dar-backup 0.8.1__py3-none-any.whl → 0.8.2__py3-none-any.whl

dar_backup/Changelog.md

@@ -1,6 +1,24 @@
 <!-- markdownlint-disable MD024 -->
 # dar-backup Changelog
 
+## v2-beta-0.8.2 - 2025-07-17
+
+Github link: [v2-beta-0.8.2](https://github.com/per2jensen/dar-backup/tree/v2-beta-0.8.2/v2)
+
+### Added
+
+- Security hardening: CommandRunner now performs strict command-line sanitization
+  - Disallows potentially dangerous characters (e.g. ;, &, |) in command arguments
+  - Prevents injection-style misuse when restoring specific files or invoking custom commands
+
+- Documentation:
+  - New [README section](https://github.com/per2jensen/dar-backup?tab=readme-ov-file#limitations-on-file-names-with-special-characters) explains filename restrictions and safe workarounds (e.g. restoring directly with dar, if needed)
+  - Includes a Markdown table listing all disallowed characters
+
+- Test suite:
+  - Existing test cases updated to comply with the new sanitization rules
+  - Additional tests ensure CommandRunner handles large binary output and edge cases cleanly
+
 ## v2-beta-0.8.1 - 2025-07-16
 
 Github link: [v2-beta-0.8.1](https://github.com/per2jensen/dar-backup/tree/v2-beta-0.8.1/v2)

dar_backup/__about__.py

@@ -1,4 +1,4 @@
-__version__ = "0.8.1"
+__version__ = "0.8.2"
 
 __license__ = '''Licensed under GNU GENERAL PUBLIC LICENSE v3, see the supplied file "LICENSE" for details.
 THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW, not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

dar_backup/command_runner.py

@@ -5,33 +5,76 @@ import logging
 import traceback
 import threading
 import os
+import re
+import shlex
 import sys
 import tempfile
 sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../src")))
-from typing import List, Optional
+from typing import List, Optional, Union
 from dar_backup.util import get_logger
 
 
+def is_safe_arg(arg: str) -> bool:
+    """
+    Check if the argument is safe by rejecting dangerous shell characters.
+    """
+    return not re.search(r'[;&|><`$\n]', arg)
+
+
+def sanitize_cmd(cmd: List[str]) -> List[str]:
+    """
+    Validate and sanitize a list of command-line arguments.
+    Ensures all elements are strings and do not contain dangerous shell characters.
+    Raises ValueError if any argument is unsafe.
+    """
+
+    if not isinstance(cmd, list):
+        raise ValueError("Command must be a list of strings")
+    for arg in cmd:
+        if not isinstance(arg, str):
+            raise ValueError(f"Invalid argument type: {arg} (must be string)")
+        if not is_safe_arg(arg):
+            raise ValueError(f"Unsafe argument detected: {arg}")
+    return cmd
+
+def _safe_str(s):
+    if isinstance(s, bytes):
+        return f"<{len(s)} bytes of binary data>"
+    return s
+
+
 class CommandResult:
-    def __init__(self, returncode: int, stdout: str, stderr: str, stack: str = None):
+    def __init__(
+        self,
+        returncode: int,
+        stdout: Union[str, bytes],
+        stderr: Union[str, bytes],
+        stack: Optional[str] = None,
+        note: Optional[str] = None
+    ):
         self.returncode = returncode
         self.stdout = stdout
         self.stderr = stderr
         self.stack = stack
+        self.note = note
+
+
 
     def __repr__(self):
         return f"<CommandResult returncode={self.returncode}\nstdout={self.stdout}\nstderr={self.stderr}\nstack={self.stack}>"
-    
+
 
     def __str__(self):
         return (
-            f"CommandResult:\n"
+            "CommandResult:\n"
             f"  Return code: {self.returncode}\n"
-            f"  STDOUT:\n{self.stdout}\n"
-            f"  STDERR:\n{self.stderr}\n"
-            f"  Stacktrace:\n{self.stack if self.stack else '<none>'}"
+            f"  Note: {self.note if self.note else '<none>'}\n"
+            f"  STDOUT: {_safe_str(self.stdout)}\n"
+            f"  STDERR: {_safe_str(self.stderr)}\n"
+            f"  Stacktrace: {self.stack if self.stack else '<none>'}"
         )
 
+
 class CommandRunner:
     def __init__(
         self,
@@ -46,6 +89,7 @@ class CommandRunner:
         if not self.logger or not self.command_logger:
             self.logger_fallback()
 
+
     def logger_fallback(self):
         """
         Setup temporary log files
@@ -83,9 +127,31 @@ class CommandRunner:
         capture_output: bool = True,
         text: bool = True
     ) -> CommandResult:
+        self._text_mode = text 
         timeout = timeout or self.default_timeout
 
-        command = f"Executing command: {' '.join(cmd)} (timeout={timeout}s)"
+        cmd_sanitized = None
+
+        try:
+            cmd_sanitized = sanitize_cmd(cmd)
+        except ValueError as e:
+            stack = traceback.format_exc()
+            self.logger.error(f"Command sanitation failed: {e}")
+            return CommandResult(
+                returncode=-1,
+                note=f"Sanitizing failed: command: {' '.join(cmd)}",
+                stdout='',
+                stderr=str(e),
+                stack=stack,
+
+            )
+        finally:
+            cmd = cmd_sanitized
+
+        #command = f"Executing command: {' '.join(cmd)} (timeout={timeout}s)"
+        command = f"Executing command: {' '.join(shlex.quote(arg) for arg in cmd)} (timeout={timeout}s)"
+
+
         self.command_logger.info(command)
         self.logger.debug(command)
 
@@ -115,9 +181,13 @@ class CommandRunner:
                     chunk = stream.read(1024)
                     if not chunk:
                         break
-                    decoded = chunk.decode('utf-8', errors='replace')
-                    lines.append(decoded)
-                    self.command_logger.log(level, decoded.strip())
+                    if self._text_mode:
+                        decoded = chunk.decode('utf-8', errors='replace')
+                        lines.append(decoded)
+                        self.command_logger.log(level, decoded.strip())
+                    else:
+                        lines.append(chunk)
+                        # Avoid logging raw binary data to prevent garbled logs
             except Exception as e:
                 self.logger.warning(f"stream_output decode error: {e}")
             finally:
@@ -150,18 +220,27 @@ class CommandRunner:
             t.join()
 
 
+
+        if self._text_mode:
+            stdout_combined = ''.join(stdout_lines)
+            stderr_combined = ''.join(stderr_lines)
+        else:
+            stdout_combined = b''.join(stdout_lines)
+            stderr_combined = b''.join(stderr_lines)
+
+
         if check and process.returncode != 0:
             self.logger.error(f"Command failed with exit code {process.returncode}")
             return CommandResult(
                 process.returncode,
-                ''.join(stdout_lines),
-                ''.join(stderr_lines),
+                stdout_combined,
+                stderr_combined,
                 stack=traceback.format_stack()
             )
 
         return CommandResult(
             process.returncode,
-            ''.join(stdout_lines),
-            ''.join(stderr_lines),
+                stdout_combined,
+                stderr_combined
         )
 

dar_backup/dar_backup.py

@@ -248,7 +248,7 @@ def verify(args: argparse.Namespace, backup_file: str, backup_definition: str, c
         PermissionError: If a permission error occurs while comparing files.
     """
     result = True
-    command = ['dar', '-t', backup_file, '-Q']
+    command = ['dar', '-t', backup_file, '-N', '-Q']
  
  
     log_basename = os.path. dirname(config_settings.logfile_location)
@@ -315,7 +315,7 @@ def verify(args: argparse.Namespace, backup_file: str, backup_definition: str, c
     for restored_file_path in random_files:
         try:
             args.verbose and logger.info(f"Restoring file: '{restored_file_path}' from backup to: '{config_settings.test_restore_dir}' for file comparing")
-            command = ['dar', '-x', backup_file, '-g', restored_file_path.lstrip("/"), '-R', config_settings.test_restore_dir, '-Q', '-B', args.darrc, 'restore-options']
+            command = ['dar', '-x', backup_file, '-g', restored_file_path.lstrip("/"), '-R', config_settings.test_restore_dir, '--noconf',  '-Q', '-B', args.darrc, 'restore-options']
             args.verbose and logger.info(f"Running command: {' '.join(map(shlex.quote, command))}")
             process = runner.run(command, timeout = config_settings.command_timeout_secs)    
             if process.returncode != 0:
@@ -347,7 +347,7 @@ def restore_backup(backup_name: str, config_settings: ConfigSettings, restore_di
     results: List[tuple] = []
     try:
         backup_file = os.path.join(config_settings.backup_dir, backup_name)
-        command = ['dar', '-x', backup_file, '-Q', '-D']
+        command = ['dar', '-x', backup_file, '--noconf', '-Q', '-D']
         if restore_dir:
             if not os.path.exists(restore_dir):
                 os.makedirs(restore_dir)
@@ -390,7 +390,7 @@ def get_backed_up_files(backup_name: str, backup_dir: str):
     logger.debug(f"Getting backed up files in xml from DAR archive: '{backup_name}'")
     backup_path = os.path.join(backup_dir, backup_name)
     try:
-        command = ['dar', '-l', backup_path, '-am', '-as', "-Txml" , '-Q']
+        command = ['dar', '-l', backup_path, '--noconf', '-am', '-as', "-Txml" , '-Q']
         logger.debug(f"Running command: {' '.join(map(shlex.quote, command))}")
         command_result = runner.run(command)
         # Parse the XML data
@@ -418,7 +418,7 @@ def list_contents(backup_name, backup_dir, selection=None):
     backup_path = os.path.join(backup_dir, backup_name)
 
     try:
-        command = ['dar', '-l', backup_path, '-am', '-as', '-Q']
+        command = ['dar', '-l', backup_path, '--noconf',  '-am', '-as', '-Q']
         if selection:
             selection_criteria = shlex.split(selection)
             command.extend(selection_criteria)

{dar_backup-0.8.1.dist-info → dar_backup-0.8.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dar-backup
-Version: 0.8.1
+Version: 0.8.2
 Summary: A script to do full, differential and incremental backups using dar.     Some files are restored from the backups during verification, after which par2 redundancy files are created.     The script also has a cleanup feature to remove old backups and par2 files.
 Project-URL: GPG Public Key, https://keys.openpgp.org/search?q=dar-backup@pm.me
 Project-URL: Homepage, https://github.com/per2jensen/dar-backup/tree/main/v2

{dar_backup-0.8.1.dist-info → dar_backup-0.8.2.dist-info}/RECORD

@@ -1,15 +1,15 @@
 dar_backup/.darrc,sha256=-aerqivZmOsW_XBCh9IfbYTUvw0GkzDSr3Vx4GcNB1g,2113
-dar_backup/Changelog.md,sha256=T6w4NGFjBg2rgyTmgScKPFwdJx_M3XkEnU7aG3NQMyo,12094
+dar_backup/Changelog.md,sha256=kJHH12ETI46nzZURvhKZvZR4RndnY8KP22ORfN5u3iA,12988
 dar_backup/README.md,sha256=S8wpgaqa2LzXXZiQEzoOV1qjrpf9m1baYmvzGYtgEcE,59990
-dar_backup/__about__.py,sha256=SSWyynCpdSF2lIcROjGdr29Z-m523S9BbEc-ytO_L30,344
+dar_backup/__about__.py,sha256=HtwR6RuPdVHxYDraJvSQ0J9gRO3qkMMealFqBS1CfGc,344
 dar_backup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dar_backup/clean_log.py,sha256=pmmyPmLWbm3_3sHwJt9V_xBwUF8v015iS17ypJAGAZ4,6023
 dar_backup/cleanup.py,sha256=_ggDcpMCB1MhXStvYussp_PdGfhIFtEutT5BNrNkMSY,13297
-dar_backup/command_runner.py,sha256=_aaLk8j44tFNYBv9FJTpUaIFE_iIKEO1W1xDaiO5HJg,5599
+dar_backup/command_runner.py,sha256=cwthuNU4N1vzAjri0uh2x32vmCLu1B2S3OxGExpCGRE,7840
 dar_backup/config_settings.py,sha256=2UAHvatrVO4ark6lCn2Q7qBvZN6DUMK2ftlNrKpzlWc,5792
 dar_backup/dar-backup.conf,sha256=46V2zdvjj_aThFY11wWlffjmoiChYmatdf5DXCsmmao,1208
 dar_backup/dar-backup.conf.j2,sha256=z3epGo6nB_Jh3liTOp93wJO_HKUsf7qghe9cdtFH7cY,2021
-dar_backup/dar_backup.py,sha256=pgUQ1wZ5_yocRJJDRa4AkVyI7I8Z5WBY5vD5a4ASkmA,43001
+dar_backup/dar_backup.py,sha256=JW1k0LuQhf_y2f1K1pIu1-PmKw4bGSrCB_MBoPvFWuM,43057
 dar_backup/dar_backup_systemd.py,sha256=PwAc2H2J3hQLWpnC6Ib95NZYtB2G2NDgkSblfLj1n10,3875
 dar_backup/demo.py,sha256=bxEq_nJwHuQydERPppkvhotg1fdwBX_CE33m5fX_kxw,7945
 dar_backup/demo_backup_def.j2,sha256=hQW2Glp0QGV3Kt8cwjS0mpOCdyzjVlpgbgL6LpXTKJA,1793
@@ -18,8 +18,8 @@ dar_backup/installer.py,sha256=xSXh77qquIZbUTSY3AbhERQbS7bnrPE__M_yqpszdhM,6883
 dar_backup/manager.py,sha256=d1zliFpSuWc8JhjKqLMC-xOhp5kSIcfeGkMZOVuZcM0,27143
 dar_backup/rich_progress.py,sha256=SfwFxebBl6jnDQMUQr4McknkW1yQWaJVo1Ju1OD3okA,3221
 dar_backup/util.py,sha256=iTOGsZyIdkvh9tIu7hD_IXi-9HO6GhVgqact5GGInEY,26063
-dar_backup-0.8.1.dist-info/METADATA,sha256=UPCRBCwXlLLjGVGZC-BVqCZXOCYa82lccd8W16I2sCg,102681
-dar_backup-0.8.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-dar_backup-0.8.1.dist-info/entry_points.txt,sha256=pOK9M8cHeAcGIatrYzkm_1O89kPk0enyYONALYjFBx4,286
-dar_backup-0.8.1.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-dar_backup-0.8.1.dist-info/RECORD,,
+dar_backup-0.8.2.dist-info/METADATA,sha256=YgHdGcT3ZcaCUYxtRwaArlHj4xelOH0DVumw2bgGwTk,102681
+dar_backup-0.8.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+dar_backup-0.8.2.dist-info/entry_points.txt,sha256=pOK9M8cHeAcGIatrYzkm_1O89kPk0enyYONALYjFBx4,286
+dar_backup-0.8.2.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+dar_backup-0.8.2.dist-info/RECORD,,