rewrite: Fail if a tree contains an unknown field

In principle, the JSON format of Tree objects is extensible without
requiring a format change. In order to not loose information just play
it safe and reject rewriting trees for which we could loose data.
This commit is contained in:
Michael Eischer 2022-10-15 10:14:50 +02:00
parent 11b8c3a158
commit f88acd4503
2 changed files with 28 additions and 0 deletions

View file

@ -2,6 +2,7 @@ package walker
import (
"context"
"fmt"
"path"
"github.com/restic/restic/internal/debug"
@ -28,6 +29,17 @@ func FilterTree(ctx context.Context, repo BlobLoadSaver, nodepath string, nodeID
return restic.ID{}, err
}
// check that we can properly encode this tree without losing information
// The alternative of using json/Decoder.DisallowUnknownFields() doesn't work as we use
// a custom UnmarshalJSON to decode trees, see also https://github.com/golang/go/issues/41144
testID, err := restic.SaveTree(ctx, repo, curTree)
if err != nil {
return restic.ID{}, err
}
if nodeID != testID {
return restic.ID{}, fmt.Errorf("cannot encode tree at %q without loosing information", nodepath)
}
debug.Log("filterTree: %s, nodeId: %s\n", nodepath, nodeID.Str())
changed := false

View file

@ -204,3 +204,19 @@ func TestRewriter(t *testing.T) {
})
}
}
func TestRewriterFailOnUnknownFields(t *testing.T) {
tm := WritableTreeMap{TreeMap{}}
node := []byte(`{"nodes":[{"name":"subfile","type":"file","mtime":"0001-01-01T00:00:00Z","atime":"0001-01-01T00:00:00Z","ctime":"0001-01-01T00:00:00Z","uid":0,"gid":0,"content":null,"unknown_field":42}]}`)
id := restic.Hash(node)
tm.TreeMap[id] = node
ctx, cancel := context.WithCancel(context.TODO())
defer cancel()
// use nil visitor to crash if the tree loading works unexpectedly
_, err := FilterTree(ctx, tm, "/", id, nil)
if err == nil {
t.Error("missing error on unknown field")
}
}