[9.2](backport #48863) x-pack/filebeat/input/internal/httplog: tighten request trace logging path checks

[mergify]

Proposed commit message

x-pack/filebeat/input/internal/httplog: tighten request trace logging path checks

The IsPathIn function was allowing access to the immediate parent
directory because filepath.Rel returns ".." which does not start with
the prefix "../" (Unix) or "..\" (Windows).

This change adds an explicit check to ensure the relative path is not
exactly ".." before checking for the prefix.

This fix prevents a configuration where the log path could be set to the
parent directory of the allowed root. While this corrects the validation
logic, the impact is minor because attempting to create a log file where
a directory already exists would fail with an error (e.g.  EISDIR / "is
a directory").

Also extend the input path checks to after logging path template expansion.
The current checks look at the path templates, add an extra check
immediately after expanding the template to ensure that no placeholder
replacement has evaded the config check.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
• I have added an entry in ./changelog/fragments using the changelog tool.

Disruptive User Impact

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Ref x-pack/filebeat/input/internal/httplog: fix resolveSymlinks error handling on windows #48754 (comment)

Use cases

Screenshots

Logs

---

This is an automatic backport of pull request #48863 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of 8de6b1f has failed:

On branch mergify/bp/9.2/pr-48863
Your branch is up to date with 'origin/9.2'.

You are currently cherry-picking commit 8de6b1fe4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   changelog/fragments/1771188539-48719-httplog.yaml
	modified:   x-pack/filebeat/input/cel/input_test.go
	modified:   x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go
	modified:   x-pack/filebeat/input/entityanalytics/provider/jamf/jamf.go
	modified:   x-pack/filebeat/input/entityanalytics/provider/okta/okta.go
	modified:   x-pack/filebeat/input/http_endpoint/input.go
	modified:   x-pack/filebeat/input/httpjson/input.go
	modified:   x-pack/filebeat/input/httpjson/input_test.go
	modified:   x-pack/filebeat/input/internal/httplog/roundtripper.go
	modified:   x-pack/filebeat/input/internal/httplog/roundtripper_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   x-pack/filebeat/input/cel/input.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)