mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-23 16:26:29 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2685 from enkore/docs/i2624

Browse source 
document pattern denial of service
This commit is contained in:
enkore 2017-06-17 12:37:43 +02:00 committed by GitHub
commit 829f05de81
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/borg/archiver.py
View file

@ -1921,6 +1921,15 @@ def do_break_lock(self, args, repository):
Other include/exclude patterns that would normally match will be ignored.
Same logic applies for exclude.
.. note::
`re:`, `sh:` and `fm:` patterns are all implemented on top of the Python SRE
engine. It is very easy to formulate patterns for each of these types which
requires an inordinate amount of time to match paths. If untrusted users
are able to supply patterns, ensure they cannot supply `re:` patterns.
Further, ensure that `sh:` and `fm:` patterns only contain a handful of
wildcards at most.
Exclusions can be passed via the command line option `--exclude`. When used
from within a shell the patterns should be quoted to protect them from
expansion.