mirror of
https://github.com/sqlite/sqlite.git
synced 2025-11-12 13:01:09 +03:00
Merge in the untrusted-schema enhancements.
See [/doc/87aea3ab1cdda453/doc/trusted-schema.md|doc/trusted-schema.md] for details. FossilOrigin-Name: 5720924cb07766cd54fb042da58f4b4acf12b60029fba86a23a606ad0d0f7c68
This commit is contained in:
drh
66
src/expr.c
66
src/expr.c
@@ -973,6 +973,40 @@ Expr *sqlite3ExprFunction(
|
||||
return pNew;
|
||||
}
|
||||
|
||||
/*
|
||||
** Check to see if a function is usable according to current access
|
||||
** rules:
|
||||
**
|
||||
** SQLITE_FUNC_DIRECT - Only usable from top-level SQL
|
||||
**
|
||||
** SQLITE_FUNC_UNSAFE - Usable if TRUSTED_SCHEMA or from
|
||||
** top-level SQL
|
||||
**
|
||||
** If the function is not usable, create an error.
|
||||
*/
|
||||
void sqlite3ExprFunctionUsable(
|
||||
Parse *pParse, /* Parsing and code generating context */
|
||||
Expr *pExpr, /* The function invocation */
|
||||
FuncDef *pDef /* The function being invoked */
|
||||
){
|
||||
assert( !IN_RENAME_OBJECT );
|
||||
assert( (pDef->funcFlags & (SQLITE_FUNC_DIRECT|SQLITE_FUNC_UNSAFE))!=0 );
|
||||
if( ExprHasProperty(pExpr, EP_FromDDL) ){
|
||||
if( (pDef->funcFlags & SQLITE_FUNC_DIRECT)!=0
|
||||
|| (pParse->db->flags & SQLITE_TrustedSchema)==0
|
||||
){
|
||||
/* Functions prohibited in triggers and views if:
|
||||
** (1) tagged with SQLITE_DIRECTONLY
|
||||
** (2) not tagged with SQLITE_INNOCUOUS (which means it
|
||||
** is tagged with SQLITE_FUNC_UNSAFE) and
|
||||
** SQLITE_DBCONFIG_TRUSTED_SCHEMA is off (meaning
|
||||
** that the schema is possibly tainted).
|
||||
*/
|
||||
sqlite3ErrorMsg(pParse, "unsafe use of %s()", pDef->zName);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
** Assign a variable number to an expression that encodes a wildcard
|
||||
** in the original SQL statement.
|
||||
@@ -1937,10 +1971,11 @@ Expr *sqlite3ExprSimplifiedAndOr(Expr *pExpr){
|
||||
** In all cases, the callbacks set Walker.eCode=0 and abort if the expression
|
||||
** is found to not be a constant.
|
||||
**
|
||||
** The sqlite3ExprIsConstantOrFunction() is used for evaluating expressions
|
||||
** in a CREATE TABLE statement. The Walker.eCode value is 5 when parsing
|
||||
** an existing schema and 4 when processing a new statement. A bound
|
||||
** parameter raises an error for new statements, but is silently converted
|
||||
** The sqlite3ExprIsConstantOrFunction() is used for evaluating DEFAULT
|
||||
** expressions in a CREATE TABLE statement. The Walker.eCode value is 5
|
||||
** when parsing an existing schema out of the sqlite_master table and 4
|
||||
** when processing a new CREATE TABLE statement. A bound parameter raises
|
||||
** an error for new statements, but is silently converted
|
||||
** to NULL for existing schemas. This allows sqlite_master tables that
|
||||
** contain a bound parameter because they were generated by older versions
|
||||
** of SQLite to be parsed by newer versions of SQLite without raising a
|
||||
@@ -1964,6 +1999,7 @@ static int exprNodeIsConstant(Walker *pWalker, Expr *pExpr){
|
||||
if( (pWalker->eCode>=4 || ExprHasProperty(pExpr,EP_ConstFunc))
|
||||
&& !ExprHasProperty(pExpr, EP_WinFunc)
|
||||
){
|
||||
if( pWalker->eCode==5 ) ExprSetProperty(pExpr, EP_FromDDL);
|
||||
return WRC_Continue;
|
||||
}else{
|
||||
pWalker->eCode = 0;
|
||||
@@ -2127,9 +2163,21 @@ int sqlite3ExprIsConstantOrGroupBy(Parse *pParse, Expr *p, ExprList *pGroupBy){
|
||||
}
|
||||
|
||||
/*
|
||||
** Walk an expression tree. Return non-zero if the expression is constant
|
||||
** or a function call with constant arguments. Return and 0 if there
|
||||
** are any variables.
|
||||
** Walk an expression tree for the DEFAULT field of a column definition
|
||||
** in a CREATE TABLE statement. Return non-zero if the expression is
|
||||
** acceptable for use as a DEFAULT. That is to say, return non-zero if
|
||||
** the expression is constant or a function call with constant arguments.
|
||||
** Return and 0 if there are any variables.
|
||||
**
|
||||
** isInit is true when parsing from sqlite_master. isInit is false when
|
||||
** processing a new CREATE TABLE statement. When isInit is true, parameters
|
||||
** (such as ? or $abc) in the expression are converted into NULL. When
|
||||
** isInit is false, parameters raise an error. Parameters should not be
|
||||
** allowed in a CREATE TABLE statement, but some legacy versions of SQLite
|
||||
** allowed it, so we need to support it when reading sqlite_master for
|
||||
** backwards compatibility.
|
||||
**
|
||||
** If isInit is true, set EP_FromDDL on every TK_FUNCTION node.
|
||||
**
|
||||
** For the purposes of this function, a double-quoted string (ex: "abc")
|
||||
** is considered a variable but a single-quoted string (ex: 'abc') is
|
||||
@@ -4073,8 +4121,12 @@ expr_code_doover:
|
||||
break;
|
||||
}
|
||||
if( pDef->funcFlags & SQLITE_FUNC_INLINE ){
|
||||
assert( (pDef->funcFlags & SQLITE_FUNC_UNSAFE)==0 );
|
||||
assert( (pDef->funcFlags & SQLITE_FUNC_DIRECT)==0 );
|
||||
return exprCodeInlineFunction(pParse, pFarg,
|
||||
SQLITE_PTR_TO_INT(pDef->pUserData), target);
|
||||
}else if( pDef->funcFlags & (SQLITE_FUNC_DIRECT|SQLITE_FUNC_UNSAFE) ){
|
||||
sqlite3ExprFunctionUsable(pParse, pExpr, pDef);
|
||||
}
|
||||
|
||||
for(i=0; i<nFarg; i++){
|
||||
|
||||
Reference in New Issue
Block a user