From 62267518b83ddbc32078763740cbe3ad7c470a49 Mon Sep 17 00:00:00 2001
From: Justin Garrison <justin@linux.com>
Date: Thu, 14 Sep 2023 12:17:09 -0700
Subject: [PATCH 1/2] Fix systemd unit string matchs

---
 pkg/kubelet/kubelet_server_journal.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/kubelet/kubelet_server_journal.go b/pkg/kubelet/kubelet_server_journal.go
index bf3114519c6..22b0039a2d1 100644
--- a/pkg/kubelet/kubelet_server_journal.go
+++ b/pkg/kubelet/kubelet_server_journal.go
@@ -53,7 +53,7 @@ var (
 	// The set of known safe characters to pass to journalctl / GetWinEvent flags - only add to this list if the
 	// character cannot be used to create invalid sequences. This is intended as a broad defense against malformed
 	// input that could cause an escape.
-	reServiceNameUnsafeCharacters = regexp.MustCompile(`[^a-zA-Z\-_0-9@]+`)
+	reServiceNameUnsafeCharacters = regexp.MustCompile(`[^a-zA-Z\-_.:0-9@]+`)
 )
 
 // journalServer returns text output from the OS specific service logger to view

From 4acaf9ebed70e2cca6f31b17254bf4f1555b987e Mon Sep 17 00:00:00 2001
From: Justin Garrison <justin@linux.com>
Date: Tue, 10 Oct 2023 22:27:44 +0000
Subject: [PATCH 2/2] Add service name tests

---
 pkg/kubelet/kubelet_server_journal_test.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/kubelet/kubelet_server_journal_test.go b/pkg/kubelet/kubelet_server_journal_test.go
index bdcf14a41bb..430a73fc27c 100644
--- a/pkg/kubelet/kubelet_server_journal_test.go
+++ b/pkg/kubelet/kubelet_server_journal_test.go
@@ -130,6 +130,10 @@ func Test_validateServices(t *testing.T) {
 	var (
 		service1 = "svc1"
 		service2 = "svc2"
+		service3 = "svc.foo"
+		service4 = "svc_foo"
+		service5 = "svc@foo"
+		service6 = "svc:foo"
 		invalid1 = "svc\n"
 		invalid2 = "svc.foo\n"
 	)
@@ -140,10 +144,14 @@ func Test_validateServices(t *testing.T) {
 	}{
 		{name: "one service", services: []string{service1}},
 		{name: "two services", services: []string{service1, service2}},
+		{name: "dot service", services: []string{service3}},
+		{name: "underscore service", services: []string{service4}},
+		{name: "at service", services: []string{service5}},
+		{name: "colon service", services: []string{service6}},
 		{name: "invalid service new line", services: []string{invalid1}, wantErr: true},
 		{name: "invalid service with dot", services: []string{invalid2}, wantErr: true},
 		{name: "long service", services: []string{strings.Repeat(service1, 100)}, wantErr: true},
-		{name: "max number of services", services: []string{service1, service2, service1, service2, service1}, wantErr: true},
+		{name: "max number of services", services: []string{service1, service2, service3, service4, service5}, wantErr: true},
 	}
 	for _, tt := range tests {
 		errs := validateServices(tt.services)