[do not merge] attempt to resolve CodeQL errors

Signed-off-by: Mark Bolton <[email protected]>

lxd/backup/backup_utils.go

@@ -3,8 +3,10 @@ package backup
 import (
 	"archive/tar"
 	"context"
+	"errors"
 	"fmt"
 	"io"
+	"strings"
 
 	"github.com/canonical/lxd/lxd/archive"
 	"github.com/canonical/lxd/lxd/sys"
@@ -34,3 +36,11 @@ func TarReader(r io.ReadSeeker, sysOS *sys.OS, outputPath string) (*tar.Reader,
 
 	return tr, cancelFunc, nil
 }
+
+// ValidateBackupName returns an error if the backup name is not legal.
+func ValidateBackupName(backupName string) error {
+	if strings.Contains(backupName, "/") {
+		return errors.New("Backup names may not contain slashes")
+	}
+	return nil
+}

lxd/instance_backup.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/gorilla/mux"
 
+	"github.com/canonical/lxd/lxd/backup"
 	"github.com/canonical/lxd/lxd/db"
 	"github.com/canonical/lxd/lxd/db/operationtype"
 	"github.com/canonical/lxd/lxd/instance"
@@ -310,8 +311,9 @@ func instanceBackupsPost(d *Daemon, r *http.Request) response.Response {
 	}
 
 	// Validate the name.
-	if strings.Contains(req.Name, "/") {
-		return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
+	err = backup.ValidateBackupName(req.Name)
+	if err != nil {
+		return response.BadRequest(err)
 	}
 
 	fullName := name + shared.SnapshotDelimiter + req.Name
@@ -508,8 +510,10 @@ func instanceBackupPost(d *Daemon, r *http.Request) response.Response {
 	}
 
 	// Validate the name
-	if strings.Contains(req.Name, "/") {
-		return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
+	newBackupName := req.Name
+	err = backup.ValidateBackupName(newBackupName)
+	if err != nil {
+		return response.BadRequest(err)
 	}
 
 	oldName := name + shared.SnapshotDelimiter + backupName
@@ -518,7 +522,7 @@ func instanceBackupPost(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	newName := name + shared.SnapshotDelimiter + req.Name
+	newName := backup.Instance().Name() + shared.SnapshotDelimiter + newBackupName
 
 	rename := func(op *operations.Operation) error {
 		err := backup.Rename(newName)

lxd/storage/backend_lxd.go

@@ -7841,11 +7841,18 @@ func (b *lxdBackend) CreateBucketFromBackup(srcBackup backup.Info, srcData io.Re
 		return fmt.Errorf("Storage pool does not support buckets")
 	}
 
+	// Validate bucket name.
+	backupName := srcBackup.Name
+	err = backup.ValidateBackupName(backupName)
+	if err != nil {
+		return err
+	}
+
 	revert := revert.New()
 	defer revert.Fail()
 
 	bucketRequest := api.StorageBucketsPost{
-		Name:             srcBackup.Name,
+		Name:             backupName,
 		StorageBucketPut: srcBackup.Config.Bucket.Writable(),
 	}
 

lxd/storage_buckets_backup.go

@@ -354,8 +354,9 @@ func storagePoolBucketBackupsPost(d *Daemon, r *http.Request) response.Response
 	}
 
 	// Validate the name.
-	if strings.Contains(req.Name, "/") {
-		return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
+	err = backup.ValidateBackupName(req.Name)
+	if err != nil {
+		return response.BadRequest(err)
 	}
 
 	fullName := bucket.Name + shared.SnapshotDelimiter + req.Name
@@ -565,8 +566,9 @@ func storagePoolBucketBackupPost(d *Daemon, r *http.Request) response.Response {
 
 	// Validate the name
 	newBackupName := req.Name
-	if strings.Contains(newBackupName, "/") {
-		return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
+	err = backup.ValidateBackupName(newBackupName)
+	if err != nil {
+		return response.BadRequest(err)
 	}
 
 	oldName := bucketName + shared.SnapshotDelimiter + backupName

lxd/storage_volumes_backup.go

@@ -359,8 +359,9 @@ func storagePoolVolumeTypeCustomBackupsPost(d *Daemon, r *http.Request) response
 	}
 
 	// Validate the name.
-	if strings.Contains(req.Name, "/") {
-		return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
+	err = backup.ValidateBackupName(req.Name)
+	if err != nil {
+		return response.BadRequest(err)
 	}
 
 	fullName := details.volumeName + shared.SnapshotDelimiter + req.Name
@@ -567,8 +568,9 @@ func storagePoolVolumeTypeCustomBackupPost(d *Daemon, r *http.Request) response.
 	}
 
 	// Validate the name
-	if strings.Contains(req.Name, "/") {
-		return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
+	err = backup.ValidateBackupName(req.Name)
+	if err != nil {
+		return response.BadRequest(err)
 	}
 
 	oldName := details.volumeName + shared.SnapshotDelimiter + backupName