Expand description
Backup manager for undo/rollback functionality.
Creates timestamped backups of files and directories before mutation, enabling restoration to the pre-mutation state. Backups are organized under a root directory with subdirectories per job ID.
§Security
§Backup Directory Symlink Check (FINDING #11)
The backup directory is verified to be a real directory (not a symlink) during construction. This prevents an attacker from redirecting backups to an arbitrary location via symlink substitution.
§Symlink Rejection in Copy Operations
The copy_recursive function explicitly rejects symlinks to prevent
symlink attack vectors. If a symlink is encountered during traversal,
the copy fails with an error.
§Features
- Supports both files and directories
- Preserves file permissions (including executable bit) on Unix systems
- Symlink rejection for security
- Automatic backup numbering to preserve multiple versions
- Pre-restore backup to prevent data loss on restore
- 100MB per-file backup size limit
- Post-copy integrity verification
§Example
ⓘ
use runtimo_core::BackupManager;
use std::path::PathBuf;
let mgr = BackupManager::new(PathBuf::from("/tmp/backups"));
let backup = mgr.create_backup(
&PathBuf::from("/tmp/config.toml"),
"job-abc123",
).unwrap();
// After a failed mutation, restore:
mgr.restore(&backup, &PathBuf::from("/tmp/config.toml")).unwrap();Structs§
- Backup
Manager - Manages file backups for undo/rollback operations.