@@ 55,7 55,13 @@ def enumerate_backups(config):
logging.info("enumerating backups on remote host...")
- command = [ "find", config['destination_path'], "-type", "d", "-iname", "'_rtm_*'"]
+ # XXX: there are two ways that this might break in the future:
+ #
+ # * ls -1 is not safe against adversarial inputs, as it is not
+ # null-delimited
+ #
+ # * this will break if config['destination_path'] is not a POSIX-style path
+ command = [ "ls", "-1", "-d", config['destination_path'] + "/_rtm_*" ]
backups = run_ssh_command(config, command)
complete = []