Skip to content

Commit

Permalink
Properly validate rsync extra arguments
Browse files Browse the repository at this point in the history
  • Loading branch information
@sonicaj
sonicaj committed Jun 6, 2021
1 parent 3dfb3e2 commit 6428776
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions src/middlewared/middlewared/plugins/rsync.py
View file
Expand Up @@ -299,7 +299,13 @@ class Config:

@private
async def rsync_task_extend(self, data, context):
data['extra'] = shlex.split(data['extra'].replace('"', r'"\"').replace("'", r'"\"'))
try:
data['extra'] = shlex.split(data['extra'].replace('"', r'"\"').replace("'", r'"\"'))
except ValueError:
# This is to handle the case where the extra value is misconfigured for old cases
# Moving on, we are going to verify that it can be split successfully using shlex
data['extra'] = data['extra'].split()

for field in ('mode', 'direction'):
data[field] = data[field].upper()
Cron.convert_db_format_to_schedule(data)
Expand Down Expand Up @@ -351,10 +357,11 @@ async def validate_rsync_task(self, data, schema):
if not remote_host:
verrors.add(f'{schema}.remotehost', 'Please specify a remote host')

if data.get('extra'):
data['extra'] = ' '.join(data['extra'])
else:
data['extra'] = ''
data['extra'] = ' '.join(data['extra'])
try:
shlex.split(data['extra'].replace('"', r'"\"').replace("'", r'"\"'))
except ValueError as e:
verrors.add(f'{schema}.extra', f'Please specify valid value: {e}')

mode = data.get('mode')
if not mode:
Expand Down

0 comments on commit 6428776

Please sign in to comment.