mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-02-22 14:11:27 +00:00
Code Issues Releases Wiki Activity

format_line: deny conversions (!r, !s, !a)

Browse source
This commit is contained in:
Marian Beermann 2017-04-05 00:05:46 +02:00
parent e2e172c74f
commit 1bd381a13a
2 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/borg/helpers.py
View file

@ -784,9 +784,10 @@ def __format__(self, format_spec):
def format_line(format, data):
keys = [f[1] for f in Formatter().parse(format)]
for key in keys:
if '.' in key or '__' in key:
for _, key, _, conversion in Formatter().parse(format):
if not key:
continue
if '.' in key or '__' in key or conversion:
raise InvalidPlaceholder(key, format)
try:
return format.format(**data)

4
src/borg/testsuite/helpers.py
View file

@ -1213,6 +1213,10 @@ def test_format_line_erroneous():
assert format_line('{invalid}', data)
with pytest.raises(PlaceholderError):
assert format_line('{}', data)
with pytest.raises(PlaceholderError):
assert format_line('{now!r}', data)
with pytest.raises(PlaceholderError):
assert format_line('{now.__class__.__module__.__builtins__}', data)
def test_replace_placeholders():