SQLite

Check-in [cefc0324]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: cefc032473ac5ad244c0b6402c541b2f76c0c65a041bda03bfbe7c0e2c11fac2
User & Date: larrybr 2022-12-04 23:20:38
Context
2022-12-26
15:44
Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f. (check-in: 70964b8a user: drh tags: branch-3.40)
2022-12-05
02:52
Improved query planner cost estimates. Fix for ticket [e8b674241947eb3b]. (check-in: 1b779afa user: drh tags: trunk)
2022-12-04
23:20
Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f. (check-in: cefc0324 user: larrybr tags: trunk)
22:13
Fix safe mode authorizer callback to reject disallowed UDFs. Tests to follow. UPDATE: checked into the wrong branch. (Closed-Leaf check-in: 4d934f00 user: larrybr tags: wrong branch.)
08:16
Export sqlite3_result_zeroblob/zeroblob64() to wasm. (check-in: a60e5662 user: stephan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/shell.c.in.
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
    "fts3_tokenizer",
    "load_extension",
    "readfile",
    "writefile",
    "zipfile",
    "zipfile_cds",
  };
  UNUSED_PARAMETER(zA2);
  UNUSED_PARAMETER(zA3);
  UNUSED_PARAMETER(zA4);
  switch( op ){
    case SQLITE_ATTACH: {
#ifndef SQLITE_SHELL_FIDDLE
      /* In WASM builds the filesystem is a virtual sandbox, so
      ** there's no harm in using ATTACH. */
      failIfSafeMode(p, "cannot run ATTACH in safe mode");
#endif
      break;
    }
    case SQLITE_FUNCTION: {
      int i;
      for(i=0; i<ArraySize(azProhibitedFunctions); i++){
        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
          failIfSafeMode(p, "cannot use the %s() function in safe mode",
                         azProhibitedFunctions[i]);
        }
      }
      break;
    }
  }







|














|







1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
    "fts3_tokenizer",
    "load_extension",
    "readfile",
    "writefile",
    "zipfile",
    "zipfile_cds",
  };
  UNUSED_PARAMETER(zA1);
  UNUSED_PARAMETER(zA3);
  UNUSED_PARAMETER(zA4);
  switch( op ){
    case SQLITE_ATTACH: {
#ifndef SQLITE_SHELL_FIDDLE
      /* In WASM builds the filesystem is a virtual sandbox, so
      ** there's no harm in using ATTACH. */
      failIfSafeMode(p, "cannot run ATTACH in safe mode");
#endif
      break;
    }
    case SQLITE_FUNCTION: {
      int i;
      for(i=0; i<ArraySize(azProhibitedFunctions); i++){
        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
          failIfSafeMode(p, "cannot use the %s() function in safe mode",
                         azProhibitedFunctions[i]);
        }
      }
      break;
    }
  }
Changes to test/shell2.test.
186
187
188
189
190
191
192












193
194
# Reported at https://sqlite.org/forum/forumpost/718f489a43be3197
do_test shell2-1.4.7 {
  catchcmd ":memory:" {
 SELECT 'unclosed;}
} {1 {Parse error near line 2: unrecognized token: "'unclosed;"
  SELECT 'unclosed;
         ^--- error here}}













finish_test







>
>
>
>
>
>
>
>
>
>
>
>


186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# Reported at https://sqlite.org/forum/forumpost/718f489a43be3197
do_test shell2-1.4.7 {
  catchcmd ":memory:" {
 SELECT 'unclosed;}
} {1 {Parse error near line 2: unrecognized token: "'unclosed;"
  SELECT 'unclosed;
         ^--- error here}}

# Verify that safe mode rejects certain UDFs
# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
do_test shell2-1.4.8 {
  catchcmd "-safe :memory:" {
 SELECT edit('DoNotCare');}
} {1 {line 2: cannot use the edit() function in safe mode}}
do_test shell2-1.4.9 {
  catchcmd "-safe :memory:" {
 SELECT writefile('DoNotCare', x'');}
} {1 {line 2: cannot use the writefile() function in safe mode}}


finish_test