Add security check.

This commit is contained in:
redxef 2022-08-30 22:33:05 +02:00
parent bb060e5eec
commit 17ace3fb33
Signed by: redxef
GPG key ID: 7DAC3AA211CBD921

View file

@ -21,7 +21,7 @@ backup() {
test -z "$target_dir" && { echo "Error: No base folder found for target=$target" >&2; exit 2; } test -z "$target_dir" && { echo "Error: No base folder found for target=$target" >&2; exit 2; }
test -z "$target_name" && { echo "Error: No target name found for target=$target" >&2; exit 3; } test -z "$target_name" && { echo "Error: No target name found for target=$target" >&2; exit 3; }
"$DOCKER" run --rm \ echo_and_run "$DOCKER" run --rm \
--mount="type=volume,source=$volume,destination=/data,ro=true" \ --mount="type=volume,source=$volume,destination=/data,ro=true" \
--mount="type=bind,source=$target_dir,destination=/data2" \ --mount="type=bind,source=$target_dir,destination=/data2" \
busybox /bin/sh -c \ busybox /bin/sh -c \
@ -38,13 +38,11 @@ restore() {
test -z "$target_dir" && { echo "Error: No base folder found for target=$target" >&2; exit 2; } test -z "$target_dir" && { echo "Error: No base folder found for target=$target" >&2; exit 2; }
test -z "$target_name" && { echo "Error: No target name found for target=$target" >&2; exit 3; } test -z "$target_name" && { echo "Error: No target name found for target=$target" >&2; exit 3; }
set -x echo_and_run "$DOCKER" run --rm \
"$DOCKER" run --rm \
--mount="type=volume,source=$volume,destination=/data" \ --mount="type=volume,source=$volume,destination=/data" \
--mount="type=bind,source=$target_dir,destination=/data2" \ --mount="type=bind,source=$target_dir,destination=/data2" \
busybox /bin/sh -c \ busybox /bin/sh -c \
"cd /data/ && rm -rf ./* && tar xf '/data2/$target_name'" "cd /data/ && rm -rf ./* && tar xf '/data2/$target_name'"
set +x
} }
backup_all() { backup_all() {
@ -57,6 +55,14 @@ backup_all() {
} }
restore_all() { restore_all() {
if [ -z "$DVB_I_KNOW_WHAT_I_DO" ]; then
printf "The following operation will delete all data in the volumes to be restored, are you sure [y/N]? "
read -r DVB_I_KNOW_WHAT_I_DO
fi
if echo "$DVB_I_KNOW_WHAT_I_DO" | grep -Eviq 't|true|1|y|yes'; then
echo aborting
exit 1
fi
for tarball in "$@"; do for tarball in "$@"; do
volume_name="${tarball%.tar}" volume_name="${tarball%.tar}"
echo "$volume_name -> $volume" echo "$volume_name -> $volume"