mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-24 08:45:13 +00:00
Merge pull request #2685 from enkore/docs/i2624
document pattern denial of service
This commit is contained in:
commit
829f05de81
1 changed files with 9 additions and 0 deletions
|
@ -1921,6 +1921,15 @@ def do_break_lock(self, args, repository):
|
||||||
Other include/exclude patterns that would normally match will be ignored.
|
Other include/exclude patterns that would normally match will be ignored.
|
||||||
Same logic applies for exclude.
|
Same logic applies for exclude.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
`re:`, `sh:` and `fm:` patterns are all implemented on top of the Python SRE
|
||||||
|
engine. It is very easy to formulate patterns for each of these types which
|
||||||
|
requires an inordinate amount of time to match paths. If untrusted users
|
||||||
|
are able to supply patterns, ensure they cannot supply `re:` patterns.
|
||||||
|
Further, ensure that `sh:` and `fm:` patterns only contain a handful of
|
||||||
|
wildcards at most.
|
||||||
|
|
||||||
Exclusions can be passed via the command line option `--exclude`. When used
|
Exclusions can be passed via the command line option `--exclude`. When used
|
||||||
from within a shell the patterns should be quoted to protect them from
|
from within a shell the patterns should be quoted to protect them from
|
||||||
expansion.
|
expansion.
|
||||||
|
|
Loading…
Reference in a new issue