diff options
| author | Nigel Kukard <nkukard@lbsd.net> | 2013-11-04 22:06:27 +0000 |
|---|---|---|
| committer | Nigel Kukard <nkukard@lbsd.net> | 2013-11-04 22:09:03 +0000 |
| commit | c46eaca91247ccf8e6fb3b691dad028e1b084ae3 (patch) | |
| tree | faed085ef880760223d9b702ed7399fe84062b83 /lib/backup | |
| parent | ee0e9830c1c1e4c54fd0b18fadef50f76c3680a4 (diff) | |
| download | gitlab-ce-c46eaca91247ccf8e6fb3b691dad028e1b084ae3.tar.gz | |
More escaping
- Database name may contain characters which are not shell friendly
- Database password could contain the same
- While we at it there is no harm in escaping generated paths too
- Refactored 2-line system(command)
Signed-off-by: Nigel Kukard <nkukard@lbsd.net>
Diffstat (limited to 'lib/backup')
| -rw-r--r-- | lib/backup/database.rb | 11 | ||||
| -rw-r--r-- | lib/backup/repository.rb | 9 |
2 files changed, 11 insertions, 9 deletions
diff --git a/lib/backup/database.rb b/lib/backup/database.rb index c4fb2e2e159..6ada5bb4ea2 100644 --- a/lib/backup/database.rb +++ b/lib/backup/database.rb @@ -1,4 +1,5 @@ require 'yaml' +require 'shellwords' module Backup class Database @@ -13,20 +14,20 @@ module Backup def dump case config["adapter"] when /^mysql/ then - system("mysqldump #{mysql_args} #{config['database']} > #{db_file_name}") + system("mysqldump #{mysql_args} #{Shellwords.shellescape(config['database'])} > #{Shellwords.shellescape(db_file_name)}") when "postgresql" then pg_env - system("pg_dump #{config['database']} > #{db_file_name}") + system("pg_dump #{Shellwords.shellescape(config['database'])} > #{db_file_name}") end end def restore case config["adapter"] when /^mysql/ then - system("mysql #{mysql_args} #{config['database']} < #{db_file_name}") + system("mysql #{mysql_args} #{Shellwords.shellescape(config['database'])} < #{db_file_name}") when "postgresql" then pg_env - system("psql #{config['database']} -f #{db_file_name}") + system("psql #{Shellwords.shellescape(config['database'])} -f #{Shellwords.shellescape(db_file_name)}") end end @@ -45,7 +46,7 @@ module Backup 'encoding' => '--default-character-set', 'password' => '--password' } - args.map { |opt, arg| "#{arg}='#{config[opt]}'" if config[opt] }.compact.join(' ') + args.map { |opt, arg| "#{arg}=#{Shellwords.shellescape(config[opt])}" if config[opt] }.compact.join(' ') end def pg_env diff --git a/lib/backup/repository.rb b/lib/backup/repository.rb index 252201f11be..3649ff99d24 100644 --- a/lib/backup/repository.rb +++ b/lib/backup/repository.rb @@ -1,4 +1,5 @@ require 'yaml' +require 'shellwords' module Backup class Repository @@ -18,7 +19,7 @@ module Backup # Create namespace dir if missing FileUtils.mkdir_p(File.join(backup_repos_path, project.namespace.path)) if project.namespace - if system("cd #{path_to_repo(project)} > /dev/null 2>&1 && git bundle create #{path_to_bundle(project)} --all > /dev/null 2>&1") + if system("cd #{Shellwords.shellescape(path_to_repo(project))} > /dev/null 2>&1 && git bundle create #{Shellwords.shellescape(path_to_bundle(project))} --all > /dev/null 2>&1") puts "[DONE]".green else puts "[FAILED]".red @@ -30,7 +31,7 @@ module Backup print " * #{wiki.path_with_namespace} ... " if wiki.empty? puts " [SKIPPED]".cyan - elsif system("cd #{path_to_repo(wiki)} > /dev/null 2>&1 && git bundle create #{path_to_bundle(wiki)} --all > /dev/null 2>&1") + elsif system("cd #{Shellwords.shellescape(path_to_repo(wiki))} > /dev/null 2>&1 && git bundle create #{Shellwords.shellescape(path_to_bundle(wiki))} --all > /dev/null 2>&1") puts " [DONE]".green else puts " [FAILED]".red @@ -53,7 +54,7 @@ module Backup project.namespace.ensure_dir_exist if project.namespace - if system("git clone --bare #{path_to_bundle(project)} #{path_to_repo(project)} > /dev/null 2>&1") + if system("git clone --bare #{Shellwords.shellescape(path_to_bundle(project))} #{Shellwords.shellescape(path_to_repo(project))} > /dev/null 2>&1") puts "[DONE]".green else puts "[FAILED]".red @@ -63,7 +64,7 @@ module Backup if File.exists?(path_to_bundle(wiki)) print " * #{wiki.path_with_namespace} ... " - if system("git clone --bare #{path_to_bundle(wiki)} #{path_to_repo(wiki)} > /dev/null 2>&1") + if system("git clone --bare #{Shellwords.shellescape(path_to_bundle(wiki))} #{Shellwords.shellescape(path_to_repo(wiki))} > /dev/null 2>&1") puts " [DONE]".green else puts " [FAILED]".red |