Changeset 53177 in webkit


Ignore:
Timestamp:
Jan 12, 2010 7:29:39 PM (14 years ago)
Author:
dumi@chromium.org
Message:

Adding a list of whitelisted sqlite functions that users are
allowed to use.

Reviewed by Adam Barth.

https://bugs.webkit.org/show_bug.cgi?id=33549

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::authorizerFunction):

  • storage/DatabaseAuthorizer.cpp:

(WebCore::DatabaseAuthorizer::DatabaseAuthorizer):
(WebCore::DatabaseAuthorizer::addWhitelistedFunctions):
(WebCore::DatabaseAuthorizer::allowFunction):

  • storage/DatabaseAuthorizer.h:
Location:
trunk/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r53176 r53177  
     12010-01-12  Dumitru Daniliuc  <dumi@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Adding a list of whitelisted sqlite functions that users are
     6        allowed to use.
     7
     8        https://bugs.webkit.org/show_bug.cgi?id=33549
     9
     10        * platform/sql/SQLiteDatabase.cpp:
     11        (WebCore::SQLiteDatabase::authorizerFunction):
     12        * storage/DatabaseAuthorizer.cpp:
     13        (WebCore::DatabaseAuthorizer::DatabaseAuthorizer):
     14        (WebCore::DatabaseAuthorizer::addWhitelistedFunctions):
     15        (WebCore::DatabaseAuthorizer::allowFunction):
     16        * storage/DatabaseAuthorizer.h:
     17
    1182010-01-12  Fumitoshi Ukai  <ukai@chromium.org>
    219
  • trunk/WebCore/platform/sql/SQLiteDatabase.cpp

    r46344 r53177  
    321321            return auth->dropVTable(parameter1, parameter2);
    322322        case SQLITE_FUNCTION:
    323             return auth->allowFunction(parameter1);
     323            return auth->allowFunction(parameter2);
    324324#endif
    325325        default:
  • trunk/WebCore/storage/DatabaseAuthorizer.cpp

    r48227 r53177  
    3939{
    4040    reset();
     41    addWhitelistedFunctions();
    4142}
    4243
     
    4849}
    4950
     51void DatabaseAuthorizer::addWhitelistedFunctions()
     52{
     53    // SQLite functions used to help implement some operations
     54    // ALTER TABLE helpers
     55    m_whitelistedFunctions.add("sqlite_rename_table");
     56    m_whitelistedFunctions.add("sqlite_rename_trigger");
     57    // GLOB helpers
     58    m_whitelistedFunctions.add("glob");
     59
     60    // SQLite core functions
     61    m_whitelistedFunctions.add("abs");
     62    m_whitelistedFunctions.add("changes");
     63    m_whitelistedFunctions.add("coalesce");
     64    m_whitelistedFunctions.add("glob");
     65    m_whitelistedFunctions.add("ifnull");
     66    m_whitelistedFunctions.add("hex");
     67    m_whitelistedFunctions.add("last_insert_rowid");
     68    m_whitelistedFunctions.add("length");
     69    m_whitelistedFunctions.add("like");
     70    m_whitelistedFunctions.add("lower");
     71    m_whitelistedFunctions.add("ltrim");
     72    m_whitelistedFunctions.add("max");
     73    m_whitelistedFunctions.add("min");
     74    m_whitelistedFunctions.add("nullif");
     75    m_whitelistedFunctions.add("quote");
     76    m_whitelistedFunctions.add("replace");
     77    m_whitelistedFunctions.add("round");
     78    m_whitelistedFunctions.add("rtrim");
     79    m_whitelistedFunctions.add("soundex");
     80    m_whitelistedFunctions.add("sqlite_source_id");
     81    m_whitelistedFunctions.add("sqlite_version");
     82    m_whitelistedFunctions.add("substr");
     83    m_whitelistedFunctions.add("total_changes");
     84    m_whitelistedFunctions.add("trim");
     85    m_whitelistedFunctions.add("typeof");
     86    m_whitelistedFunctions.add("upper");
     87    m_whitelistedFunctions.add("zeroblob");
     88
     89    // SQLite date and time functions
     90    m_whitelistedFunctions.add("date");
     91    m_whitelistedFunctions.add("time");
     92    m_whitelistedFunctions.add("datetime");
     93    m_whitelistedFunctions.add("julianday");
     94    m_whitelistedFunctions.add("strftime");
     95
     96    // SQLite aggregate functions
     97    // max() and min() are already in the list
     98    m_whitelistedFunctions.add("avg");
     99    m_whitelistedFunctions.add("count");
     100    m_whitelistedFunctions.add("group_concat");
     101    m_whitelistedFunctions.add("sum");
     102    m_whitelistedFunctions.add("total");
     103
     104    // SQLite FTS functions
     105    m_whitelistedFunctions.add("snippet");
     106    m_whitelistedFunctions.add("offsets");
     107    m_whitelistedFunctions.add("optimize");
     108
     109    // SQLite ICU functions
     110    // like(), lower() and upper() are already in the list
     111    m_whitelistedFunctions.add("regexp");
     112}
     113
    50114int DatabaseAuthorizer::createTable(const String& tableName)
    51115{
     
    279343}
    280344
    281 int DatabaseAuthorizer::allowFunction(const String&)
    282 {
    283     // FIXME: Are there any of these we need to prevent?  One might guess current_date, current_time, current_timestamp because
    284     // they would violate the "sandbox environment" part of 4.11.3, but scripts can generate the local client side information via
    285     // javascript directly, anyways.  Are there any other built-ins we need to be worried about?
    286     return SQLAuthAllow;
     345int DatabaseAuthorizer::allowFunction(const String& functionName)
     346{
     347  if (m_securityEnabled && !m_whitelistedFunctions.contains(functionName.lower()))
     348    return SQLAuthDeny;
     349
     350  return SQLAuthAllow;
    287351}
    288352
  • trunk/WebCore/storage/DatabaseAuthorizer.h

    r48227 r53177  
    2929#define DatabaseAuthorizer_h
    3030
     31#include "StringHash.h"
     32#include <wtf/HashSet.h>
    3133#include <wtf/PassRefPtr.h>
    3234#include <wtf/Threading.h>
     
    9597private:
    9698    DatabaseAuthorizer();
     99    void addWhitelistedFunctions();
    97100    int denyBasedOnTableName(const String&);
    98101
     
    101104    bool m_lastActionChangedDatabase : 1;
    102105    bool m_readOnly : 1;
     106
     107    HashSet<String> m_whitelistedFunctions;
    103108};
    104109
Note: See TracChangeset for help on using the changeset viewer.