6c68b5339e
fix(security): replace os.popen/os.system with subprocess for command injection prevention
...
Replace all deprecated and unsafe command execution methods with
secure subprocess.run() calls using list arguments.
Changes:
- Replace os.popen() with subprocess.run() in tisbackup_gui.py
- Replace os.system() with subprocess.run() in tasks.py and backup_xva.py
- Add input validation for device/partition names (regex-based)
- Fix file operations to use context managers (with statement)
- Remove wildcard import from shutil
- Add timeout protection to all subprocess calls (5-30s)
- Improve error handling with proper try/except blocks
Security improvements:
- Prevent command injection vulnerabilities in USB disk operations
- Validate device paths with regex before system calls
- Use list arguments instead of shell=True to prevent injection
- Add proper error handling instead of silent failures
Code quality improvements:
- Replace deprecated os.popen() (deprecated since Python 2.6)
- Use context managers for file operations
- Remove wildcard imports for cleaner namespace
- Add comprehensive error handling and logging
Documentation:
- Add SECURITY_IMPROVEMENTS.md documenting all changes
- Document remaining security issues and recommendations
- Include testing recommendations and migration notes
BREAKING CHANGE: None - all changes are backward compatible
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-05 01:23:53 +02:00
c586bd1817
Merge 'feat/refacto' ( #1 ) into master
...
lint / docker (push) Has been cancelled
Utilisation de uv
2025-04-19 00:04:39 +02:00
e823f65c3c
fix(tisbackup): 🐛 remove excess uv/uvx
2025-04-18 23:57:44 +02:00
5c627f3a64
fix(tisbackup): 🐛 Dockerfile fix venv uv
2025-04-18 23:48:25 +02:00
7b6ce02a93
fix(tisbackup): 🐛 fix dockerignore pyproject.toml absent
2025-04-18 23:36:26 +02:00
e7d3e1140c
fix(tisbackup): using uv is good in Dockerfile maybe
2025-04-18 23:32:15 +02:00
6fe3eebf36
fix(tisbackup): using uv is good
2025-04-18 23:11:05 +02:00
79d15628bd
fix(tisbackup): add elements to .dockerignore - bis
lint / docker (push) Successful in 9m17s
2025-04-14 23:54:51 +02:00
3a4f3267eb
fix(tisbackup): add elements to .dockerignore
lint / docker (push) Has been cancelled
2025-04-14 23:50:42 +02:00
8761a04c40
fix(tisbackup): add .dockerignore
lint / docker (push) Has been cancelled
2025-04-14 23:45:53 +02:00
586991bcf1
fix(tisbackup): fix iniparse wrong check
lint / docker (push) Has been cancelled
2025-04-14 23:37:16 +02:00
ddb5f3716d
Fix replace
lint / docker (push) Successful in 9m16s
2025-03-07 22:54:14 +01:00
b805f8387e
Fix re.compile / re.match warnings
lint / docker (push) Has been cancelled
2025-03-07 22:51:20 +01:00
da50051a3f
Python 3.13 + add nginx reverse-proxy
lint / docker (push) Successful in 14m2s
2025-03-07 22:24:27 +01:00
8ef9bbde06
improve README.md
lint / docker (push) Successful in 9m15s
2024-11-30 00:20:51 +01:00
737f9bea38
fix iniparse
...
lint / docker (push) Successful in 9m14s
fix code passing ruff linter
pre-commit ruff
pre-commit ruff format
2024-11-29 23:45:40 +01:00
aa8a68aa80
EOF & whitespace
lint / docker (push) Failing after 4m47s
2024-11-29 00:54:31 +01:00
7fcc5afc64
EOF & whitespace
2024-11-29 00:54:09 +01:00
e7e98d0b47
few fixes and lint compatible
2024-11-29 00:48:59 +01:00
8479c378ee
fix basic
2024-11-29 00:32:39 +01:00
274e1e2e59
requirements.txt
2024-11-29 00:02:24 +01:00
eb0bdaedbd
fix import
2024-11-28 23:59:02 +01:00
99dc6e0abf
fix import
2024-11-28 23:46:48 +01:00
e8ba6df102
fix first pass - .gitignore
2024-11-28 23:21:26 +01:00
ffd9bf3d39
fix first pass
2024-11-28 23:20:19 +01:00
c5a1ac0551
test ci - lint ruff
lint / docker (push) Failing after 5m14s
2024-11-28 20:58:27 +01:00
af9ef1da23
test ci
lint / docker (push) Successful in 13m19s
2024-11-27 22:51:28 +01:00
4786966097
test ci
2024-11-27 22:42:58 +01:00
Simon Fonteneau
9209a1bfa8
Update requirements.txt
2024-08-22 09:52:55 +02:00
roondar
b9a3ad755a
fix: Not use binary string in subprocess command
2023-03-08 17:58:06 +01:00
fggp
caf3e8ee23
Added uninstall instructions
2022-12-26 14:02:49 +01:00
fggp
4888be1af4
Update Readme.md
2022-12-26 14:02:49 +01:00
fggp
fc64eeda1d
stop and disable services on uninstall
2022-12-26 14:02:49 +01:00
fggp
aff59a7cc7
Update requirements.txt
2022-12-26 14:02:49 +01:00
fggp
54eb4a6412
Revert to previous commit
2022-12-26 14:02:49 +01:00
fggp
a6e04f727a
Minor fix
2022-12-26 14:02:49 +01:00
fggp
987f796d9b
Update createdeb.sh
2022-12-26 14:02:49 +01:00
fggp
fb641fb21c
huey 0.4.9 and redis are installed from postinst
...
This is to be sure that the binaries are put in /usr/local/bin
2022-12-26 14:02:49 +01:00
fggp
a64177bff4
pyo replaced by pyc in prerm
2022-12-26 14:02:49 +01:00
fggp
05c1d91b75
Update requirements.txt
2022-12-26 14:02:49 +01:00
fggp
03958fe7b1
Install huey and redis in python site-packages
2022-12-26 14:02:49 +01:00
fggp
49ad026e30
Update Readme.md
2022-12-26 14:02:49 +01:00
fggp
63f7339206
Corrected import of huey attribute
2022-12-26 14:02:49 +01:00
fggp
ca39549431
Start command
...
The start command path for tisbakcup_huey.service was wrong.
2022-12-26 14:02:49 +01:00
fggp
6e53f7d351
Old version of huey needed
2022-12-26 14:02:49 +01:00
fggp
e695b14ddd
Create Readme.md
2022-12-26 14:02:49 +01:00
Francois PINOT
00c6166701
Use python3 instead of python2 when launching the service
2022-12-26 14:02:49 +01:00
Francois PINOT
c74cc3802b
Set errors=ignore in the decode method, to avoid utf-8 codec errors on filenames with non-ascii characters
2022-12-26 14:02:49 +01:00
Francois PINOT
9cce146868
Added modules to be installed with pip
2022-12-26 14:02:49 +01:00
Francois PINOT
1e676d64b9
Activated execution mode on deb/prerm and on deb/postrm
2022-12-26 14:02:49 +01:00
