Skip to content

Commit b01b22e

Browse files
committed
db: add security pragmas and STRICT tables for developer mode
Enable trusted_schema=OFF and cell_size_check=ON pragmas when running in developer mode for enhanced security and debugging. Add STRICT keyword to CREATE TABLE statements in developer mode for improved type safety with SQLite 3.37.0+. Add missing VARCHAR and INT type conversions in sql-rewrite.py. Addresses feedback from issue #7913.
1 parent 2e2a085 commit b01b22e

File tree

2 files changed

+34
-2
lines changed

2 files changed

+34
-2
lines changed

db/db_sqlite3.c

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -205,16 +205,46 @@ static bool db_sqlite3_setup(struct db *db, bool create)
205205
"PRAGMA foreign_keys = ON;", -1, &stmt, NULL);
206206
err = sqlite3_step(stmt);
207207
sqlite3_finalize(stmt);
208-
return err == SQLITE_DONE;
208+
209+
if (err != SQLITE_DONE)
210+
return false;
211+
212+
/* Enable security and debugging pragmas */
213+
if (db->developer) {
214+
sqlite3_prepare_v2(conn2sql(db->conn),
215+
"PRAGMA trusted_schema = OFF;", -1, &stmt, NULL);
216+
sqlite3_step(stmt);
217+
sqlite3_finalize(stmt);
218+
219+
sqlite3_prepare_v2(conn2sql(db->conn),
220+
"PRAGMA cell_size_check = ON;", -1, &stmt, NULL);
221+
sqlite3_step(stmt);
222+
sqlite3_finalize(stmt);
223+
}
224+
225+
return true;
209226
}
210227

211228
static bool db_sqlite3_query(struct db_stmt *stmt)
212229
{
213230
sqlite3_stmt *s;
214231
sqlite3 *conn = conn2sql(stmt->db->conn);
215232
int err;
233+
const char *query = stmt->query->query;
234+
char *modified_query = NULL;
235+
236+
/* Add STRICT to CREATE TABLE statements in developer mode */
237+
if (stmt->db->developer &&
238+
strncasecmp(query, "CREATE TABLE", 12) == 0 &&
239+
!strstr(query, "STRICT")) {
240+
modified_query = tal_fmt(stmt, "%s STRICT", query);
241+
query = modified_query;
242+
}
243+
244+
err = sqlite3_prepare_v2(conn, query, -1, &s, NULL);
216245

217-
err = sqlite3_prepare_v2(conn, stmt->query->query, -1, &s, NULL);
246+
if (modified_query)
247+
tal_free(modified_query);
218248

219249
for (size_t i=0; i<stmt->query->placeholders; i++) {
220250
struct db_binding *b = &stmt->bindings[i];

devtools/sql-rewrite.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ def rewrite_single(self, query):
4545
r'BIGINT': 'INTEGER',
4646
r'BIGINTEGER': 'INTEGER',
4747
r'BIGSERIAL': 'INTEGER',
48+
r'VARCHAR(?:\(\d+\))?': 'TEXT',
49+
r'\bINT\b': 'INTEGER',
4850
r'CURRENT_TIMESTAMP\(\)': "strftime('%s', 'now')",
4951
r'INSERT INTO[ \t]+(.*)[ \t]+ON CONFLICT.*DO NOTHING;': 'INSERT OR IGNORE INTO \\1;',
5052
# Rewrite "decode('abcd', 'hex')" to become "x'abcd'"

0 commit comments

Comments
 (0)