Commit c46eaca9 authored by Nigel Kukard's avatar Nigel Kukard

More escaping

- Database name may contain characters which are not shell friendly
- Database password could contain the same
- While we at it there is no harm in escaping generated paths too
- Refactored 2-line system(command)
Signed-off-by: default avatarNigel Kukard <nkukard@lbsd.net>
parent ee0e9830
require 'yaml' require 'yaml'
require 'shellwords'
module Backup module Backup
class Database class Database
...@@ -13,20 +14,20 @@ module Backup ...@@ -13,20 +14,20 @@ module Backup
def dump def dump
case config["adapter"] case config["adapter"]
when /^mysql/ then when /^mysql/ then
system("mysqldump #{mysql_args} #{config['database']} > #{db_file_name}") system("mysqldump #{mysql_args} #{Shellwords.shellescape(config['database'])} > #{Shellwords.shellescape(db_file_name)}")
when "postgresql" then when "postgresql" then
pg_env pg_env
system("pg_dump #{config['database']} > #{db_file_name}") system("pg_dump #{Shellwords.shellescape(config['database'])} > #{db_file_name}")
end end
end end
def restore def restore
case config["adapter"] case config["adapter"]
when /^mysql/ then when /^mysql/ then
system("mysql #{mysql_args} #{config['database']} < #{db_file_name}") system("mysql #{mysql_args} #{Shellwords.shellescape(config['database'])} < #{db_file_name}")
when "postgresql" then when "postgresql" then
pg_env pg_env
system("psql #{config['database']} -f #{db_file_name}") system("psql #{Shellwords.shellescape(config['database'])} -f #{Shellwords.shellescape(db_file_name)}")
end end
end end
...@@ -45,7 +46,7 @@ module Backup ...@@ -45,7 +46,7 @@ module Backup
'encoding' => '--default-character-set', 'encoding' => '--default-character-set',
'password' => '--password' 'password' => '--password'
} }
args.map { |opt, arg| "#{arg}='#{config[opt]}'" if config[opt] }.compact.join(' ') args.map { |opt, arg| "#{arg}=#{Shellwords.shellescape(config[opt])}" if config[opt] }.compact.join(' ')
end end
def pg_env def pg_env
......
require 'yaml' require 'yaml'
require 'shellwords'
module Backup module Backup
class Repository class Repository
...@@ -18,7 +19,7 @@ module Backup ...@@ -18,7 +19,7 @@ module Backup
# Create namespace dir if missing # Create namespace dir if missing
FileUtils.mkdir_p(File.join(backup_repos_path, project.namespace.path)) if project.namespace FileUtils.mkdir_p(File.join(backup_repos_path, project.namespace.path)) if project.namespace
if system("cd #{path_to_repo(project)} > /dev/null 2>&1 && git bundle create #{path_to_bundle(project)} --all > /dev/null 2>&1") if system("cd #{Shellwords.shellescape(path_to_repo(project))} > /dev/null 2>&1 && git bundle create #{Shellwords.shellescape(path_to_bundle(project))} --all > /dev/null 2>&1")
puts "[DONE]".green puts "[DONE]".green
else else
puts "[FAILED]".red puts "[FAILED]".red
...@@ -30,7 +31,7 @@ module Backup ...@@ -30,7 +31,7 @@ module Backup
print " * #{wiki.path_with_namespace} ... " print " * #{wiki.path_with_namespace} ... "
if wiki.empty? if wiki.empty?
puts " [SKIPPED]".cyan puts " [SKIPPED]".cyan
elsif system("cd #{path_to_repo(wiki)} > /dev/null 2>&1 && git bundle create #{path_to_bundle(wiki)} --all > /dev/null 2>&1") elsif system("cd #{Shellwords.shellescape(path_to_repo(wiki))} > /dev/null 2>&1 && git bundle create #{Shellwords.shellescape(path_to_bundle(wiki))} --all > /dev/null 2>&1")
puts " [DONE]".green puts " [DONE]".green
else else
puts " [FAILED]".red puts " [FAILED]".red
...@@ -53,7 +54,7 @@ module Backup ...@@ -53,7 +54,7 @@ module Backup
project.namespace.ensure_dir_exist if project.namespace project.namespace.ensure_dir_exist if project.namespace
if system("git clone --bare #{path_to_bundle(project)} #{path_to_repo(project)} > /dev/null 2>&1") if system("git clone --bare #{Shellwords.shellescape(path_to_bundle(project))} #{Shellwords.shellescape(path_to_repo(project))} > /dev/null 2>&1")
puts "[DONE]".green puts "[DONE]".green
else else
puts "[FAILED]".red puts "[FAILED]".red
...@@ -63,7 +64,7 @@ module Backup ...@@ -63,7 +64,7 @@ module Backup
if File.exists?(path_to_bundle(wiki)) if File.exists?(path_to_bundle(wiki))
print " * #{wiki.path_with_namespace} ... " print " * #{wiki.path_with_namespace} ... "
if system("git clone --bare #{path_to_bundle(wiki)} #{path_to_repo(wiki)} > /dev/null 2>&1") if system("git clone --bare #{Shellwords.shellescape(path_to_bundle(wiki))} #{Shellwords.shellescape(path_to_repo(wiki))} > /dev/null 2>&1")
puts " [DONE]".green puts " [DONE]".green
else else
puts " [FAILED]".red puts " [FAILED]".red
......
require "spec_helper" require "spec_helper"
require "shellwords"
describe GollumWiki do describe GollumWiki do
def create_temp_repo(path) def create_temp_repo(path)
FileUtils.mkdir_p path FileUtils.mkdir_p path
command = "git init --quiet #{path};" system("git init --quiet #{Shellwords.shellescape(path)}")
system(command)
end end
def remove_temp_repo(path) def remove_temp_repo(path)
......
require "spec_helper" require "spec_helper"
require "shellwords"
describe WikiPage do describe WikiPage do
def create_temp_repo(path) def create_temp_repo(path)
FileUtils.mkdir_p path FileUtils.mkdir_p path
command = "git init --quiet #{path};" system("git init --quiet #{Shellwords.shellescape(path)}")
system(command)
end end
def remove_temp_repo(path) def remove_temp_repo(path)
......
require 'rspec/mocks' require 'rspec/mocks'
require 'shellwords'
module TestEnv module TestEnv
extend self extend self
...@@ -102,7 +103,7 @@ module TestEnv ...@@ -102,7 +103,7 @@ module TestEnv
repo = repo(namespace, name) repo = repo(namespace, name)
# Symlink tmp/repositories/gitlabhq to tmp/test-git-base-path/gitlabhq # Symlink tmp/repositories/gitlabhq to tmp/test-git-base-path/gitlabhq
system("ln -s -f #{seed_repo_path()} #{repo}") system("ln -s -f #{Shellwords.shellescape(seed_repo_path())} #{Shellwords.shellescape(repo)}")
create_satellite(repo, namespace, name) create_satellite(repo, namespace, name)
end end
...@@ -166,12 +167,11 @@ module TestEnv ...@@ -166,12 +167,11 @@ module TestEnv
# Symlink tmp/satellite/gitlabhq to tmp/test-git-base-path/satellite/gitlabhq, create the directory if it doesn't exist already # Symlink tmp/satellite/gitlabhq to tmp/test-git-base-path/satellite/gitlabhq, create the directory if it doesn't exist already
satellite_dir = File.dirname(satellite_repo) satellite_dir = File.dirname(satellite_repo)
FileUtils.mkdir_p(satellite_dir) unless File.exists?(satellite_dir) FileUtils.mkdir_p(satellite_dir) unless File.exists?(satellite_dir)
system("ln -s -f #{seed_satellite_path} #{satellite_repo}") system("ln -s -f #{Shellwords.shellescape(seed_satellite_path)} #{Shellwords.shellescape(satellite_repo)}")
end end
def create_temp_repo(path) def create_temp_repo(path)
FileUtils.mkdir_p path FileUtils.mkdir_p path
command = "git init --quiet --bare #{path};" system("git init --quiet --bare #{Shellwords.shellescape(path)}")
system(command)
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment