From 20f1ca4181a1a1e86538cd6385e54c2e28e8238e Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Wed, 9 Oct 2024 22:49:01 +0200 Subject: [PATCH] disallow unknown special tags only known special tags is @PROT for now. --- src/borg/archiver/tag_cmd.py | 12 +++++++++++- src/borg/constants.py | 4 ++++ src/borg/testsuite/archiver/tag_cmd_test.py | 16 ++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/borg/archiver/tag_cmd.py b/src/borg/archiver/tag_cmd.py index 5a4ce3508f..613a81e825 100644 --- a/src/borg/archiver/tag_cmd.py +++ b/src/borg/archiver/tag_cmd.py @@ -3,7 +3,7 @@ from ._common import with_repository, define_archive_filters_group from ..archive import Archive from ..constants import * # NOQA -from ..helpers import bin_to_hex, archivename_validator, tag_validator +from ..helpers import bin_to_hex, archivename_validator, tag_validator, Error from ..manifest import Manifest from ..logger import create_logger @@ -25,6 +25,16 @@ def tags_set(tags): else: archive_infos = manifest.archives.list_considering(args) + def check_special(tags): + if tags: + special = {tag for tag in tags_set(tags) if tag.startswith("@")} + if not special.issubset(SPECIAL_TAGS): + raise Error("unknown special tags given.") + + check_special(args.set_tags) + check_special(args.add_tags) + check_special(args.remove_tags) + for archive_info in archive_infos: archive = Archive(manifest, archive_info.id, cache=cache) if args.set_tags: diff --git a/src/borg/constants.py b/src/borg/constants.py index 36017d44f8..911a8f1bef 100644 --- a/src/borg/constants.py +++ b/src/borg/constants.py @@ -124,6 +124,10 @@ # tar related SCHILY_XATTR = "SCHILY.xattr." # xattr key prefix in tar PAX headers +# special tags +# @PROT protects archives against accidential deletion or modification by delete, prune or recreate. +SPECIAL_TAGS = frozenset(["@PROT"]) + # return codes returned by borg command EXIT_SUCCESS = 0 # everything done, no problems EXIT_WARNING = 1 # reached normal end of operation, but there were issues (generic warning) diff --git a/src/borg/testsuite/archiver/tag_cmd_test.py b/src/borg/testsuite/archiver/tag_cmd_test.py index 3b7c04b8c2..e6781cc591 100644 --- a/src/borg/testsuite/archiver/tag_cmd_test.py +++ b/src/borg/testsuite/archiver/tag_cmd_test.py @@ -1,5 +1,8 @@ +import pytest + from ...constants import * # NOQA from . import cmd, generate_archiver_tests, RK_ENCRYPTION +from ...helpers import Error pytest_generate_tests = lambda metafunc: generate_archiver_tests(metafunc, kinds="local") # NOQA @@ -45,3 +48,16 @@ def test_tag_set_noclobber_special(archivers, request): # it is possible though to use --set if the existing special tags are also given: output = cmd(archiver, "tag", "-a", "archive", "--set", "noclobber", "--set", "@PROT") assert "tags: @PROT,noclobber." in output + + +def test_tag_set_only_known_special(archivers, request): + archiver = request.getfixturevalue(archivers) + cmd(archiver, "repo-create", RK_ENCRYPTION) + cmd(archiver, "create", "archive", archiver.input_path) + # user can't set / add / remove unknown special tags + with pytest.raises(Error): + cmd(archiver, "tag", "-a", "archive", "--set", "@UNKNOWN") + with pytest.raises(Error): + cmd(archiver, "tag", "-a", "archive", "--add", "@UNKNOWN") + with pytest.raises(Error): + cmd(archiver, "tag", "-a", "archive", "--remove", "@UNKNOWN")