[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.18-1-697-g2f78b87
dumi at chromium.org
dumi at chromium.org
Wed Jan 20 22:21:42 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 84c81050610608d7b1cd956578f73799a1c7e898
Author: dumi at chromium.org <dumi at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 13 03:29:39 2010 +0000
Adding a list of whitelisted sqlite functions that users are
allowed to use.
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=33549
* platform/sql/SQLiteDatabase.cpp:
(WebCore::SQLiteDatabase::authorizerFunction):
* storage/DatabaseAuthorizer.cpp:
(WebCore::DatabaseAuthorizer::DatabaseAuthorizer):
(WebCore::DatabaseAuthorizer::addWhitelistedFunctions):
(WebCore::DatabaseAuthorizer::allowFunction):
* storage/DatabaseAuthorizer.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53177 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 8a2c436..9235c35 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-01-12 Dumitru Daniliuc <dumi at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Adding a list of whitelisted sqlite functions that users are
+ allowed to use.
+
+ https://bugs.webkit.org/show_bug.cgi?id=33549
+
+ * platform/sql/SQLiteDatabase.cpp:
+ (WebCore::SQLiteDatabase::authorizerFunction):
+ * storage/DatabaseAuthorizer.cpp:
+ (WebCore::DatabaseAuthorizer::DatabaseAuthorizer):
+ (WebCore::DatabaseAuthorizer::addWhitelistedFunctions):
+ (WebCore::DatabaseAuthorizer::allowFunction):
+ * storage/DatabaseAuthorizer.h:
+
2010-01-12 Fumitoshi Ukai <ukai at chromium.org>
Reviewed by Simon Hausmann.
diff --git a/WebCore/platform/sql/SQLiteDatabase.cpp b/WebCore/platform/sql/SQLiteDatabase.cpp
index 9a4e32a..d170db5 100644
--- a/WebCore/platform/sql/SQLiteDatabase.cpp
+++ b/WebCore/platform/sql/SQLiteDatabase.cpp
@@ -320,7 +320,7 @@ int SQLiteDatabase::authorizerFunction(void* userData, int actionCode, const cha
case SQLITE_DROP_VTABLE:
return auth->dropVTable(parameter1, parameter2);
case SQLITE_FUNCTION:
- return auth->allowFunction(parameter1);
+ return auth->allowFunction(parameter2);
#endif
default:
ASSERT_NOT_REACHED();
diff --git a/WebCore/storage/DatabaseAuthorizer.cpp b/WebCore/storage/DatabaseAuthorizer.cpp
index 93f9106..d065480 100644
--- a/WebCore/storage/DatabaseAuthorizer.cpp
+++ b/WebCore/storage/DatabaseAuthorizer.cpp
@@ -38,6 +38,7 @@ DatabaseAuthorizer::DatabaseAuthorizer()
: m_securityEnabled(false)
{
reset();
+ addWhitelistedFunctions();
}
void DatabaseAuthorizer::reset()
@@ -47,6 +48,69 @@ void DatabaseAuthorizer::reset()
m_readOnly = false;
}
+void DatabaseAuthorizer::addWhitelistedFunctions()
+{
+ // SQLite functions used to help implement some operations
+ // ALTER TABLE helpers
+ m_whitelistedFunctions.add("sqlite_rename_table");
+ m_whitelistedFunctions.add("sqlite_rename_trigger");
+ // GLOB helpers
+ m_whitelistedFunctions.add("glob");
+
+ // SQLite core functions
+ m_whitelistedFunctions.add("abs");
+ m_whitelistedFunctions.add("changes");
+ m_whitelistedFunctions.add("coalesce");
+ m_whitelistedFunctions.add("glob");
+ m_whitelistedFunctions.add("ifnull");
+ m_whitelistedFunctions.add("hex");
+ m_whitelistedFunctions.add("last_insert_rowid");
+ m_whitelistedFunctions.add("length");
+ m_whitelistedFunctions.add("like");
+ m_whitelistedFunctions.add("lower");
+ m_whitelistedFunctions.add("ltrim");
+ m_whitelistedFunctions.add("max");
+ m_whitelistedFunctions.add("min");
+ m_whitelistedFunctions.add("nullif");
+ m_whitelistedFunctions.add("quote");
+ m_whitelistedFunctions.add("replace");
+ m_whitelistedFunctions.add("round");
+ m_whitelistedFunctions.add("rtrim");
+ m_whitelistedFunctions.add("soundex");
+ m_whitelistedFunctions.add("sqlite_source_id");
+ m_whitelistedFunctions.add("sqlite_version");
+ m_whitelistedFunctions.add("substr");
+ m_whitelistedFunctions.add("total_changes");
+ m_whitelistedFunctions.add("trim");
+ m_whitelistedFunctions.add("typeof");
+ m_whitelistedFunctions.add("upper");
+ m_whitelistedFunctions.add("zeroblob");
+
+ // SQLite date and time functions
+ m_whitelistedFunctions.add("date");
+ m_whitelistedFunctions.add("time");
+ m_whitelistedFunctions.add("datetime");
+ m_whitelistedFunctions.add("julianday");
+ m_whitelistedFunctions.add("strftime");
+
+ // SQLite aggregate functions
+ // max() and min() are already in the list
+ m_whitelistedFunctions.add("avg");
+ m_whitelistedFunctions.add("count");
+ m_whitelistedFunctions.add("group_concat");
+ m_whitelistedFunctions.add("sum");
+ m_whitelistedFunctions.add("total");
+
+ // SQLite FTS functions
+ m_whitelistedFunctions.add("snippet");
+ m_whitelistedFunctions.add("offsets");
+ m_whitelistedFunctions.add("optimize");
+
+ // SQLite ICU functions
+ // like(), lower() and upper() are already in the list
+ m_whitelistedFunctions.add("regexp");
+}
+
int DatabaseAuthorizer::createTable(const String& tableName)
{
if (m_readOnly && m_securityEnabled)
@@ -278,12 +342,12 @@ int DatabaseAuthorizer::allowDetach(const String&)
return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
}
-int DatabaseAuthorizer::allowFunction(const String&)
+int DatabaseAuthorizer::allowFunction(const String& functionName)
{
- // FIXME: Are there any of these we need to prevent? One might guess current_date, current_time, current_timestamp because
- // they would violate the "sandbox environment" part of 4.11.3, but scripts can generate the local client side information via
- // javascript directly, anyways. Are there any other built-ins we need to be worried about?
- return SQLAuthAllow;
+ if (m_securityEnabled && !m_whitelistedFunctions.contains(functionName.lower()))
+ return SQLAuthDeny;
+
+ return SQLAuthAllow;
}
void DatabaseAuthorizer::disable()
diff --git a/WebCore/storage/DatabaseAuthorizer.h b/WebCore/storage/DatabaseAuthorizer.h
index 248b659..2171561 100644
--- a/WebCore/storage/DatabaseAuthorizer.h
+++ b/WebCore/storage/DatabaseAuthorizer.h
@@ -28,6 +28,8 @@
#ifndef DatabaseAuthorizer_h
#define DatabaseAuthorizer_h
+#include "StringHash.h"
+#include <wtf/HashSet.h>
#include <wtf/PassRefPtr.h>
#include <wtf/Threading.h>
@@ -94,12 +96,15 @@ public:
private:
DatabaseAuthorizer();
+ void addWhitelistedFunctions();
int denyBasedOnTableName(const String&);
bool m_securityEnabled : 1;
bool m_lastActionWasInsert : 1;
bool m_lastActionChangedDatabase : 1;
bool m_readOnly : 1;
+
+ HashSet<String> m_whitelistedFunctions;
};
} // namespace WebCore
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list