ssi_all: use triple-brace templating (elastic#11284)

The mustache templating system used by ingest pipelines has two levels of
escaping available, not escaped (triple stache) and HTML escaped
(double stache) — see man mustache[1] under "tag types: variables". This can
lead to data corruption, particularly in cases where an operating system has
chosen to use a character requiring escaping in its path syntax.

The cloudflare package is omitted from this set of changes due to ci
difficulties with its system tests.

[1]http://mustache.github.io/mustache.5.html

[git-generate]
for f in $(
	(
		for p in $(
			yq 'select(.owner.github == "elastic/security-service-integrations")|.name' packages/**/manifest.yml \
			| grep -v -- '---'
		); do
			rg -l -g '*.yml' ": ('\{\{[^{][ .a-zA-Z0-9_]*[^}]}}'|\"\{\{[^{][ .a-zA-Z0-9_]*[^}]}}\")" packages/$p
		done
	)|grep -v "cloudflare"|grep "elasticsearch/ingest_pipeline"|sort|uniq
); do
	sed -i -r "s/: (['\"])\{\{([^{][ .a-zA-Z0-9_]*[^}])}}['\"]/: \1{{{\2}}}\1/g" $f
done
for p in $(git diff --name-only HEAD~1|cut -d/ -f1,2|sort|uniq); do
	(
		cd $p
		elastic-package test pipeline -g
		elastic-package changelog add \
			--description "Use triple-brace Mustache templating when referencing variables in ingest pipelines." \
			--type bugfix \
			--next patch \
			--link elastic#11284
	)>/dev/null 2>&1
done

Author: efd6

packages/1password/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.30.1"
+  changes:
+    - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11284
 - version: "1.30.0"
   changes:
     - description: "Allow @custom pipeline access to event.original without setting preserve_original_event."

packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml

@@ -40,22 +40,22 @@ processors:
   #########################
   - append:
       field: related.user
-      value: "{{onepassword.user.uuid}}"
+      value: "{{{onepassword.user.uuid}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.user?.uuid != null
   - append:
       field: related.user
-      value: "{{onepassword.user.email}}"
+      value: "{{{onepassword.user.email}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.user?.email != null
   - append:
       field: related.user
-      value: "{{onepassword.user.name}}"
+      value: "{{{onepassword.user.name}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.user?.name != null
   - append:
       field: related.ip
-      value: "{{onepassword.client.ip_address}}"
+      value: "{{{onepassword.client.ip_address}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.client?.ip_address != null
   ######################

packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml

@@ -50,22 +50,22 @@ processors:
   #########################
   - append:
       field: related.user
-      value: "{{onepassword.target_user.uuid}}"
+      value: "{{{onepassword.target_user.uuid}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.target_user?.uuid != null
   - append:
       field: related.user
-      value: "{{onepassword.target_user.email}}"
+      value: "{{{onepassword.target_user.email}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.target_user?.email != null
   - append:
       field: related.user
-      value: "{{onepassword.target_user.name}}"
+      value: "{{{onepassword.target_user.name}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.target_user?.name != null
   - append:
       field: related.ip
-      value: "{{onepassword.client.ip_address}}"
+      value: "{{{onepassword.client.ip_address}}}"
       allow_duplicates: false
       if: ctx?.onepassword?.client?.ip_address != null
   ######################

packages/1password/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: 1password
 title: "1Password"
-version: "1.30.0"
+version: "1.30.1"
 description: Collect logs from 1Password with Elastic Agent.
 type: integration
 categories:

packages/akamai/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.25.2"
+  changes:
+    - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11284
 - version: "2.25.1"
   changes:
     - description: Fix definition of subfields of nested objects

packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml

@@ -426,7 +426,7 @@ processors:
   ##
   - append:
       field: related.ip
-      value: "{{source.ip}}"
+      value: "{{{source.ip}}}"
       allow_duplicates: false
   - set:
       field: client

packages/akamai/manifest.yml

@@ -1,6 +1,6 @@
 name: akamai
 title: Akamai
-version: "2.25.1"
+version: "2.25.2"
 description: Collect logs from Akamai with Elastic Agent.
 type: integration
 format_version: "3.0.2"

packages/atlassian_bitbucket/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.2.1"
+  changes:
+    - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11284
 - version: "2.2.0"
   changes:
     - description: "Allow @custom pipeline access to event.original without setting preserve_original_event."

packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml

@@ -386,27 +386,27 @@ processors:
         }
   - append:
       field: related.user
-      value: '{{user.name}}'
+      value: '{{{user.name}}}'
       allow_duplicates: false
       if: ctx.user?.name != null
   - append:
       field: related.user
-      value: '{{user.target.name}}'
+      value: '{{{user.target.name}}}'
       allow_duplicates: false
       if: ctx.user?.target?.name != null
   - append:
       field: related.user
-      value: '{{user.changes.name}}'
+      value: '{{{user.changes.name}}}'
       allow_duplicates: false
       if: ctx.user?.changes?.name != null
   - append:
       field: related.ip
-      value: '{{source.ip}}'
+      value: '{{{source.ip}}}'
       allow_duplicates: false
       if: ctx.source?.ip != null
   - append:
       field: related.hosts
-      value: '{{_tmp.service.domain}}'
+      value: '{{{_tmp.service.domain}}}'
       allow_duplicates: false
       if: ctx._tmp?.service?.domain != null
   - remove:

packages/atlassian_bitbucket/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: atlassian_bitbucket
 title: Atlassian Bitbucket
-version: "2.2.0"
+version: "2.2.1"
 description: Collect logs from Atlassian Bitbucket with Elastic Agent.
 type: integration
 categories: