SQLite

Check-in [b8a0f1b523]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | uri
Files: files | file ages | folders
SHA1: b8a0f1b523d1f31c8e7a102ba4bae5935b07104a
User & Date: dan 2011-05-03 11:53:20.345
Context
2011-05-03
15:09
Remove some unused code related to URI parsing. (check-in: 008cd0ef6b user: dan tags: uri)
11:53
Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI. (check-in: b8a0f1b523 user: dan tags: uri)
10:22
Change the supported URI options to "mode" and "cache". (check-in: 0a694a0b27 user: dan tags: uri)
Changes
Unified Diff Show Whitespace Changes Patch
Changes to src/main.c.
1824
1825
1826
1827
1828
1829
1830







1831
1832
1833
1834
1835
1836
1837
    zFile = sqlite3_malloc(nByte);
    if( !zFile ) return SQLITE_NOMEM;

    /* Discard the scheme and authority segments of the URI. */
    if( zUri[5]=='/' && zUri[6]=='/' ){
      iIn = 7;
      while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;







    }else{
      iIn = 5;
    }

    /* Copy the filename and any query parameters into the zFile buffer. 
    ** Decode %HH escape codes along the way. 
    **







>
>
>
>
>
>
>







1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
    zFile = sqlite3_malloc(nByte);
    if( !zFile ) return SQLITE_NOMEM;

    /* Discard the scheme and authority segments of the URI. */
    if( zUri[5]=='/' && zUri[6]=='/' ){
      iIn = 7;
      while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;

      if( iIn!=7 && (iIn!=16 || memcmp("localhost", &zUri[7], 9)) ){
        *pzErrMsg = sqlite3_mprintf("invalid uri authority: %.*s", 
            iIn-7, &zUri[7]);
        rc = SQLITE_ERROR;
        goto parse_uri_out;
      }
    }else{
      iIn = 5;
    }

    /* Copy the filename and any query parameters into the zFile buffer. 
    ** Decode %HH escape codes along the way. 
    **
Changes to test/uri.test.
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

#-------------------------------------------------------------------------
# Test that file names are correctly extracted from URIs.
#
foreach {tn uri file} {
  1      test.db                            test.db
  2      file:test.db                       test.db
  3      file://an-authorityPWD/test.db     test.db
  4      file:PWD/test.db                   test.db
  5      file:test.db?mork=1                test.db
  6      file:test.db?mork=1&tonglor=2      test.db
  7      file:test.db?mork=1#boris          test.db
  8      file:test.db#boris                 test.db
  9      test.db#boris                      test.db#boris
  10     test.db?mork=1#boris               test.db?mork=1#boris
  11     file:test%2Edb                     test.db
  12     file                               file
  13     http:test.db                       http:test.db
  14     file://xyzPWD/test.db%3Fhello      test.db?hello
  15     file:test.db%00extra               test.db
  16     file:test%00.db%00extra            test
} {
  set uri  [string map [list PWD [pwd]] $uri]
  set file [string map [list PWD [pwd]] $file]

  forcedelete $file
  do_test 1.$tn.1 { file exists $file } 0
  set DB [sqlite3_open $uri]
  do_test 1.$tn.2 { file exists $file } 1
  sqlite3_close $DB
  forcedelete $file

  do_test 1.$tn.3 { file exists $file } 0
  sqlite3 db xxx.db
  execsql { ATTACH $uri AS aux }
  do_test 1.$tn.4 { file exists $file } 1
  db close
}


#-------------------------------------------------------------------------
# Test that URI query parameters are passed through to the VFS layer
# correctly.
#
testvfs tvfs -default 1
tvfs filter xOpen







|










|



















<







29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

67
68
69
70
71
72
73

#-------------------------------------------------------------------------
# Test that file names are correctly extracted from URIs.
#
foreach {tn uri file} {
  1      test.db                            test.db
  2      file:test.db                       test.db
  3      file://PWD/test.db     test.db
  4      file:PWD/test.db                   test.db
  5      file:test.db?mork=1                test.db
  6      file:test.db?mork=1&tonglor=2      test.db
  7      file:test.db?mork=1#boris          test.db
  8      file:test.db#boris                 test.db
  9      test.db#boris                      test.db#boris
  10     test.db?mork=1#boris               test.db?mork=1#boris
  11     file:test%2Edb                     test.db
  12     file                               file
  13     http:test.db                       http:test.db
  14     file://localhostPWD/test.db%3Fhello   test.db?hello
  15     file:test.db%00extra               test.db
  16     file:test%00.db%00extra            test
} {
  set uri  [string map [list PWD [pwd]] $uri]
  set file [string map [list PWD [pwd]] $file]

  forcedelete $file
  do_test 1.$tn.1 { file exists $file } 0
  set DB [sqlite3_open $uri]
  do_test 1.$tn.2 { file exists $file } 1
  sqlite3_close $DB
  forcedelete $file

  do_test 1.$tn.3 { file exists $file } 0
  sqlite3 db xxx.db
  execsql { ATTACH $uri AS aux }
  do_test 1.$tn.4 { file exists $file } 1
  db close
}


#-------------------------------------------------------------------------
# Test that URI query parameters are passed through to the VFS layer
# correctly.
#
testvfs tvfs -default 1
tvfs filter xOpen
238
239
240
241
242
243
244




















245
246
247
do_test 5.1.2 {
  lsort [array names ::T2]
} {test.db2 test.db2-journal test.db2-wal}

db close
tvfs1 delete
tvfs2 delete





















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
do_test 5.1.2 {
  lsort [array names ::T2]
} {test.db2 test.db2-journal test.db2-wal}

db close
tvfs1 delete
tvfs2 delete

#-------------------------------------------------------------------------
# Check that only "" and "localhost" are acceptable as authorities.
#
catch {db close}
foreach {tn uri res} {
  1     "file://localhost/PWD/test.db"   {not an error}
  2     "file:///PWD/test.db"            {not an error}
  3     "file:/PWD/test.db"              {not an error}
  4     "file://l%6Fcalhost/PWD/test.db" {invalid uri authority: l%6Fcalhost}
  5     "file://lbcalhost/PWD/test.db"   {invalid uri authority: lbcalhost}
  6     "file://x/PWD/test.db"           {invalid uri authority: x}
} {
  set uri  [string map [list PWD [string range [pwd] 1 end]] $uri]
  do_test 6.$tn {
    set DB [sqlite3_open $uri]
    sqlite3_errmsg $DB
  } $res
  catch { sqlite3_close $DB }
}

finish_test