security: Implement HIGH priority security improvements

HIGH Priority Security Features: - Path sanitization with filepath.Clean() for all user paths - Path traversal attack prevention in backup/restore operations - Secure config file permissions (0600 instead of 0644) - SHA-256 checksum generation for all backup archives - Checksum verification during restore operations - Comprehensive audit logging for compliance New Security Module (internal/security/): - paths.go: ValidateBackupPath() and ValidateArchivePath() - checksum.go: ChecksumFile(), VerifyChecksum(), LoadAndVerifyChecksum() - audit.go: AuditLogger with structured event tracking Integration Points: - Backup engine: Path validation, checksum generation - Restore engine: Path validation, checksum verification - All backup/restore operations: Audit logging - Configuration saves: Audit logging Security Enhancements: - .dbbackup.conf now created with 0600 permissions (owner-only) - All archive files get .sha256 checksum files - Restore warns if checksum verification fails but continues - Audit events logged for all administrative operations - User tracking via $USER/$USERNAME environment variables Compliance Features: - Audit trail for backups, restores, config changes - Structured logging with timestamps, users, actions, results - Event details include paths, sizes, durations, errors Testing: - All code compiles successfully - Cross-platform build verified - Ready for integration testing
2025-11-25 12:03:21 +00:00
parent b32f6df98e
commit a0e7fd71de
10 changed files with 527 additions and 7 deletions
--- a/internal/backup/engine.go
+++ b/internal/backup/engine.go
@@ -19,6 +19,7 @@ import (
 	"dbbackup/internal/checks"
 	"dbbackup/internal/config"
 	"dbbackup/internal/database"
+	"dbbackup/internal/security"
 	"dbbackup/internal/logger"
 	"dbbackup/internal/metrics"
 	"dbbackup/internal/progress"
@@ -132,6 +133,16 @@ func (e *Engine) BackupSingle(ctx context.Context, databaseName string) error {
 	
 	// Start preparing backup directory
 	prepStep := tracker.AddStep("prepare", "Preparing backup directory")
+	
+	// Validate and sanitize backup directory path
+	validBackupDir, err := security.ValidateBackupPath(e.cfg.BackupDir)
+	if err != nil {
+		prepStep.Fail(fmt.Errorf("invalid backup directory path: %w", err))
+		tracker.Fail(fmt.Errorf("invalid backup directory path: %w", err))
+		return fmt.Errorf("invalid backup directory path: %w", err)
+	}
+	e.cfg.BackupDir = validBackupDir
+	
 	if err := os.MkdirAll(e.cfg.BackupDir, 0755); err != nil {
 		prepStep.Fail(fmt.Errorf("failed to create backup directory: %w", err))
 		tracker.Fail(fmt.Errorf("failed to create backup directory: %w", err))
@@ -194,6 +205,20 @@ func (e *Engine) BackupSingle(ctx context.Context, databaseName string) error {
 		tracker.UpdateProgress(90, fmt.Sprintf("Backup verified: %s", size))
 	}
 	
+	// Calculate and save checksum
+	checksumStep := tracker.AddStep("checksum", "Calculating SHA-256 checksum")
+	if checksum, err := security.ChecksumFile(outputFile); err != nil {
+		e.log.Warn("Failed to calculate checksum", "error", err)
+		checksumStep.Fail(fmt.Errorf("checksum calculation failed: %w", err))
+	} else {
+		if err := security.SaveChecksum(outputFile, checksum); err != nil {
+			e.log.Warn("Failed to save checksum", "error", err)
+		} else {
+			checksumStep.Complete(fmt.Sprintf("Checksum: %s", checksum[:16]+"..."))
+			e.log.Info("Backup checksum", "sha256", checksum)
+		}
+	}
+	
 	// Create metadata file
 	metaStep := tracker.AddStep("metadata", "Creating metadata file")
 	if err := e.createMetadata(outputFile, databaseName, "single", ""); err != nil {