diff options
| -rw-r--r-- | Changes | 2 | ||||
| -rw-r--r-- | lib/App/BorgRestore.pm | 3 | ||||
| -rw-r--r-- | lib/App/BorgRestore/Borg.pm | 1 | ||||
| -rw-r--r-- | lib/App/BorgRestore/DB.pm | 8 | ||||
| -rw-r--r-- | lib/App/BorgRestore/Helper.pm | 4 | ||||
| -rw-r--r-- | t/helper/untaint.t | 19 |
6 files changed, 6 insertions, 31 deletions
@@ -1,6 +1,8 @@ Revision history for Perl extension App-BorgRestore {{$NEXT}} + - Remove archive name untaint restrictions (remove untaint_archive_name + function) 3.3.0 2019-02-07T16:18:41Z - Support borg list's --prefix option via $borg_prefix setting diff --git a/lib/App/BorgRestore.pm b/lib/App/BorgRestore.pm index afbe918..2ae0a09 100644 --- a/lib/App/BorgRestore.pm +++ b/lib/App/BorgRestore.pm @@ -329,7 +329,6 @@ process during method execution since this is required by C<`borg extract`>. method restore($path, $archive, $destination) { $destination = App::BorgRestore::Helper::untaint($destination, qr(.*)); $path = App::BorgRestore::Helper::untaint($path, qr(.*)); - my $archive_name = App::BorgRestore::Helper::untaint_archive_name($archive->{archive}); $log->infof("Restoring %s to %s from archive %s", $path, $destination, $archive->{archive}); @@ -346,7 +345,7 @@ method restore($path, $archive, $destination) { $final_destination = App::BorgRestore::Helper::untaint($final_destination, qr(.*)); $log->debugf("Removing %s", $final_destination); File::Path::remove_tree($final_destination); - $self->{deps}->{borg}->restore($components_to_strip, $archive_name, $path); + $self->{deps}->{borg}->restore($components_to_strip, $archive->{archive}, $path); } $log->debugf("CWD is %s", getcwd()); } diff --git a/lib/App/BorgRestore/Borg.pm b/lib/App/BorgRestore/Borg.pm index def6b9c..24c0608 100644 --- a/lib/App/BorgRestore/Borg.pm +++ b/lib/App/BorgRestore/Borg.pm @@ -116,6 +116,7 @@ method borg_list_time() { method restore($components_to_strip, $archive_name, $path) { $log->debugf("Restoring '%s' from archive %s, stripping %d components of the path", $path, $archive_name, $components_to_strip); + $archive_name = App::BorgRestore::Helper::untaint($archive_name, qr(.*)); system(qw(borg extract -v --strip-components), $components_to_strip, $self->{borg_repo}."::".$archive_name, $path); } diff --git a/lib/App/BorgRestore/DB.pm b/lib/App/BorgRestore/DB.pm index fe85c4d..cb51ce1 100644 --- a/lib/App/BorgRestore/DB.pm +++ b/lib/App/BorgRestore/DB.pm @@ -125,10 +125,8 @@ method get_archive_row_count() { } method add_archive_name($archive) { - $archive = App::BorgRestore::Helper::untaint_archive_name($archive); - my $st = $self->{dbh}->prepare('insert into `archives` (`archive_name`) values (?);'); - $st->execute($archive); + $st->execute(App::BorgRestore::Helper::untaint($archive, qr(.*))); $self->_add_column_to_table("files", $archive); } @@ -139,8 +137,6 @@ method _add_column_to_table($table, $column) { } method remove_archive($archive) { - $archive = App::BorgRestore::Helper::untaint_archive_name($archive); - my $archive_id = $self->get_archive_id($archive); my @keep_archives = grep {$_ ne $archive;} @{$self->get_archive_names()}; @@ -172,7 +168,7 @@ method remove_archive($archive) { } my $st = $self->{dbh}->prepare('delete from `archives` where `archive_name` = ?;'); - $st->execute($archive); + $st->execute(App::BorgRestore::Helper::untaint($archive, qr(.*))); } method get_archive_id($archive) { diff --git a/lib/App/BorgRestore/Helper.pm b/lib/App/BorgRestore/Helper.pm index 869d4ee..7df250d 100644 --- a/lib/App/BorgRestore/Helper.pm +++ b/lib/App/BorgRestore/Helper.pm @@ -23,10 +23,6 @@ fun untaint($data, $regex) { return $1; } -fun untaint_archive_name($archive) { - return untaint($archive, qr([a-zA-Z0-9-:+\.]+)); -} - fun format_timestamp($timestamp) { return POSIX::strftime "%a. %F %H:%M:%S %z", localtime $timestamp; } diff --git a/t/helper/untaint.t b/t/helper/untaint.t deleted file mode 100644 index 0c2e36a..0000000 --- a/t/helper/untaint.t +++ /dev/null @@ -1,19 +0,0 @@ -use strictures 2; - -use Log::Any::Adapter ('TAP'); -use Test::More; -use Test::Exception; - -use App::BorgRestore::Helper; - -ok(App::BorgRestore::Helper::untaint_archive_name('abc-1234:5+1') eq 'abc-1234:5+1'); -ok(App::BorgRestore::Helper::untaint_archive_name('abc') eq 'abc'); -ok(App::BorgRestore::Helper::untaint_archive_name('root-2016-09-30T15+02:00.checkpoint') eq 'root-2016-09-30T15+02:00.checkpoint'); - -dies_ok(sub{App::BorgRestore::Helper::untaint_archive_name('abc`"\'')}, 'special chars not allowed'); -dies_ok(sub{App::BorgRestore::Helper::untaint_archive_name('abc`')}, 'special chars not allowed'); -dies_ok(sub{App::BorgRestore::Helper::untaint_archive_name('abc"')}, 'special chars not allowed'); -dies_ok(sub{App::BorgRestore::Helper::untaint_archive_name('abc\'')}, 'special chars not allowed'); - - -done_testing; |