Skip to content

Commit

Permalink
replace starting dot and slashes in db names
Browse files Browse the repository at this point in the history
since the name of the database is used in the file name, it could be
used to forge bad path. So prepend the db name with a _ if it starts
with a dot to avoid hidden files and replace any slash (os separator) by
an underscore to avoid creating directories
  • Loading branch information
orgrim committed Dec 17, 2021
1 parent ff86328 commit 6339b4b
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
18 changes: 18 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -672,9 +672,27 @@ func relPath(basedir, path string) string {
return target
}

func cleanDBName(dbname string) string {
// We do not want a database name starting with a dot to avoid creating hidden files
if strings.HasPrefix(dbname, ".") {
dbname = "_" + dbname
}

// If there is a path separator in the database name, we do not want to
// create the dump in a subdirectory or in a parent directory
if strings.ContainsRune(dbname, os.PathSeparator) {
dbname = strings.ReplaceAll(dbname, string(os.PathSeparator), "_")
}

return dbname
}

func formatDumpPath(dir string, timeFormat string, suffix string, dbname string, when time.Time) string {
var f, s, d string

// Avoid attacks on the database name
dbname = cleanDBName(dbname)

d = dir
if dbname != "" {
d = strings.Replace(dir, "{dbname}", dbname, -1)
Expand Down
4 changes: 2 additions & 2 deletions purge.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ func purgeDumps(directory string, dbname string, keep int, limit time.Time) erro
return fmt.Errorf("could not purge %s: %s", dirpath, err)
}

if strings.HasPrefix(f[0].Name(), dbname+"_") &&
if strings.HasPrefix(f[0].Name(), cleanDBName(dbname)+"_") &&
(!f[0].IsDir() || strings.HasSuffix(f[0].Name(), ".d")) {
dirContents = append(dirContents, f[0])
}
Expand Down Expand Up @@ -101,7 +101,7 @@ func purgeRemoteDumps(repo Repo, directory string, dbname string, keep int, limi
// remote path along with any subdirectory. So we have to include it in
// the filter when listing remote files
dirpath := filepath.Dir(formatDumpPath(directory, "", "", dbname, time.Time{}))
prefix := relPath(directory, filepath.Join(dirpath, dbname))
prefix := relPath(directory, filepath.Join(dirpath, cleanDBName(dbname)))

files, err := repo.List(prefix)
if err != nil {
Expand Down

0 comments on commit 6339b4b

Please sign in to comment.