Create the "trusted_schema" pragma. Add sqlite3_vtab_config() calls to set

the risk rank for many virtual tables. FossilOrigin-Name: 4c21373c21c9b17b222ae65297a039a035e6ec6b505c00c33704e3c03f94f834
author: drh <drh@noemail.net> 2020-01-07 19:45:40 +0000
committer: drh <drh@noemail.net> 2020-01-07 19:45:40 +0000
commit: 2b1c2aad9f45a21e04d3420152779386b6cf7d33 (patch)
tree: 1a1df932219cf9ffcc8aafd31aed443f0b661b47 /ext/misc/csv.c
parent: 3f68142b820d10f3b0b4b9df65e789f4058eb67d (diff)
download: sqlite-2b1c2aad9f45a21e04d3420152779386b6cf7d33.tar.gz
sqlite-2b1c2aad9f45a21e04d3420152779386b6cf7d33.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/misc/csv.c b/ext/misc/csv.c
index 09e970ee7..71e3828c7 100644
--- a/ext/misc/csv.c
+++ b/ext/misc/csv.c
@@ -632,6 +632,15 @@ static int csvtabConnect(
   for(i=0; i<sizeof(azPValue)/sizeof(azPValue[0]); i++){
     sqlite3_free(azPValue[i]);
   }
+  /* Rationale for DIRECTONLY:
+  ** An attacker who controls a database schema could use this vtab
+  ** to exfiltrate sensitive data from other files in the filesystem.
+  ** And, recommended practice is to put all CSV virtual tables in the
+  ** TEMP namespace, so they should still be usable from within TEMP
+  ** views, so there shouldn't be a serious loss of functionality by
+  ** prohibiting the use of this vtab from persistent triggers and views.
+  */
+  sqlite3_vtab_config(db, SQLITE_VTAB_DIRECTONLY);
   return SQLITE_OK;
 
 csvtab_connect_oom:
author	drh <drh@noemail.net>	2020-01-07 19:45:40 +0000
committer	drh <drh@noemail.net>	2020-01-07 19:45:40 +0000
commit	2b1c2aad9f45a21e04d3420152779386b6cf7d33 (patch)
tree	1a1df932219cf9ffcc8aafd31aed443f0b661b47 /ext/misc/csv.c
parent	3f68142b820d10f3b0b4b9df65e789f4058eb67d (diff)
download	sqlite-2b1c2aad9f45a21e04d3420152779386b6cf7d33.tar.gz sqlite-2b1c2aad9f45a21e04d3420152779386b6cf7d33.zip