Greetings,
This is the first script I've written that deals with writing files to disk, so I'd like to submit this for your perusal, so that if I've done something unwise or left something amiss, you may guide me to clarity and greater understanding.

The script grabs a remote mysql database and backs it up to disk, first making a copy of the backup file.

The intention is that this will run as a daily cron job.
In the future I will probably expand it so that it compresses the file and emails it as well as saving to disk, and also email notification of errors, but at the moment that's not necessary.
I explain this because, yes, I can see it's a bit pointless printing error messages from a script that will be running unattended.
#!/usr/bin/perl -wT
use strict;

### These 2 files should be absolute references
my %file;
$file{1} = '/path/to/backup.sql';
$file{2} = '/path/to/backup.bck';
my %db;
$db{prog} = '/usr/bin/mysqldump';
$db{host} = 'mysql.host.com';
$db{user} = 'user';
$db{password} = 'pass';
$db{database} = 'database';

### END of configuration section

### Declare global variables
my $file1_data;

### Check the file paths for dangerous stuff
foreach (keys %file) {
    # Check it starts with a '/'
    if ($file{"$_"} !~ /^\//) {
    print "insecure file path";
    exit;
    }
    # Check it doesn't have any double dots
    if ($file{"$_"} =~ /\.\./) {
    print "insecure file path";
    exit;
    }
}

### Check the db vars
foreach (keys %db) {
    # Allowed chars are: A-Za-z0-9 _/.-
    unless ($db{"$_"} =~ /^[a-zA-Z0-9_\.\/-]+$/) {
    print "insecure database config";
    exit;
    }
}

### Any other security stuff
$ENV{'PATH'} = undef;

### Back up the file, if it exists
if ( open(FILE1, "< $file{1}") ) {
    open(FILE2, "> $file{2}");
    while (<FILE1>) {
    $file1_data .= $_;
    }
    close (FILE1);
    print FILE2 $file1_data;
    close (FILE2);
}

### Copy the database
system("$db{'prog'} --opt -h $db{'host'} -u $db{'user'} --password=$db
+{'password'} $db{'database'} > $file{'1'}");
exit;

[download]
Also, looking through the code, I've just remembered a problem with it that I don't understand.
Initially, the script was dying, complaining of a Taint error with the system call in the path for mysqldump.
So, I added the $ENV{'PATH'} = undef; line and now pass the full path for the mysqldump program.
Now it runs, but with a warning about the line where I undef $ENV('PATH').
Any ideas of what's going wrong there would be appreciated.

In reply to Database backup submission by fireartist

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.