composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-06 09:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do NOT backup unsafe files.

Browse Source
This commit is contained in:
denis.flaven@combodo.com
2023-04-03 11:54:01 +02:00
parent d03bd706e2
commit 034ca26d01
2 changed files with 31 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
setup/backup.class.inc.php
View File

@@ -205,11 +205,12 @@ class DBBackup
*
* @param string $sSourceConfigFile
* @param string $sTmpFolder
* @param bool $bSkipSQLDumpForTesting
*
* @return array list of files to archive
* @throws \Exception
*/
protected function PrepareFilesToBackup($sSourceConfigFile, $sTmpFolder)
protected function PrepareFilesToBackup($sSourceConfigFile, $sTmpFolder, $bSkipSQLDumpForTesting = false)
{
$aRet = array();
if (is_dir($sTmpFolder))
@@ -250,7 +251,11 @@ class DBBackup
$aExtraFiles = MetaModel::GetModuleSetting('itop-backup', 'extra_files', []);
foreach($aExtraFiles as $sExtraFileOrDir)
{
$sExtraFullPath = APPROOT.'/'.$sExtraFileOrDir;
$sExtraFullPath = realpath(APPROOT.'/'.$sExtraFileOrDir);
if (strncmp(APPROOT, $sExtraFullPath, strlen(APPROOT)) !== 0)
{
throw new Exception("Backup: Aborting, resource '$sExtraFileOrDir'. Considered as UNSAFE because not inside the iTop directory.");
}
if (is_dir($sExtraFullPath))
{
$sFile = $sTmpFolder.'/'.$sExtraFileOrDir;
@@ -267,9 +272,12 @@ class DBBackup
$aRet[] = $sFile;
}
}
$sDataFile = $sTmpFolder.'/itop-dump.sql';
$this->DoBackup($sDataFile);
$aRet[] = $sDataFile;
if (!$bSkipSQLDumpForTesting)
{
$sDataFile = $sTmpFolder.'/itop-dump.sql';
$this->DoBackup($sDataFile);
$aRet[] = $sDataFile;
}
return $aRet;
}

23
test/setup/DBBackupDataTest.php
View File

@@ -18,7 +18,7 @@ class DBBackupDataTest extends ItopDataTestCase
/**
* @dataProvider prepareFilesToBackupProvider
*/
public function testPrepareFilesToBackup($aExtraFiles)
public function testPrepareFilesToBackup(array $aExtraFiles, bool $bUnsafeFileException)
{
$sTmpDir = sys_get_temp_dir().'/testPrepareFilesToBackup-'.time();
$oBackup = new DBBackup(MetaModel::GetConfig());
@@ -33,11 +33,14 @@ class DBBackupDataTest extends ItopDataTestCase
}
}
$aFiles = $this->InvokeNonPublicMethod('DBBackup', 'PrepareFilesToBackup', $oBackup, [APPROOT.'/conf/production/config-itop.php', $sTmpDir]);
if ($bUnsafeFileException)
{
$this->expectExceptionMessage("Backup: Aborting, resource '$sExtraFile'. Considered as UNSAFE because not inside the iTop directory.");
}
$aFiles = $this->InvokeNonPublicMethod('DBBackup', 'PrepareFilesToBackup', $oBackup, [APPROOT.'/conf/production/config-itop.php', $sTmpDir, true]);
SetupUtils::rrmdir($sTmpDir);
$aExpectedFiles = [
$sTmpDir.'/config-itop.php',
$sTmpDir.'/itop-dump.sql',
];
foreach($aExtraFiles as $sRelFile => $bExists)
{
@@ -59,9 +62,19 @@ class DBBackupDataTest extends ItopDataTestCase
}
}
}
function prepareFilesToBackupProvider()
{
return [
'no_extra_file' => ['aExtraFiles' => [], false],
'one_extra_file' => ['aExtraFiles' => ['foo.txt' => true], false],
'three_extra_file_and_dir' => ['aExtraFiles' => ['foo.txt' => true, 'gabu/zomeu.xml' => true, 'meuh.html' => true], false],
'one_unsafe_file' => ['aExtraFiles' => ['../foo.txt' => true], true],
];
}
/**
* @dataProvider prepareFilesToBackupProvider
* @dataProvider restoreListExtraFilesProvider
*/
function testRestoreListExtraFiles($aFilesToCreate, $aExpectedRelativeExtraFiles)
{
@@ -93,7 +106,7 @@ class DBBackupDataTest extends ItopDataTestCase
SetupUtils::rrmdir($sTmpDir);
}
function prepareFilesToBackupProvider()
function restoreListExtraFilesProvider()
{
return [
'no extra file' => ['aFilesToCreate' => ['config-itop.php', 'itop-dump.sql', 'delta.xml'], 'aExpectedExtraFiles' => []],