {pull}35123[35123]
-- Sanitize filenames for request tracer in httpjson and cel inputs. {pull}35143[35143]
+- Sanitize filenames for request tracer in httpjson input. {pull}35143[35143]
 - decode_cef processor: Fix ECS output by making `observer.ip` into an array of strings instead of string. {issue}35140[35140] {pull}35149[35149]
 - Fix handling of MySQL audit logs with strict JSON parser. {issue}35158[35158] {pull}35160[35160]
+- Sanitize filenames for request tracer in cel input. {pull}35154[35154]
 - Fix accidental error overwrite in defer statement in entityanalytics Azure AD input. {issue}35153[35153] {pull}35169[35169]
 
 *Heartbeat*

@@ -18,6 +18,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"path/filepath"
 	"reflect"
 	"regexp"
 	"strconv"
@@ -101,6 +102,15 @@ func (input) Run(env v2.Context, src inputcursor.Source, crsr inputcursor.Cursor
 	return input{}.run(env, src.(*source), cursor, pub)
 }
 
+// The sanitizeFileName sanitizes characters like ":" and "/" to replace them with "_"
+// The request.tracer.filename may have ":" when a httpjson input has cursor config and
+// the macOS Finder will treat this as path-separator and causes to show up strange filepaths.
+func sanitizeFileName(name string) string {
+	name = strings.ReplaceAll(name, ":", string(filepath.Separator))
+	name = filepath.Clean(name)
+	return strings.ReplaceAll(name, string(filepath.Separator), "_")
+}
+
 func (input) run(env v2.Context, src *source, cursor map[string]interface{}, pub inputcursor.Publisher) error {
 	cfg := src.cfg
 	log := env.Logger.With("input_url", cfg.Resource.URL)
@@ -111,7 +121,8 @@ func (input) run(env v2.Context, src *source, cursor map[string]interface{}, pub
 	ctx := ctxtool.FromCanceller(env.Cancelation)
 
 	if cfg.Resource.Tracer != nil {
-		cfg.Resource.Tracer.Filename = strings.ReplaceAll(cfg.Resource.Tracer.Filename, "*", env.ID)
+		id := sanitizeFileName(env.ID)
+		cfg.Resource.Tracer.Filename = strings.ReplaceAll(cfg.Resource.Tracer.Filename, "*", id)
 	}
 
 	client, err := newClient(ctx, cfg, log)

@@ -161,10 +161,9 @@ func run(
 	return nil
 }
 
-// The Request.Tracer.Filename may have ":" when a httpjson input has cursor config
-// The MacOs Finder will treat this as path-separator and causes to show up strange filepaths.
-// This function will sanitize characters like ":" and "/" to replace them with "_" just to be
-// safe on all operating systems.
+// The sanitizeFileName sanitizes characters like ":" and "/" to replace them with "_"
+// The request.tracer.filename may have ":" when a httpjson input has cursor config and
+// the macOS Finder will treat this as path-separator and causes to show up strange filepaths.
 func sanitizeFileName(name string) string {
 	name = strings.ReplaceAll(name, ":", string(filepath.Separator))
 	name = filepath.Clean(name)

@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -26,11 +27,12 @@ import (
 
 func TestInput(t *testing.T) {
 	testCases := []struct {
-		name        string
-		setupServer func(*testing.T, http.HandlerFunc, map[string]interface{})
-		baseConfig  map[string]interface{}
-		handler     http.HandlerFunc
-		expected    []string
+		name         string
+		setupServer  func(*testing.T, http.HandlerFunc, map[string]interface{})
+		baseConfig   map[string]interface{}
+		handler      http.HandlerFunc
+		expected     []string
+		expectedFile string
 	}{
 		{
 			name:        "Test simple GET request",
@@ -294,7 +296,7 @@ func TestInput(t *testing.T) {
 			},
 		},
 		{
-			name: "Test filename truncation",
+			name: "Test tracer filename sanitization",
 			setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) {
 				registerRequestTransforms()
 				t.Cleanup(func() { registeredTransforms = newRegistry() })
@@ -308,6 +310,7 @@ func TestInput(t *testing.T) {
 				config["request.url"] = server.URL
 				t.Cleanup(server.Close)
 				t.Cleanup(func() { timeNow = time.Now })
+				defer os.RemoveAll(filepath.Join(os.TempDir(), "logs"))
 			},
 			baseConfig: map[string]interface{}{
 				"interval":       1,
@@ -326,15 +329,15 @@ func TestInput(t *testing.T) {
 						"value": `[[index .last_response.body "@timestamp"]]`,
 					},
 				},
-				"request.tracer.filename": "../../logs/httpjson/http-request-trace-*.ndjson",
-				"verifyfilepath":          true,
+				"request.tracer.filename": filepath.Join(os.TempDir(), "logs", "http-request-trace-*.ndjson"),
 			},
 			handler: dateCursorHandler(),
 			expected: []string{
 				`{"@timestamp":"2002-10-02T15:00:00Z","foo":"bar"}`,
 				`{"@timestamp":"2002-10-02T15:00:01Z","foo":"bar"}`,
 				`{"@timestamp":"2002-10-02T15:00:02Z","foo":"bar"}`,
 			},
+			expectedFile: filepath.Join("logs", "http-request-trace-httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248_https_somesource_someapi.ndjson"),
 		},
 		{
 			name: "Test pagination",
@@ -1235,8 +1238,8 @@ func TestInput(t *testing.T) {
 					}
 				}
 			}
-			if tc.baseConfig["verifyfilepath"] != nil {
-				if _, err := os.Stat("../../logs/httpjson/http-request-trace-httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248_https_somesource_someapi.ndjson"); err == nil {
+			if len(tc.expectedFile) > 0 {
+				if _, err := os.Stat(filepath.Join(os.TempDir(), tc.expectedFile)); err == nil {
 					assert.NoError(t, g.Wait())
 				} else {
 					t.Errorf("Expected log filename not found")