skytable
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 1 deletion b/‎.gitignore‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.idea/workspace.xml‎
Lines changed: 75 additions & 0 deletions b/‎.idea/workspace.xml‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 22 additions & 19 deletions b/‎Cargo.lock‎
Lines changed: 22 additions & 19 deletions
diff --git a/‎server/src/admin/mksnap.rs‎
Lines changed: 21 additions & 2 deletions b/‎server/src/admin/mksnap.rs‎
Lines changed: 21 additions & 2 deletions
diff --git a/‎server/src/cli.yml‎
Lines changed: 76 additions & 78 deletions b/‎server/src/cli.yml‎
Lines changed: 76 additions & 78 deletions
@@ -3,4 +3,5 @@
 data.bin
 /server/snapshots
 snapstore.bin
-snapstore.partmap
+snapstore.partmap
+/snapshots 
@@ -34,7 +34,7 @@ use crate::resp::GroupBegin;
 use libsky::terrapipe::RespCodes;
 use libsky::TResult;
 use std::hint::unreachable_unchecked;
-use std::path::PathBuf;
+use std::path::{Component, PathBuf};
 
 /// Create a snapshot
 ///
@@ -121,6 +121,25 @@ pub async fn mksnap(handle: &CoreDB, con: &mut Con<'_>, act: ActionGroup) -> TRe
             let mut path = PathBuf::from(DIR_SNAPSHOT);
             path.push("remote");
             path.push(snapname.to_owned() + ".snapshot");
+            let illegal_snapshot = path
+                .components()
+                .filter(|dir| {
+                    // Sanitize snapshot name, to avoid directory traversal attacks
+                    // If the snapshot name has any root directory or parent directory, then
+                    // we'll allow it to pass through this adaptor.
+                    // As a result, this iterator will give us a count of the 'bad' components
+                    dir == &Component::RootDir || dir == &Component::ParentDir
+                })
+                .count()
+                != 0;
+            if illegal_snapshot {
+                con.write_response(GroupBegin(1)).await?;
+                return con
+                    .write_response(RespCodes::OtherError(Some(
+                        "err-invalid-snapshot-name".to_owned(),
+                    )))
+                    .await;
+            }
             let failed;
             {
                 match diskstore::flush_data(&path, &handle.acquire_read().get_ref()) {
@@ -146,4 +165,4 @@ pub async fn mksnap(handle: &CoreDB, con: &mut Con<'_>, act: ActionGroup) -> TRe
                 .await;
         }
     }
-}
+}
@@ -3,81 +3,79 @@ version: 0.5.1
 author: Sayan N. <ohsayan@outlook.com>
 about: The Skybase Database server
 args:
-  - config:
-      short: c
-      required: false
-      long: withconfig
-      value_name: cfgfile
-      help: Sets a configuration file to start sdb
-      takes_value: true
-  - restore:
-      short: r
-      required: false
-      long: restore
-      value_name: snapshotfile
-      help: Restores data from a previous snapshot
-      takes_value: true
-  - host:
-      short: h
-      required: false
-      long: host
-      value_name: host
-      help: Sets the host to which the server will bind
-      takes_value: true
-  - port:
-      short: p
-      required: false
-      long: port
-      value_name: port
-      help: Sets the port to which the server will bind
-      takes_value: true
-  - noart:
-      required: false
-      long: noart
-      help: Disables terminal artwork
-      takes_value: false
-  - nosave:
-      required: false
-      long: nosave
-      help: Disables automated background saving
-      takes_value: false
-  - saveduration:
-      required: false
-      long: saveduration
-      value_name: duration
-      short: S
-      takes_value: true
-      help: Set the BGSAVE duration
-  - snapevery:
-      required: false
-      long: snapevery
-      value_name: duration
-      help: Set the periodic snapshot duration
-      takes_value: true
-  - snapkeep:
-      required: false
-      long: snapkeep
-      value_name: count
-      help: Sets the number of most recent snapshots to keep
-      takes_value: true
-  - sslkey:
-      required: false
-      long: sslkey
-      short: k
-      value_name: key
-      help: Sets the PEM key file to use for SSL/TLS
-      takes_value: true
-  - sslchain:
-      required: false
-      long: sslchain
-      short: z
-      value_name: chain
-      help: Sets the PEM chain file to use for SSL/TLS
-      takes_value: true
-  - sslonly:
-      required: false
-      long: sslonly
-      takes_value: false
-      help: >-
-        Tells the server to only accept SSL connections and disables the non-SSL
-        port
+    - config:
+          short: c
+          required: false
+          long: withconfig
+          value_name: cfgfile
+          help: Sets a configuration file to start sdb
+          takes_value: true
+    - restore:
+          short: r
+          required: false
+          long: restore
+          value_name: snapshotfile
+          help: Restores data from a previous snapshot
+          takes_value: true
+    - host:
+          short: h
+          required: false
+          long: host
+          value_name: host
+          help: Sets the host to which the server will bind
+          takes_value: true
+    - port:
+          short: p
+          required: false
+          long: port
+          value_name: port
+          help: Sets the port to which the server will bind
+          takes_value: true
+    - noart:
+          required: false
+          long: noart
+          help: Disables terminal artwork
+          takes_value: false
+    - nosave:
+          required: false
+          long: nosave
+          help: Disables automated background saving
+          takes_value: false
+    - saveduration:
+          required: false
+          long: saveduration
+          value_name: duration
+          short: S
+          takes_value: true
+          help: Set the BGSAVE duration
+    - snapevery:
+          required: false
+          long: snapevery
+          value_name: duration
+          help: Set the periodic snapshot duration
+          takes_value: true
+    - snapkeep:
+          required: false
+          long: snapkeep
+          value_name: count
+          help: Sets the number of most recent snapshots to keep
+          takes_value: true
+    - sslkey:
+          required: false
+          long: sslkey
+          short: k
+          value_name: key
+          help: Sets the PEM key file to use for SSL/TLS
+          takes_value: true
+    - sslchain:
+          required: false
+          long: sslchain
+          short: z
+          value_name: chain
+          help: Sets the PEM chain file to use for SSL/TLS
+          takes_value: true
+    - sslonly:
+          required: false
+          long: sslonly
+          takes_value: false
+          help: Tells the server to only accept SSL connections and disables the non-SSL port