southwark.targit

Archive where the changes to the contents are recorded using git.

Exceptions:

BadArchiveError()

Exception to indicate an archive contains files utilising path traversal.

Data:

Modes

Valid modes for opening TarGit archives in

Classes:

Status

alias of southwark.StagedDict

TarGit(filename[, mode])

A "TarGit" (pronounced "target", /tɑːɡɪt/) is a tar.gz archive where the changes to the contents are recorded using git.

SaveState(id, user, device, time, timezone)

Represents a save event in a TarGit archive's history.

Functions:

check_archive_paths(archive)

Checks the contents of an archive to ensure it does not contain any filenames with absolute paths or path traversal.

exception BadArchiveError[source]

Bases: OSError

Exception to indicate an archive contains files utilising path traversal.

Modes

Valid modes for opening TarGit archives in

  • 'r' – Read only access. The archive must exist.

  • 'w' – Read and write access. The archive must not exist.

  • 'a' – Read and write access to an existing archive.

Alias of Literal['r', 'w', 'a']

Status

alias of southwark.StagedDict

class TarGit(filename, mode='r')[source]

Bases: PathLike

A “TarGit” (pronounced “target”, /tɑːɡɪt/) is a tar.gz archive where the changes to the contents are recorded using git.

Parameters:
  • filename (Union[str, Path, PathLike]) – The filename of the archive.

  • mode (Literal['r', 'w', 'a']) – The mode to open the file in. Default 'r'.

Raises:
  • FileNotFoundError – If the file is opened in read or append mode, but it does not exist.

  • FileExistsError – If the file is opened in write mode, but it already exists.

  • ValueError – If an unknown value for mode is given.

Methods:

save()

Saves the contents of the archive.

status()

Returns the status of the TarGit archive.

exists()

Returns whether the TarGit archive exists.

close()

Closes the TarGit archive.

__truediv__(filename)

Returns a PathPlus object representing the given filename relative to the archive root.

__repr__()

Returns a string representation of the TarGit.

__fspath__()

Returns the filename of the TarGit archive.

__str__()

Returns the filename of the TarGit archive.

Attributes:

closed

Returns whether the TarGit archive is closed.

mode

Returns the mode the TarGit archive was opened in.

history

Returns an iterable over the historic save states of the TarGit.

save()[source]

Saves the contents of the archive.

Does nothing if there are no changes to be saved.

Return type:

bool

Returns:

Whether there were any changes to save.

Raises:

IOError – If the file is closed, or if it was opened in read-only mode.

status()[source]

Returns the status of the TarGit archive.

The values in the dictionary are lists of filenames, relative to the TarGit root.

Raises:

IOError – If the file is closed.

Return type:

StagedDict

exists()[source]

Returns whether the TarGit archive exists.

Return type:

bool

close()[source]

Closes the TarGit archive.

property closed

Returns whether the TarGit archive is closed.

Return type:

bool

property mode

Returns the mode the TarGit archive was opened in.

This defaults to 'r'. After the archive is closed this will show the last mode until the archive is opened again.

Return type:

Literal['r', 'w', 'a']

__truediv__(filename)[source]

Returns a PathPlus object representing the given filename relative to the archive root.

Parameters:

filename

__repr__()[source]

Returns a string representation of the TarGit.

Return type:

str

__fspath__()[source]

Returns the filename of the TarGit archive.

Return type:

str

__str__()[source]

Returns the filename of the TarGit archive.

Return type:

str

property history

Returns an iterable over the historic save states of the TarGit. :rtype: Iterator[SaveState] :return:

check_archive_paths(archive)[source]

Checks the contents of an archive to ensure it does not contain any filenames with absolute paths or path traversal.

For example, the following paths would raise an BadArchiveError:

  • /usr/bin/malware.sh – this is an absolute path.

  • ~/.local/bin/malware.sh – this tries to put the file in the user’s home directory.

  • ../.local/bin/malware.sh – this uses path traversal to try to get to a parent directory.

See also

The warning for tarfile.TarFile.extractall() in the Python documentation.

Parameters:

archive (TarFile)

Return type:

bool

namedtuple SaveState(id, user, device, time, timezone)[source]

Bases: NamedTuple

Represents a save event in a TarGit archive’s history.

Fields:
  1.  id (str) – The SHA id of the underlying commit.

  2.  user (str) – The name of the user who made the changes.

  3.  device (str) – The hostname of the device the changes were made on.

  4.  time (float) – The time the changes were saved, in seconds from epoch.

  5.  timezone (int) – The timezone the changes were made in, as a GMT offset in seconds.

format_time()[source]

Format the save state’s time in the following format:

Thu Oct 29 2020 15:53:52 +0000

where +0000 represents GMT.

Return type:

str

__repr__()

Return a string representation of the SaveState.

Return type:

str