[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.18-1-697-g2f78b87

dumi at chromium.org dumi at chromium.org
Wed Jan 20 22:21:42 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 84c81050610608d7b1cd956578f73799a1c7e898
Author: dumi at chromium.org <dumi at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Jan 13 03:29:39 2010 +0000

    Adding a list of whitelisted sqlite functions that users are
    allowed to use.
    
    Reviewed by Adam Barth.
    
    https://bugs.webkit.org/show_bug.cgi?id=33549
    
    * platform/sql/SQLiteDatabase.cpp:
    (WebCore::SQLiteDatabase::authorizerFunction):
    * storage/DatabaseAuthorizer.cpp:
    (WebCore::DatabaseAuthorizer::DatabaseAuthorizer):
    (WebCore::DatabaseAuthorizer::addWhitelistedFunctions):
    (WebCore::DatabaseAuthorizer::allowFunction):
    * storage/DatabaseAuthorizer.h:
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53177 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 8a2c436..9235c35 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-01-12  Dumitru Daniliuc  <dumi at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Adding a list of whitelisted sqlite functions that users are
+        allowed to use.
+
+        https://bugs.webkit.org/show_bug.cgi?id=33549
+
+        * platform/sql/SQLiteDatabase.cpp:
+        (WebCore::SQLiteDatabase::authorizerFunction):
+        * storage/DatabaseAuthorizer.cpp:
+        (WebCore::DatabaseAuthorizer::DatabaseAuthorizer):
+        (WebCore::DatabaseAuthorizer::addWhitelistedFunctions):
+        (WebCore::DatabaseAuthorizer::allowFunction):
+        * storage/DatabaseAuthorizer.h:
+
 2010-01-12  Fumitoshi Ukai  <ukai at chromium.org>
 
         Reviewed by Simon Hausmann.
diff --git a/WebCore/platform/sql/SQLiteDatabase.cpp b/WebCore/platform/sql/SQLiteDatabase.cpp
index 9a4e32a..d170db5 100644
--- a/WebCore/platform/sql/SQLiteDatabase.cpp
+++ b/WebCore/platform/sql/SQLiteDatabase.cpp
@@ -320,7 +320,7 @@ int SQLiteDatabase::authorizerFunction(void* userData, int actionCode, const cha
         case SQLITE_DROP_VTABLE:
             return auth->dropVTable(parameter1, parameter2);
         case SQLITE_FUNCTION:
-            return auth->allowFunction(parameter1);
+            return auth->allowFunction(parameter2);
 #endif
         default:
             ASSERT_NOT_REACHED();
diff --git a/WebCore/storage/DatabaseAuthorizer.cpp b/WebCore/storage/DatabaseAuthorizer.cpp
index 93f9106..d065480 100644
--- a/WebCore/storage/DatabaseAuthorizer.cpp
+++ b/WebCore/storage/DatabaseAuthorizer.cpp
@@ -38,6 +38,7 @@ DatabaseAuthorizer::DatabaseAuthorizer()
     : m_securityEnabled(false)
 {
     reset();
+    addWhitelistedFunctions();
 }
 
 void DatabaseAuthorizer::reset()
@@ -47,6 +48,69 @@ void DatabaseAuthorizer::reset()
     m_readOnly = false;
 }
 
+void DatabaseAuthorizer::addWhitelistedFunctions()
+{
+    // SQLite functions used to help implement some operations
+    // ALTER TABLE helpers
+    m_whitelistedFunctions.add("sqlite_rename_table");
+    m_whitelistedFunctions.add("sqlite_rename_trigger");
+    // GLOB helpers
+    m_whitelistedFunctions.add("glob");
+
+    // SQLite core functions
+    m_whitelistedFunctions.add("abs");
+    m_whitelistedFunctions.add("changes");
+    m_whitelistedFunctions.add("coalesce");
+    m_whitelistedFunctions.add("glob");
+    m_whitelistedFunctions.add("ifnull");
+    m_whitelistedFunctions.add("hex");
+    m_whitelistedFunctions.add("last_insert_rowid");
+    m_whitelistedFunctions.add("length");
+    m_whitelistedFunctions.add("like");
+    m_whitelistedFunctions.add("lower");
+    m_whitelistedFunctions.add("ltrim");
+    m_whitelistedFunctions.add("max");
+    m_whitelistedFunctions.add("min");
+    m_whitelistedFunctions.add("nullif");
+    m_whitelistedFunctions.add("quote");
+    m_whitelistedFunctions.add("replace");
+    m_whitelistedFunctions.add("round");
+    m_whitelistedFunctions.add("rtrim");
+    m_whitelistedFunctions.add("soundex");
+    m_whitelistedFunctions.add("sqlite_source_id");
+    m_whitelistedFunctions.add("sqlite_version");
+    m_whitelistedFunctions.add("substr");
+    m_whitelistedFunctions.add("total_changes");
+    m_whitelistedFunctions.add("trim");
+    m_whitelistedFunctions.add("typeof");
+    m_whitelistedFunctions.add("upper");
+    m_whitelistedFunctions.add("zeroblob");
+
+    // SQLite date and time functions
+    m_whitelistedFunctions.add("date");
+    m_whitelistedFunctions.add("time");
+    m_whitelistedFunctions.add("datetime");
+    m_whitelistedFunctions.add("julianday");
+    m_whitelistedFunctions.add("strftime");
+
+    // SQLite aggregate functions
+    // max() and min() are already in the list
+    m_whitelistedFunctions.add("avg");
+    m_whitelistedFunctions.add("count");
+    m_whitelistedFunctions.add("group_concat");
+    m_whitelistedFunctions.add("sum");
+    m_whitelistedFunctions.add("total");
+
+    // SQLite FTS functions
+    m_whitelistedFunctions.add("snippet");
+    m_whitelistedFunctions.add("offsets");
+    m_whitelistedFunctions.add("optimize");
+
+    // SQLite ICU functions
+    // like(), lower() and upper() are already in the list
+    m_whitelistedFunctions.add("regexp");
+}
+
 int DatabaseAuthorizer::createTable(const String& tableName)
 {
     if (m_readOnly && m_securityEnabled)
@@ -278,12 +342,12 @@ int DatabaseAuthorizer::allowDetach(const String&)
     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
 }
 
-int DatabaseAuthorizer::allowFunction(const String&)
+int DatabaseAuthorizer::allowFunction(const String& functionName)
 {
-    // FIXME: Are there any of these we need to prevent?  One might guess current_date, current_time, current_timestamp because
-    // they would violate the "sandbox environment" part of 4.11.3, but scripts can generate the local client side information via
-    // javascript directly, anyways.  Are there any other built-ins we need to be worried about?
-    return SQLAuthAllow;
+  if (m_securityEnabled && !m_whitelistedFunctions.contains(functionName.lower()))
+    return SQLAuthDeny;
+
+  return SQLAuthAllow;
 }
 
 void DatabaseAuthorizer::disable()
diff --git a/WebCore/storage/DatabaseAuthorizer.h b/WebCore/storage/DatabaseAuthorizer.h
index 248b659..2171561 100644
--- a/WebCore/storage/DatabaseAuthorizer.h
+++ b/WebCore/storage/DatabaseAuthorizer.h
@@ -28,6 +28,8 @@
 #ifndef DatabaseAuthorizer_h
 #define DatabaseAuthorizer_h
 
+#include "StringHash.h"
+#include <wtf/HashSet.h>
 #include <wtf/PassRefPtr.h>
 #include <wtf/Threading.h>
 
@@ -94,12 +96,15 @@ public:
 
 private:
     DatabaseAuthorizer();
+    void addWhitelistedFunctions();
     int denyBasedOnTableName(const String&);
 
     bool m_securityEnabled : 1;
     bool m_lastActionWasInsert : 1;
     bool m_lastActionChangedDatabase : 1;
     bool m_readOnly : 1;
+
+    HashSet<String> m_whitelistedFunctions;
 };
 
 } // namespace WebCore

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list