Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

backup: add additional verification of backup header

Browse Source 
Ensure only alphanumeric characters are used.
This commit is contained in:
Marek Marczykowski-Górecki 2016-03-14 12:16:23 +01:00 committed by Wojtek Porczyk
parent 3342f637f4
commit 595dfdc0a9
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
qubes/backup.py
View File

@ -126,9 +126,13 @@ class BackupHeader(object):
if untrusted_line.count('=') != 1: if untrusted_line.count('=') != 1:
raise qubes.exc.QubesException("Invalid backup header") raise qubes.exc.QubesException("Invalid backup header")
(key, value) = untrusted_line.strip().split('=') (key, value) = untrusted_line.strip().split('=')
if not re.match(r"^[a-zA-Z0-9-]*$", key):
raise qubes.exc.QubesException("Invalid backup header (key)")
if key not in self.header_keys.keys(): if key not in self.header_keys.keys():
# Ignoring unknown option # Ignoring unknown option
continue continue
if not re.match(r"^[a-zA-Z0-9-]*$", value):
raise qubes.exc.QubesException("Invalid backup header (value)")
if getattr(self, self.header_keys[key]) is not None: if getattr(self, self.header_keys[key]) is not None:
raise qubes.exc.QubesException( raise qubes.exc.QubesException(
"Duplicated header line: {}".format(key)) "Duplicated header line: {}".format(key))