Merge pull request #320 from sureshsundriyal/db-attach

[secure-mode] Disallow ATTACH statements completely.
tstack · May 5, 2016 · 91633d0 · 91633d0
2 parents a81db3f + 6663740
commit 91633d0
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 61 deletions.
diff --git a/m4/lnav_with_sqlite3.m4 b/m4/lnav_with_sqlite3.m4
@@ -95,12 +95,6 @@ AC_DEFUN([LNAV_WITH_SQLITE3],
         )
     )
 
-    AC_CHECK_FUNC(sqlite3_compileoption_used,
-        AC_DEFINE([HAVE_SQLITE3_COMPILEOPTION_USED], [],
-            [Have sqlite3_compileoption_used function]
-        )
-    )
-
     AC_SUBST(HAVE_SQLITE3_VALUE_SUBTYPE)
 
     AS_VAR_SET(CFLAGS, $saved_CFLAGS)

diff --git a/src/sql_util.cc b/src/sql_util.cc
@@ -723,29 +723,7 @@ int sqlite_authorizer(void *pUserData, int action_code, const char *detail1,
 {
     if (action_code == SQLITE_ATTACH)
     {
-        /* Check to see that the filename is not NULL */
-        if (detail1 != NULL) {
-            string fileName(detail1);
-
-            /* A temporary database is fine. */
-            if (!fileName.empty()) {
-                 /* In-memory databases are fine.
-                 */
-                if (fileName.compare(":memory:") == 0) {
-                    return SQLITE_OK;
-                }
-#ifdef HAVE_SQLITE3_COMPILEOPTION_USED
-                if (sqlite3_compileoption_used("SQLITE_USE_URI") && (
-                    fileName.find("file::memory:") == 0 || (
-                    (sqlite3_libversion_number() >= 3008000) && (
-                    fileName.find("?mode=memory") != string::npos ||
-                    fileName.find("&mode=memory") != string::npos)))) {
-                    return SQLITE_OK;
-                }
-#endif
-                return SQLITE_DENY;
-            }
-        }
+        return SQLITE_DENY;
     }
     return SQLITE_OK;
 }
diff --git a/test/test_sql.sh b/test/test_sql.sh
@@ -730,38 +730,6 @@ check_error_output "LNAVSECURE mode bypassed (URI)" <<EOF
 error: not authorized
 EOF
 
-run_test ${lnav_test} -n \
-    -c ";attach database '' as 'db'" \
-    empty
-
-check_error_output "Failed to create a temporary db in LNAVSECURE mode" <<EOF
-EOF
-
-run_test ${lnav_test} -n \
-    -c ";attach database ':memory:' as 'db'" \
-    empty
-
-check_error_output "Failed to create an in-memory db in LNAVSECURE mode" <<EOF
-EOF
-
-# XXX: The following tests are only applicable when sqlite version is >= 3.8.0.
-# Turned off at the moment since Travis CI seems to use version 3.6.0 and the
-# checks fail.
-#
-#run_test ${lnav_test} -n \
-#    -c ";attach database 'file:memdb?mode=memory' as 'db'" \
-#    empty
-#
-#check_error_output "Failed to create a in-memory db (URI) in LNAVSECURE mode" <<EOF
-#EOF
-#
-#run_test ${lnav_test} -n \
-#    -c ";attach database 'file:memdb?cache=shared&mode=memory' as 'db'" \
-#    empty
-#
-#check_error_output "Failed to create a in-memory db (URI2) in LNAVSECURE mode" <<EOF
-#EOF
-
 unset LNAVSECURE