Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: use strict JSON parsing when parsing backup metadata

This commit is contained in:
Martin Brennan 2020-01-15 11:24:41 +01:00 committed by Régis Hanol
parent 5d75f90b27
commit c3cd2389fe
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/backup_restore/meta_data_handler.rb
View File

@ -19,6 +19,14 @@ module BackupRestore
def validate def validate
metadata = extract_metadata metadata = extract_metadata
if metadata[:version].blank?
raise MetaDataError.new("Version not defined in metadata file.")
end
if !metadata[:version].is_a?(String) && !metadata[:version].is_a?(Integer)
raise MetaDataError.new("Version is not in a valid format.")
end
log "Validating metadata..." log "Validating metadata..."
log " Current version: #{@current_version}" log " Current version: #{@current_version}"
log " Restored version: #{metadata[:version]}" log " Restored version: #{metadata[:version]}"
@ -50,10 +58,10 @@ module BackupRestore
end end
def load_metadata_file(path) def load_metadata_file(path)
metadata = Oj.load_file(path, symbol_keys: true) metadata = JSON.parse(File.read(path), symbolize_names: true)
raise MetaDataError.new("Failed to load metadata file.") if metadata.blank? raise MetaDataError.new("Failed to load metadata file.") if metadata.blank?
metadata metadata
rescue Oj::ParseError rescue JSON::ParserError
raise MetaDataError.new("Failed to parse metadata file.") raise MetaDataError.new("Failed to parse metadata file.")
end end
end end