mirror of
https://github.com/sqlite/sqlite.git
synced 2025-08-07 02:42:48 +03:00
Refactor the names of the new controls for restricting what actions the schema
can take behind the application's back. FossilOrigin-Name: 65d7d39a858c51ffd781f5a6335e029895e597aeb1e1ccdadea8ce79c8ad412f
This commit is contained in:
drh
20
manifest
20
manifest
@@ -1,5 +1,5 @@
|
|||||||
C Enhance\sPRAGMA\sfunction_list\sto\sshow\sinternal\sfunctions\sif\sthe\sdirect\suse\nof\sinternal\sfunctions\sis\senabled\svia\sthe\sSQLITE_TESTCTRL_INTERNAL_FUNCTIONS\ntest\scontrol.
|
C Refactor\sthe\snames\sof\sthe\snew\scontrols\sfor\srestricting\swhat\sactions\sthe\sschema\ncan\stake\sbehind\sthe\sapplication's\sback.
|
||||||
D 2020-01-04T19:58:28.209
|
D 2020-01-04T20:58:41.624
|
||||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||||
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
||||||
@@ -492,7 +492,7 @@ F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
|
|||||||
F src/insert.c 5ba8fd376f539240939ae76b5bc9fa7ad9a0d86e9914ecd11eb7002204138c11
|
F src/insert.c 5ba8fd376f539240939ae76b5bc9fa7ad9a0d86e9914ecd11eb7002204138c11
|
||||||
F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa
|
F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa
|
||||||
F src/loadext.c d74f5e7bd51f3c9d283442473eb65aef359664efd6513591c03f01881c4ae2da
|
F src/loadext.c d74f5e7bd51f3c9d283442473eb65aef359664efd6513591c03f01881c4ae2da
|
||||||
F src/main.c 5e71133fdb94908d3575998fe13430a4875dd211e0cb48bc9e684f0a616d657e
|
F src/main.c 372f764daf1fd8f86ea87a2eb285faaed891300682e9fa5a2fd75c3a3e6c5af7
|
||||||
F src/malloc.c eaa4dc9602ce28b077f7de2eb275db2be270c5cc56d7fec5466301bd9b80e2f5
|
F src/malloc.c eaa4dc9602ce28b077f7de2eb275db2be270c5cc56d7fec5466301bd9b80e2f5
|
||||||
F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
|
F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
|
||||||
F src/mem1.c c12a42539b1ba105e3707d0e628ad70e611040d8f5e38cf942cee30c867083de
|
F src/mem1.c c12a42539b1ba105e3707d0e628ad70e611040d8f5e38cf942cee30c867083de
|
||||||
@@ -526,14 +526,14 @@ F src/pragma.h 5bbfafd74cf085762b64e4e2b00242917951b30468e380bddd8be6c21789aec2
|
|||||||
F src/prepare.c 6049beb71385f017af6fc320d2c75a4e50b75e280c54232442b785fbb83df057
|
F src/prepare.c 6049beb71385f017af6fc320d2c75a4e50b75e280c54232442b785fbb83df057
|
||||||
F src/printf.c 9be6945837c839ba57837b4bc3af349eba630920fa5532aa518816defe42a7d4
|
F src/printf.c 9be6945837c839ba57837b4bc3af349eba630920fa5532aa518816defe42a7d4
|
||||||
F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
|
F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
|
||||||
F src/resolve.c c15dbf93b031e82fe19bfedacca72c520b616a0c02d6aac660073bf1ef5299ba
|
F src/resolve.c d368864894450413a78ab5381eea7f6deb2f1f7b10c7e6ca20cb345e5a7b9281
|
||||||
F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
|
F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
|
||||||
F src/select.c 64bf450dc0f2b37be8d2be6ff7d25a70de37ef6fb64527c68f767fe9fe47bc55
|
F src/select.c 64bf450dc0f2b37be8d2be6ff7d25a70de37ef6fb64527c68f767fe9fe47bc55
|
||||||
F src/shell.c.in 69462c95793d69a16df93deabbd6d026f5f6ef6c87d9da54ed1477c03490d17b
|
F src/shell.c.in 0fcf24b526e35eb2e02212e2504b695f79992ccc69b8be0f841276abea037008
|
||||||
F src/sqlite.h.in 7f3178430f94f30a105bbaa6ed3ff44c9a16784d3d7783e306c0b9dd735ba599
|
F src/sqlite.h.in 600fd6093a03112831e2658daac299d2a803ffcd3d7f4f6b091a447f79b4d6c2
|
||||||
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
|
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
|
||||||
F src/sqlite3ext.h 72af51aa4e912e14cd495fb6e7fac65f0940db80ed950d90911aff292cc47ce2
|
F src/sqlite3ext.h 72af51aa4e912e14cd495fb6e7fac65f0940db80ed950d90911aff292cc47ce2
|
||||||
F src/sqliteInt.h 5a27f5858868acddf980dc879d02e6d1b1455853adc17ebab7376ab63fa0a505
|
F src/sqliteInt.h 002066fa9a7ea1dacdca6f395968d4eed0fcf2978ac1f7528c61cb6e65f52e6e
|
||||||
F src/sqliteLimit.h 1513bfb7b20378aa0041e7022d04acb73525de35b80b252f1b83fedb4de6a76b
|
F src/sqliteLimit.h 1513bfb7b20378aa0041e7022d04acb73525de35b80b252f1b83fedb4de6a76b
|
||||||
F src/status.c 9ff2210207c6c3b4d9631a8241a7d45ab1b26a0e9c84cb07a9b5ce2de9a3b278
|
F src/status.c 9ff2210207c6c3b4d9631a8241a7d45ab1b26a0e9c84cb07a9b5ce2de9a3b278
|
||||||
F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34
|
F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34
|
||||||
@@ -1853,7 +1853,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
|||||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||||
P b878c30f03e895bbc5c4c99c0f727d49093bb78bdc275593cf4852148579ae69
|
P 7a8d7ca726666f4384925f959df0d58f7622229e06f1b5e643a3caccd539bb6e
|
||||||
R 2a316337c77b32f3140387723d41365c
|
R f9fb8a85043cff3871f686f554fff1c5
|
||||||
U drh
|
U drh
|
||||||
Z 5d85e17177ca37ac3e27744033bcda94
|
Z 2b34921532ba1ddcc3f837ba912e08b2
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
7a8d7ca726666f4384925f959df0d58f7622229e06f1b5e643a3caccd539bb6e
|
65d7d39a858c51ffd781f5a6335e029895e597aeb1e1ccdadea8ce79c8ad412f
|
||||||
@@ -887,8 +887,7 @@ int sqlite3_db_config(sqlite3 *db, int op, ...){
|
|||||||
{ SQLITE_DBCONFIG_DQS_DDL, SQLITE_DqsDDL },
|
{ SQLITE_DBCONFIG_DQS_DDL, SQLITE_DqsDDL },
|
||||||
{ SQLITE_DBCONFIG_DQS_DML, SQLITE_DqsDML },
|
{ SQLITE_DBCONFIG_DQS_DML, SQLITE_DqsDML },
|
||||||
{ SQLITE_DBCONFIG_LEGACY_FILE_FORMAT, SQLITE_LegacyFileFmt },
|
{ SQLITE_DBCONFIG_LEGACY_FILE_FORMAT, SQLITE_LegacyFileFmt },
|
||||||
{ SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW, SQLITE_UnsafeInView },
|
{ SQLITE_DBCONFIG_ENABLE_UNSAFE_DDL, SQLITE_UnsafeDDL },
|
||||||
{ SQLITE_DBCONFIG_VTAB_IN_VIEW, SQLITE_VtabInView },
|
|
||||||
};
|
};
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
rc = SQLITE_ERROR; /* IMP: R-42790-23372 */
|
rc = SQLITE_ERROR; /* IMP: R-42790-23372 */
|
||||||
@@ -3128,8 +3127,7 @@ static int openDatabase(
|
|||||||
| SQLITE_EnableTrigger
|
| SQLITE_EnableTrigger
|
||||||
| SQLITE_EnableView
|
| SQLITE_EnableView
|
||||||
| SQLITE_CacheSpill
|
| SQLITE_CacheSpill
|
||||||
| SQLITE_UnsafeInView
|
| SQLITE_UnsafeDDL
|
||||||
| SQLITE_VtabInView
|
|
||||||
|
|
||||||
/* The SQLITE_DQS compile-time option determines the default settings
|
/* The SQLITE_DQS compile-time option determines the default settings
|
||||||
** for SQLITE_DBCONFIG_DQS_DDL and SQLITE_DBCONFIG_DQS_DML.
|
** for SQLITE_DBCONFIG_DQS_DDL and SQLITE_DBCONFIG_DQS_DML.
|
||||||
|
|||||||
@@ -891,13 +891,13 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
|
|||||||
&& !IN_RENAME_OBJECT
|
&& !IN_RENAME_OBJECT
|
||||||
){
|
){
|
||||||
if( (pDef->funcFlags & SQLITE_FUNC_DIRECT)!=0
|
if( (pDef->funcFlags & SQLITE_FUNC_DIRECT)!=0
|
||||||
|| (pParse->db->flags & SQLITE_UnsafeInView)==0
|
|| (pParse->db->flags & SQLITE_UnsafeDDL)==0
|
||||||
){
|
){
|
||||||
/* Functions prohibited in triggers and views if:
|
/* Functions prohibited in triggers and views if:
|
||||||
** (1) tagged with SQLITE_DIRECTONLY
|
** (1) tagged with SQLITE_DIRECTONLY
|
||||||
** (2) not tagged with SQLITE_INNOCUOUS (which means it
|
** (2) not tagged with SQLITE_INNOCUOUS (which means it
|
||||||
** is tagged with SQLITE_FUNC_UNSAFE) and
|
** is tagged with SQLITE_FUNC_UNSAFE) and
|
||||||
** SQLITE_DBCONFIG_UNSAFE_IN_VIEW is off
|
** SQLITE_DBCONFIG_ENABLE_UNSAFE_DDL is off
|
||||||
*/
|
*/
|
||||||
sqlite3ErrorMsg(pParse, "%s() prohibited in triggers and views",
|
sqlite3ErrorMsg(pParse, "%s() prohibited in triggers and views",
|
||||||
pDef->zName);
|
pDef->zName);
|
||||||
|
|||||||
@@ -7165,6 +7165,7 @@ static int do_meta_command(char *zLine, ShellState *p){
|
|||||||
{ "enable_fkey", SQLITE_DBCONFIG_ENABLE_FKEY },
|
{ "enable_fkey", SQLITE_DBCONFIG_ENABLE_FKEY },
|
||||||
{ "enable_qpsg", SQLITE_DBCONFIG_ENABLE_QPSG },
|
{ "enable_qpsg", SQLITE_DBCONFIG_ENABLE_QPSG },
|
||||||
{ "enable_trigger", SQLITE_DBCONFIG_ENABLE_TRIGGER },
|
{ "enable_trigger", SQLITE_DBCONFIG_ENABLE_TRIGGER },
|
||||||
|
{ "enable_unsafe_ddl", SQLITE_DBCONFIG_ENABLE_UNSAFE_DDL },
|
||||||
{ "enable_view", SQLITE_DBCONFIG_ENABLE_VIEW },
|
{ "enable_view", SQLITE_DBCONFIG_ENABLE_VIEW },
|
||||||
{ "fts3_tokenizer", SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER },
|
{ "fts3_tokenizer", SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER },
|
||||||
{ "legacy_alter_table", SQLITE_DBCONFIG_LEGACY_ALTER_TABLE },
|
{ "legacy_alter_table", SQLITE_DBCONFIG_LEGACY_ALTER_TABLE },
|
||||||
@@ -7173,8 +7174,6 @@ static int do_meta_command(char *zLine, ShellState *p){
|
|||||||
{ "no_ckpt_on_close", SQLITE_DBCONFIG_NO_CKPT_ON_CLOSE },
|
{ "no_ckpt_on_close", SQLITE_DBCONFIG_NO_CKPT_ON_CLOSE },
|
||||||
{ "reset_database", SQLITE_DBCONFIG_RESET_DATABASE },
|
{ "reset_database", SQLITE_DBCONFIG_RESET_DATABASE },
|
||||||
{ "trigger_eqp", SQLITE_DBCONFIG_TRIGGER_EQP },
|
{ "trigger_eqp", SQLITE_DBCONFIG_TRIGGER_EQP },
|
||||||
{ "unsafe_func_in_view",SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW },
|
|
||||||
{ "vtab_in_view", SQLITE_DBCONFIG_VTAB_IN_VIEW },
|
|
||||||
{ "writable_schema", SQLITE_DBCONFIG_WRITABLE_SCHEMA },
|
{ "writable_schema", SQLITE_DBCONFIG_WRITABLE_SCHEMA },
|
||||||
};
|
};
|
||||||
int ii, v;
|
int ii, v;
|
||||||
|
|||||||
@@ -2265,31 +2265,19 @@ struct sqlite3_mem_methods {
|
|||||||
** compile-time option.
|
** compile-time option.
|
||||||
** </dd>
|
** </dd>
|
||||||
**
|
**
|
||||||
** [[SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW]]
|
** [[SQLITE_DBCONFIG_INDIRECT_UNSAFE]]
|
||||||
** <dt>SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW</td>
|
** <dt>SQLITE_DBCONFIG_INDIRECT_UNSAFE</td>
|
||||||
** <dd>The SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW option activates or deactivates
|
** <dd>The SQLITE_DBCONFIG_INDIRECT_UNSAFE option activates or deactivates
|
||||||
** the ability to use SQL functions that have side-effects inside of
|
** the ability to use "unsafe" SQL functions and virtual tables in the
|
||||||
** triggers and views. For legacy compatibility, this setting defaults
|
** schema of the database. Using an SQL function or virtual table "in the
|
||||||
** to "on". Applications that are operating on untrusted database files
|
** schema" means using the rsource in a
|
||||||
** are advised to change this setting to "off". When this setting is on,
|
** trigger, view, CHECK constraint, INDEX definition, generated column,
|
||||||
** only functions that have no side effects are usable inside of views.
|
** default value, or in any other context that is part of the DDL for the
|
||||||
** This prevents an attacker from modifying the schema of a database so
|
** database file. "Unsafe" SQL functions are SQL functions that are not
|
||||||
** that views and/or triggers with undesirable side-effects are run when
|
** tagged with [SQLITE_INNOCUOUS].
|
||||||
** the application innocently tries to access what it thinks is an ordinary
|
** <p>For legacy compatibility, the SQLITE_DBCONFIG_INDIRECT_UNSAFE setting
|
||||||
** table.
|
** defaults to "on". Applications that are operating on untrusted database
|
||||||
** </dd>
|
** files are advised to change this setting to "off".
|
||||||
**
|
|
||||||
** [[SQLITE_DBCONFIG_VTAB_IN_VIEW]]
|
|
||||||
** <dt>SQLITE_DBCONFIG_VTAB_IN_VIEW</td>
|
|
||||||
** <dd>The SQLITE_DBCONFIG_VTAB_IN_VIEW option activates or deactivates
|
|
||||||
** the ability to use [virtual tables] inside of triggers and views.
|
|
||||||
** For legacy compatibility, this setting defaults
|
|
||||||
** to "on". Applications that are operating on untrusted database files
|
|
||||||
** are advised to change this setting to "off". Turning this setting off
|
|
||||||
** prevents an attacker from modifying the schema of a database so
|
|
||||||
** that views and/or triggers with undesirable side-effects are run when
|
|
||||||
** the application innocently tries to access what it thinks is an ordinary
|
|
||||||
** table.
|
|
||||||
** </dd>
|
** </dd>
|
||||||
**
|
**
|
||||||
** [[SQLITE_DBCONFIG_LEGACY_FILE_FORMAT]]
|
** [[SQLITE_DBCONFIG_LEGACY_FILE_FORMAT]]
|
||||||
@@ -2332,9 +2320,8 @@ struct sqlite3_mem_methods {
|
|||||||
#define SQLITE_DBCONFIG_DQS_DDL 1014 /* int int* */
|
#define SQLITE_DBCONFIG_DQS_DDL 1014 /* int int* */
|
||||||
#define SQLITE_DBCONFIG_ENABLE_VIEW 1015 /* int int* */
|
#define SQLITE_DBCONFIG_ENABLE_VIEW 1015 /* int int* */
|
||||||
#define SQLITE_DBCONFIG_LEGACY_FILE_FORMAT 1016 /* int int* */
|
#define SQLITE_DBCONFIG_LEGACY_FILE_FORMAT 1016 /* int int* */
|
||||||
#define SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW 1017 /* int int* */
|
#define SQLITE_DBCONFIG_ENABLE_UNSAFE_DDL 1017 /* int int* */
|
||||||
#define SQLITE_DBCONFIG_VTAB_IN_VIEW 1018 /* int int* */
|
#define SQLITE_DBCONFIG_MAX 1017 /* Largest DBCONFIG */
|
||||||
#define SQLITE_DBCONFIG_MAX 1018 /* Largest DBCONFIG */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
** CAPI3REF: Enable Or Disable Extended Result Codes
|
** CAPI3REF: Enable Or Disable Extended Result Codes
|
||||||
|
|||||||
@@ -1581,10 +1581,10 @@ struct sqlite3 {
|
|||||||
#define SQLITE_CkptFullFSync 0x00000010 /* Use full fsync for checkpoint */
|
#define SQLITE_CkptFullFSync 0x00000010 /* Use full fsync for checkpoint */
|
||||||
#define SQLITE_CacheSpill 0x00000020 /* OK to spill pager cache */
|
#define SQLITE_CacheSpill 0x00000020 /* OK to spill pager cache */
|
||||||
#define SQLITE_ShortColNames 0x00000040 /* Show short columns names */
|
#define SQLITE_ShortColNames 0x00000040 /* Show short columns names */
|
||||||
#define SQLITE_UnsafeInView 0x00000080 /* Allow functions with side-effect
|
#define SQLITE_UnsafeDDL 0x00000080 /* Allow unsafe functions and vtabs
|
||||||
** in triggers and views */
|
** in the schema definition */
|
||||||
#define SQLITE_VtabInView 0x00000100 /* Allow views and triggers to access
|
#define SQLITE_NullCallback 0x00000100 /* Invoke the callback once if the */
|
||||||
** virtual tables */
|
/* result set is empty */
|
||||||
#define SQLITE_IgnoreChecks 0x00000200 /* Do not enforce check constraints */
|
#define SQLITE_IgnoreChecks 0x00000200 /* Do not enforce check constraints */
|
||||||
#define SQLITE_ReadUncommit 0x00000400 /* READ UNCOMMITTED in shared-cache */
|
#define SQLITE_ReadUncommit 0x00000400 /* READ UNCOMMITTED in shared-cache */
|
||||||
#define SQLITE_NoCkptOnClose 0x00000800 /* No checkpoint on close()/DETACH */
|
#define SQLITE_NoCkptOnClose 0x00000800 /* No checkpoint on close()/DETACH */
|
||||||
@@ -1611,8 +1611,6 @@ struct sqlite3 {
|
|||||||
#define SQLITE_CountRows HI(0x00001) /* Count rows changed by INSERT, */
|
#define SQLITE_CountRows HI(0x00001) /* Count rows changed by INSERT, */
|
||||||
/* DELETE, or UPDATE and return */
|
/* DELETE, or UPDATE and return */
|
||||||
/* the count using a callback. */
|
/* the count using a callback. */
|
||||||
#define SQLITE_NullCallback HI(0000002) /* Invoke the callback once if the */
|
|
||||||
/* result set is empty */
|
|
||||||
|
|
||||||
/* Flags used only if debugging */
|
/* Flags used only if debugging */
|
||||||
#ifdef SQLITE_DEBUG
|
#ifdef SQLITE_DEBUG
|
||||||
|
|||||||
Reference in New Issue
Block a user