Explicitly check for YAML special characters.

x-pack/plugins/fleet/server/services/epm/agent/agent.test.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { safeDump, safeLoad } from 'js-yaml';
 import { compileTemplate } from './agent';
 
 describe('compileTemplate', () => {
@@ -183,28 +184,75 @@ input: logs
   it('should escape string values when necessary', () => {
     const stringTemplate = `
 my-package:
-    specialchar: {{specialchar}}
-    specialarray: {{specialarray}}
+    opencurly: {{opencurly}}
+    closecurly: {{closecurly}}
+    opensquare: {{opensquare}}
+    closesquare: {{closesquare}}
+    ampersand: {{ampersand}}
+    asterisk: {{asterisk}}
+    question: {{question}}
+    pipe: {{pipe}}
+    hyphen: {{hyphen}}
+    openangle: {{openangle}}
+    closeangle: {{closeangle}}
+    equals: {{equals}}
+    exclamation: {{exclamation}}
+    percent: {{percent}}
+    at: {{at}}
+    colon: {{colon}}
     numeric: {{numeric}}
     mixed: {{mixed}}`;
 
+    // List of special chars that may lead to YAML parsing errors when not quoted.
+    // See YAML specification section 5.3 Indicator characters
+    // https://yaml.org/spec/1.2/spec.html#id2772075
+    // {,},[,],&,*,?,|,-,<,>,=,!,%,@,:
     const vars = {
-      specialchar: { value: '*', type: 'string' },
-      specialarray: { value: ['*'], type: 'string' },
+      opencurly: { value: '{', type: 'string' },
+      closecurly: { value: '}', type: 'string' },
+      opensquare: { value: '[', type: 'string' },
+      closesquare: { value: ']', type: 'string' },
+      comma: { value: ',', type: 'string' },
+      ampersand: { value: '&', type: 'string' },
+      asterisk: { value: '*', type: 'string' },
+      question: { value: '?', type: 'string' },
+      pipe: { value: '|', type: 'string' },
+      hyphen: { value: '-', type: 'string' },
+      openangle: { value: '<', type: 'string' },
+      closeangle: { value: '>', type: 'string' },
+      equals: { value: '=', type: 'string' },
+      exclamation: { value: '!', type: 'string' },
+      percent: { value: '%', type: 'string' },
+      at: { value: '@', type: 'string' },
+      colon: { value: ':', type: 'string' },
       numeric: { value: '100', type: 'string' },
-      mixed: { value: 'localhost:8200', type: 'string' },
+      mixed: { value: '1s', type: 'string' },
     };
 
     const targetOutput = {
       'my-package': {
-        specialchar: '*',
-        specialarray: '*',
+        opencurly: '{',
+        closecurly: '}',
+        opensquare: '[',
+        closesquare: ']',
+        ampersand: '&',
+        asterisk: '*',
+        question: '?',
+        pipe: '|',
+        hyphen: '-',
+        openangle: '<',
+        closeangle: '>',
+        equals: '=',
+        exclamation: '!',
+        percent: '%',
+        at: '@',
+        colon: ':',
         numeric: '100',
-        mixed: 'localhost:8200',
+        mixed: '1s',
       },
     };
-    const output = compileTemplate(vars, stringTemplate);
 
+    const output = compileTemplate(vars, stringTemplate);
     expect(output).toEqual(targetOutput);
   });
 });

x-pack/plugins/fleet/server/services/epm/agent/agent.ts

@@ -58,7 +58,16 @@ function replaceVariablesInYaml(yamlVariables: { [k: string]: any }, yaml: any)
 }
 
 const maybeEscapeString = (value: string) => {
-  return safeDump(value);
+  // List of special chars that may lead to YAML parsing errors when not quoted.
+  // See YAML specification section 5.3 Indicator characters
+  // https://yaml.org/spec/1.2/spec.html#id2772075
+  const yamlSpecialCharsRegex = /[{}\[\],&*?|\-<>=!%@:]/;
+
+  // In addition, numeric strings need to be quoted to stay strings.
+  if ((value.length && !isNaN(+value)) || value.match(yamlSpecialCharsRegex)) {
+    return `"${value}"`;
+  }
+  return value;
 };
 
 function buildTemplateVariables(variables: PackagePolicyConfigRecord, templateStr: string) {