Skip to content

Filter on golang returns an error File does not exist on reading file from Accessible_Paths folder set in FILTER configuration section #11177

New issue
New issue
Open
Open
Filter on golang returns an error File does not exist on reading file from Accessible_Paths folder set in FILTER configuration section#11177
Labels
status: waiting-for-triage
@antonakv

Description

@antonakv
antonakv
opened on Nov 18, 2025

Bug Report

Describe the bug

Golang filter returns an error File does not exist on reading file from Accessible_Paths folder set in FILTER configuration section

To Reproduce

  • Compile filter code with tinygo build -target=wasi -o filter.wasm filter.go
  • Copy filter to the wasm folder sudo cp filter.wasm /etc/fluent-bit/wasm
  • Restart fluent bit sudo systemctl restart fluent-bit
  • Check logs sudo journalctl -u fluent-bit

filter.go

package main

import (
	"fmt"
	"os"
	"strings"
	"unsafe"

	"github.com/valyala/fastjson"
)

//export go_filter
func go_filter(tag *uint8, tag_len uint, time_sec uint, time_nsec uint, record *uint8, record_len uint) *uint8 {

	brecord := unsafe.Slice(record, record_len)
	var fileList []string

	filePath := "/etc/fluent-bit/wasm/list.txt"

	data, err := os.ReadFile(filePath)
	if err != nil {
		fmt.Printf("Error reading file: %v\n", err)
		return nil
	}

	lines := strings.Split(string(data), "\n")
	for _, line := range lines {
		line = strings.TrimSpace(line)
		if line != "" {
			fileList = append(fileList, line)
		}
	}

	br := string(brecord)
	var p fastjson.Parser
	value, err := p.Parse(br)
	if err != nil {
		fmt.Println(err)
		return nil
	}
	obj, err := value.Object()
	if err != nil {
		fmt.Println(err)
		return nil
	}

	s := obj.String()          // adjust record length
	rv := append([]byte(s), 0) // Append null terminator
	return &rv[0]
}

func main() {}

Expected behavior

Filter can read the file placed to folder from Accessible_Paths with os.ReadFile call

Your Environment

  • Version used: 4.0.3
  • Configuration:
    /etc/fluent-bit/fluent-bit.conf
[SERVICE]
    flush        1
    daemon       Off
    log_level    debug
    parsers_file parsers.conf
    plugins_file plugins.conf
    http_server  Off
    http_listen  0.0.0.0
    http_port    2020
    storage.metrics off
    storage.path /tmp/storage

[INPUT]
    Name        tail
    Tag           fastlog
    Path          /var/log/fast.log
    Read_from_Head On

[FILTER]
    Name          	wasm
    Match               fastlog
    Wasm_Path           /etc/fluent-bit/wasm/filter.wasm
    Function_Name       go_filter
    Event_Format        json
    Wasm_Heap_Size      4194304
    Wasm_Stack_Size     131072
    Accessible_Paths    .,/etc/fluent-bit/wasm/

[OUTPUT]
    Name  stdout
    Match *

Environment name and version: systemd 252.36-1~deb12u1
Operating System and version: Debian 12, Linux debian 6.1.0-32-arm64 1 SMP Debian 6.1.129-1 (2025-03-06) aarch64 GNU/Linux
Filters and plugins: golang filter

Additional context

  • Unexpected behaviour of filter can pose security risk or there are signs of not documented functionality

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions