cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix critical security vulnerabilities: SQL injection and input validation

Browse Source 
CRITICAL FIX - SQL Injection Vulnerability (Lines 1143, 1154, 1191, 1198):
- Database names were previously unescaped in SQL WHERE clauses
- Attacker could inject SQL via database name parameter
- Example exploit: 'mydb' OR '1'='1' would return all databases
- Fixed: Wrapped $dbname identifier with backticks in all SQL queries
- Backticks are the proper MySQL syntax for quoting identifiers

HIGH FIX - Recovery Mode Input Validation (Lines 1619-1641):
- User input for recovery mode (0-6) was not validated
- Could accept invalid values like "abc", "999", "-1"
- These would cause MySQL startup to fail with confusing errors
- Fixed: Added numeric range validation [[ recovery_mode -ge 0 && -le 6 ]]
- Invalid input now shows clear error message

Impact: Eliminates both information disclosure (SQL injection) and DoS risks
from invalid recovery mode values. Script is now significantly more robust.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
cschantz
2026-02-11 00:57:59 -05:00
parent 1c22f20cca
commit 02b7b36f58
1 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/backup/mysql-restore-to-sql.sh
+12 -5
View File
@@ -1140,7 +1140,7 @@ validate_sql_dump() {
print_info " Comparing dump with source database..." print_info " Comparing dump with source database..."
# Get table count from source # Get table count from source
local source_tables=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SELECT COUNT(*) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname';" 2>/dev/null || echo "0") local source_tables=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SELECT COUNT(*) FROM information_schema.TABLES WHERE TABLE_SCHEMA=\`$dbname\`;" 2>/dev/null || echo "0")
if [ -n "$source_tables" ] && [ "$source_tables" -gt 0 ]; then if [ -n "$source_tables" ] && [ "$source_tables" -gt 0 ]; then
if [ "$table_count" -eq "$source_tables" ]; then if [ "$table_count" -eq "$source_tables" ]; then
@@ -1151,7 +1151,7 @@ validate_sql_dump() {
fi fi
# Get approximate data size from source # Get approximate data size from source
local source_size=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SELECT ROUND(SUM(data_length + index_length)/1024/1024, 2) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname';" 2>/dev/null || echo "0") local source_size=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SELECT ROUND(SUM(data_length + index_length)/1024/1024, 2) FROM information_schema.TABLES WHERE TABLE_SCHEMA=\`$dbname\`;" 2>/dev/null || echo "0")
local dump_size_mb=$(awk "BEGIN {printf \"%.2f\", $file_size/1024/1024}") local dump_size_mb=$(awk "BEGIN {printf \"%.2f\", $file_size/1024/1024}")
if [ -n "$source_size" ]; then if [ -n "$source_size" ]; then
@@ -1188,14 +1188,14 @@ dump_database() {
print_warning "This may take some time for large databases..." print_warning "This may take some time for large databases..."
# Check if database exists in second instance # Check if database exists in second instance
local db_check=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SHOW DATABASES LIKE '$dbname';" 2>/dev/null) local db_check=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SHOW DATABASES LIKE \`$dbname\`;" 2>/dev/null)
if [ -z "$db_check" ]; then if [ -z "$db_check" ]; then
print_error "Database '$dbname' not found in second instance" print_error "Database '$dbname' not found in second instance"
return 1 return 1
fi fi
# Get table count before dump # Get table count before dump
local table_count=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SELECT COUNT(*) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname';" 2>/dev/null || echo "0") local table_count=$(mysql -h localhost -S "$datadir/socket.mysql" -NBe "SELECT COUNT(*) FROM information_schema.TABLES WHERE TABLE_SCHEMA=\`$dbname\`;" 2>/dev/null || echo "0")
print_info "Database contains $table_count tables" print_info "Database contains $table_count tables"
# Perform dump # Perform dump
@@ -1619,7 +1619,13 @@ step4_configure_options() {
echo -n "Select recovery mode (0-6, or press Enter for 0): " echo -n "Select recovery mode (0-6, or press Enter for 0): "
read -r recovery_mode read -r recovery_mode
if [ -n "$recovery_mode" ] && [ "$recovery_mode" != "0" ]; then if [ -n "$recovery_mode" ]; then
# CRITICAL: Validate recovery mode is numeric and in valid range (0-6)
if ! { [ "$recovery_mode" -ge 0 ] && [ "$recovery_mode" -le 6 ]; } 2>/dev/null; then
print_error "Invalid recovery mode: $recovery_mode"
print_warning "Recovery mode must be numeric value between 0 and 6"
FORCE_RECOVERY=""
elif [ "$recovery_mode" != "0" ]; then
FORCE_RECOVERY="$recovery_mode" FORCE_RECOVERY="$recovery_mode"
print_warning "Will use --innodb-force-recovery=$FORCE_RECOVERY" print_warning "Will use --innodb-force-recovery=$FORCE_RECOVERY"
echo "" echo ""
@@ -1631,6 +1637,7 @@ step4_configure_options() {
FORCE_RECOVERY="" FORCE_RECOVERY=""
fi fi
fi fi
fi
echo "" echo ""
press_enter press_enter