Added additional validation for backups.

dchapyshev · dchapyshev · commit 5ca60ecfe448 · 2022-12-25T17:05:46.000+05:00
diff --git a/source/base/settings/json_settings.cc b/source/base/settings/json_settings.cc
@@ -159,7 +159,7 @@ void JsonSettings::sync()
                 // If there is a backup copy of the configuration, then we restore it.
                 if (hasBackupFor(path_))
                 {
-                    restoreBackupFor(path_);
+                    restoreBackupFor(path_, encrypted_);
                     continue;
                 }
                 else
@@ -188,7 +188,7 @@ void JsonSettings::sync()
             // If there is a backup copy of the configuration, then we restore it.
             if (hasBackupFor(path_))
             {
-                restoreBackupFor(path_);
+                restoreBackupFor(path_, encrypted_);
                 continue;
             }
             else
@@ -516,10 +516,50 @@ bool JsonSettings::removeBackupFileFor(const std::filesystem::path& source_file_
 }
 
 // static
-bool JsonSettings::restoreBackupFor(const std::filesystem::path& source_file_path)
+bool JsonSettings::isValidBackup(const std::filesystem::path& backup_file_path, Encrypted encrypted)
 {
     std::error_code error_code;
 
+    // If a corrupted configuration file exists.
+    if (!std::filesystem::exists(backup_file_path, error_code))
+    {
+        LOG(LS_WARNING) << "Backup file not exists";
+        return false;
+    }
+
+    Map map;
+    if (!readFile(backup_file_path, map, encrypted))
+    {
+        LOG(LS_WARNING) << "Unable to read backup file";
+        return false;
+    }
+
+    if (map.empty())
+    {
+        LOG(LS_WARNING) << "Empty backup file";
+        return false;
+    }
+
+    return true;
+}
+
+// static
+bool JsonSettings::restoreBackupFor(const std::filesystem::path& source_file_path, Encrypted encrypted)
+{
+    std::filesystem::path backup_file_path = backupFilePathFor(source_file_path);
+    if (!isValidBackup(backup_file_path, encrypted))
+    {
+        std::error_code error_code;
+        if (!std::filesystem::remove(backup_file_path, error_code))
+        {
+            LOG(LS_WARNING) << "Unable to remove corrupted backup file: "
+                            << utf16FromLocal8Bit(error_code.message());
+        }
+        return false;
+    }
+
+    std::error_code error_code;
+
     // If a corrupted configuration file exists.
     if (std::filesystem::exists(source_file_path, error_code))
     {
@@ -561,8 +601,6 @@ bool JsonSettings::restoreBackupFor(const std::filesystem::path& source_file_pat
         }
     }
 
-    std::filesystem::path backup_file_path = backupFilePathFor(source_file_path);
-
     // Restoring a corrupted configuration from a backup.
     if (!std::filesystem::copy_file(backup_file_path, source_file_path, error_code))
     {
diff --git a/source/base/settings/json_settings.h b/source/base/settings/json_settings.h
@@ -60,7 +60,8 @@ class JsonSettings : public Settings
     static std::filesystem::path backupFilePathFor(const std::filesystem::path& source_file_path);
     static bool hasBackupFor(const std::filesystem::path& source_file_path);
     static bool removeBackupFileFor(const std::filesystem::path& source_file_path);
-    static bool restoreBackupFor(const std::filesystem::path& source_file_path);
+    static bool isValidBackup(const std::filesystem::path& backup_file_path, Encrypted encrypted);
+    static bool restoreBackupFor(const std::filesystem::path& source_file_path, Encrypted encrypted);
     static bool createBackupFor(const std::filesystem::path& source_file_path);
 
 private:
