From b7d1a55ca64a1227fd8e729101cc51ff926f7a69 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Wed, 11 Feb 2026 00:58:35 -0500
Subject: [PATCH] Add comprehensive path validation and write permission checks

Path Traversal Protection (Lines 1374-1405):
- Validates custom path input to prevent directory traversal attacks
- Rejects paths containing '../' sequences
- Prevents use of live MySQL directory (/var/lib/mysql)
- Resolves paths using realpath logic to get canonical absolute path
- Validates parent directory exists before accepting custom path
- Example blocked: '../../../etc/passwd' or '/var/lib/mysql'

Write Permission Validation (Lines 1435-1442):
- Checks that TEMP_DATADIR is writable before use
- Prevents silent failures when attempting to restore data
- Shows clear error message if directory lacks write permissions
- Critical for user experience - catches permission issues early

Impact: Prevents path traversal attacks, local privilege escalation risks,
and data loss from permission errors. Script is more defensive and robust.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 modules/backup/mysql-restore-to-sql.sh | 40 +++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/modules/backup/mysql-restore-to-sql.sh b/modules/backup/mysql-restore-to-sql.sh
index e8a3410..1ec099f 100755
--- a/modules/backup/mysql-restore-to-sql.sh
+++ b/modules/backup/mysql-restore-to-sql.sh
@@ -1371,7 +1371,37 @@ step2_set_restore_location() {
                 press_enter
                 exit 0
             fi
-            TEMP_DATADIR="$restore_path"
+
+            # SECURITY: Validate path to prevent traversal and system directory access
+            if [[ "$restore_path" == *"../"* ]] || [[ "$restore_path" == *"/.."* ]]; then
+                print_error "Invalid path: contains path traversal sequence (..)"
+                press_enter
+                return 1
+            fi
+
+            # Prevent using live database directories
+            if [ "$restore_path" = "/var/lib/mysql" ] || [[ "$restore_path" == "/var/lib/mysql/"* ]]; then
+                print_error "Invalid path: cannot use live MySQL data directory (/var/lib/mysql)"
+                press_enter
+                return 1
+            fi
+
+            # Get absolute path for validation
+            local resolved_path
+            if [ -d "$restore_path" ]; then
+                resolved_path=$(cd "$restore_path" && pwd)
+            else
+                # Path doesn't exist yet, resolve parent directory
+                local parent_path=$(dirname "$restore_path")
+                if [ ! -d "$parent_path" ]; then
+                    print_error "Parent directory does not exist: $parent_path"
+                    press_enter
+                    return 1
+                fi
+                resolved_path=$(cd "$parent_path" && pwd)/$(basename "$restore_path")
+            fi
+
+            TEMP_DATADIR="$resolved_path"
             ;;
         *)
             print_error "Invalid option"
@@ -1403,6 +1433,14 @@ step2_set_restore_location() {
         fi
     fi
 
+    # CRITICAL: Verify directory has write permissions before using it
+    if [ ! -w "$TEMP_DATADIR" ]; then
+        print_error "Directory exists but is not writable: $TEMP_DATADIR"
+        print_info "Please check permissions or choose a different directory"
+        press_enter
+        return 1
+    fi
+
     # Show required files list
     echo ""
     print_banner "Required Files to Restore"