Add comprehensive path validation and write permission checks

Path Traversal Protection (Lines 1374-1405): - Validates custom path input to prevent directory traversal attacks - Rejects paths containing '../' sequences - Prevents use of live MySQL directory (/var/lib/mysql) - Resolves paths using realpath logic to get canonical absolute path - Validates parent directory exists before accepting custom path - Example blocked: '../../../etc/passwd' or '/var/lib/mysql' Write Permission Validation (Lines 1435-1442): - Checks that TEMP_DATADIR is writable before use - Prevents silent failures when attempting to restore data - Shows clear error message if directory lacks write permissions - Critical for user experience - catches permission issues early Impact: Prevents path traversal attacks, local privilege escalation risks, and data loss from permission errors. Script is more defensive and robust. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-02-11 00:58:35 -05:00
parent 02b7b36f58
commit b7d1a55ca6
1 changed files with 39 additions and 1 deletions
@@ -1371,7 +1371,37 @@ step2_set_restore_location() {
                press_enter
                exit 0
            fi
-            TEMP_DATADIR="$restore_path"
+
+            # SECURITY: Validate path to prevent traversal and system directory access
+            if [[ "$restore_path" == *"../"* ]] || [[ "$restore_path" == *"/.."* ]]; then
+                print_error "Invalid path: contains path traversal sequence (..)"
+                press_enter
+                return 1
+            fi
+
+            # Prevent using live database directories
+            if [ "$restore_path" = "/var/lib/mysql" ] || [[ "$restore_path" == "/var/lib/mysql/"* ]]; then
+                print_error "Invalid path: cannot use live MySQL data directory (/var/lib/mysql)"
+                press_enter
+                return 1
+            fi
+
+            # Get absolute path for validation
+            local resolved_path
+            if [ -d "$restore_path" ]; then
+                resolved_path=$(cd "$restore_path" && pwd)
+            else
+                # Path doesn't exist yet, resolve parent directory
+                local parent_path=$(dirname "$restore_path")
+                if [ ! -d "$parent_path" ]; then
+                    print_error "Parent directory does not exist: $parent_path"
+                    press_enter
+                    return 1
+                fi
+                resolved_path=$(cd "$parent_path" && pwd)/$(basename "$restore_path")
+            fi
+
+            TEMP_DATADIR="$resolved_path"
            ;;
        *)
            print_error "Invalid option"
@@ -1403,6 +1433,14 @@ step2_set_restore_location() {
        fi
    fi

+    # CRITICAL: Verify directory has write permissions before using it
+    if [ ! -w "$TEMP_DATADIR" ]; then
+        print_error "Directory exists but is not writable: $TEMP_DATADIR"
+        print_info "Please check permissions or choose a different directory"
+        press_enter
+        return 1
+    fi
+
    # Show required files list
    echo ""
    print_banner "Required Files to Restore"