Skip to content

Commit aedd2a6

Browse files
prontclaude
andauthored
docs(file sink): add security warning to path template field (#24983)
The rendered path can resolve to any filesystem location. Add a docs::warnings annotation so users are made aware when fields from untrusted sources are used in the path template. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent f62a9ff commit aedd2a6

2 files changed

Lines changed: 4 additions & 0 deletions

File tree

  • src/sinks/file
  • website/cue/reference/components/sinks/generated

src/sinks/file/mod.rs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,9 @@ pub struct FileSinkConfig {
5757
docs::examples = "/tmp/application-{{ application_id }}-%Y-%m-%d.log"
5858
))]
5959
#[configurable(metadata(docs::examples = "/tmp/vector-%Y-%m-%d.log.zst"))]
60+
#[configurable(metadata(
61+
docs::warnings = "The rendered path can resolve to any location on the filesystem. Vector will write to it if the process has permission."
62+
))]
6063
pub path: Template,
6164

6265
/// The amount of time that a file can be idle and stay open.

website/cue/reference/components/sinks/generated/file.cue

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -590,6 +590,7 @@ generated: components: sinks: file: configuration: {
590590
examples: ["/tmp/vector-%Y-%m-%d.log", "/tmp/application-{{ application_id }}-%Y-%m-%d.log", "/tmp/vector-%Y-%m-%d.log.zst"]
591591
syntax: "template"
592592
}
593+
warnings: ["The rendered path can resolve to any location on the filesystem. Vector will write to it if the process has permission."]
593594
}
594595
timezone: {
595596
description: """

0 commit comments

Comments
 (0)