Add traveral check before deleting pre-existing backup dir

2024-08-30 18:23:09 +00:00 · 2021-11-29 19:13:21 -05:00 · 2021-11-29 19:13:21 -05:00 · 0d34fcdea3
commit 0d34fcdea3
parent b49077991e
1 changed files with 2 additions and 1 deletions
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@ -362,7 +362,8 @@ class Controller:
        backup_path_components[-1] = new_uuid
        new_bu_path = pathlib.PurePath(os.path.join(*backup_path_components))
        if os.path.isdir(new_bu_path):
-            os.rmdir(new_bu_path)
+            if helper.validate_traversal(helper.backup_path, new_bu_path):
+                os.rmdir(new_bu_path)
        backup_path.rename(new_bu_path)

    def register_server(self, name: str, server_uuid: str, server_dir: str, backup_path: str, server_command: str, server_file: str, server_log_file: str, server_stop: str, server_port: int):