Skip to content

fix(restore): replace USE statements with target database during restore #3437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CebRazvan wants to merge 1 commit into
base: canary
Choose a base branch
from
Open

fix(restore): replace USE statements with target database during restore #3437

CebRazvan wants to merge 1 commit into from

Conversation

@CebRazvan
Copy link

@CebRazvan CebRazvan commented Jan 11, 2026

Summary

Fixes #3436

When restoring a MySQL/MariaDB backup to a different database, the SQL dump may contain USE \original_database`` statements that override the target database specified in the restore dialog. This causes data to be restored into the wrong database, potentially overwriting production data.

Problem

SQL dumps created by mysqldump/mariadb-dump include explicit database selection:

-- MariaDB dump


USE `production_db`;


DROP TABLE IF EXISTS `users`;


CREATE TABLE `users` ...


INSERT INTO `users` VALUES ...

When a user restores this backup into a different database (e.g., dev_db):

mariadb -u user -p dev_db < backup.sql

The USE \production_db`statement inside the dump switches the context toproduction_db, and all subsequent DROP TABLE, CREATE TABLE, and INSERTcommands execute against the **production database** instead of the intendeddev_db`.

Result: Production database is overwritten with old backup data. Critical data loss.

Solution

Added a sed filter to replace all USE \...`` statements with the target database name before piping to mysql/mariadb:

# Before (vulnerable)


... | docker exec -i $CONTAINER_ID sh -c "mariadb -u user -p db_name"



# After (safe)


... | sed "s/USE \`[^\`]*\`/USE \`db_name\`/g" | docker exec -i $CONTAINER_ID sh -c "mariadb -u user -p db_name"

This ensures all USE statements in the dump are rewritten to point to the user-specified target database.

Changes

  • packages/server/src/utils/restore/utils.ts:

    • Updated getMariadbRestoreCommand() - added sed filter for USE statements

    • Updated getMysqlRestoreCommand() - added sed filter for USE statements

Testing

  • Tested restore of MariaDB backup to same database name - works
  • Tested restore of MariaDB backup to different database name - USE statements correctly replaced
  • Verified sed regex handles multiple USE statements in dump
  • Verified database comments (e.g., -- Database: xyz) are not affected

Checklist

  • You created a dedicated branch based on the canary branch.
  • You have read the suggestions in the CONTRIBUTING.md file
  • You have tested this PR in your local instance.

Note: The sed regex was tested manually on real MariaDB dump files. Full integration testing in Dokploy instance was not performed but the change is minimal and isolated.

Issues related

closes #3436

@CebRazvan
fix(restore): replace USE statements with target database during restore
6b35018 
When restoring a MySQL/MariaDB backup to a different database, the SQL dump
may contain USE \original_database\ statements that override the target
database specified in the restore dialog.

This causes data to be restored into the wrong database, potentially
overwriting production data when restoring into a dev database.

The fix uses sed to replace all USE \...\ statements with the target
database name before piping to mysql/mariadb.

Fixes Dokploy#3436
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Siumauricio Siumauricio Awaiting requested review from Siumauricio Siumauricio is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Database restore overwrites wrong database when SQL dump contains USE statement

1 participant

@CebRazvan