kopia lustrzana https://github.com/simonw/datasette
Allow specific pragma functions, closes #761
rodzic
9212f0c9c3
commit
0784f2ef9d
|
@ -171,7 +171,26 @@ allowed_sql_res = [
|
||||||
re.compile(r"^explain with\b"),
|
re.compile(r"^explain with\b"),
|
||||||
re.compile(r"^explain query plan with\b"),
|
re.compile(r"^explain query plan with\b"),
|
||||||
]
|
]
|
||||||
disallawed_sql_res = [(re.compile("pragma"), "Statement may not contain PRAGMA")]
|
allowed_pragmas = (
|
||||||
|
"database_list",
|
||||||
|
"foreign_key_list",
|
||||||
|
"function_list",
|
||||||
|
"index_info",
|
||||||
|
"index_list",
|
||||||
|
"index_xinfo",
|
||||||
|
"page_count",
|
||||||
|
"max_page_count",
|
||||||
|
"page_size",
|
||||||
|
"schema_version",
|
||||||
|
"table_info",
|
||||||
|
"table_xinfo",
|
||||||
|
)
|
||||||
|
disallawed_sql_res = [
|
||||||
|
(
|
||||||
|
re.compile("pragma(?!_({}))".format("|".join(allowed_pragmas))),
|
||||||
|
"Statement may not contain PRAGMA",
|
||||||
|
)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
def validate_sql_select(sql):
|
def validate_sql_select(sql):
|
||||||
|
|
|
@ -140,7 +140,8 @@ def test_custom_json_encoder(obj, expected):
|
||||||
"update blah;",
|
"update blah;",
|
||||||
"-- sql comment to skip\nupdate blah;",
|
"-- sql comment to skip\nupdate blah;",
|
||||||
"update blah set some_column='# Hello there\n\n* This is a list\n* of items\n--\n[And a link](https://github.com/simonw/datasette-render-markdown).'\nas demo_markdown",
|
"update blah set some_column='# Hello there\n\n* This is a list\n* of items\n--\n[And a link](https://github.com/simonw/datasette-render-markdown).'\nas demo_markdown",
|
||||||
"PRAGMA case_sensitive_like = true" "SELECT * FROM pragma_index_info('idx52')",
|
"PRAGMA case_sensitive_like = true",
|
||||||
|
"SELECT * FROM pragma_not_on_allow_list('idx52')",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
def test_validate_sql_select_bad(bad_sql):
|
def test_validate_sql_select_bad(bad_sql):
|
||||||
|
@ -162,6 +163,8 @@ def test_validate_sql_select_bad(bad_sql):
|
||||||
"WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
|
"WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
|
||||||
"explain WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
|
"explain WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
|
||||||
"explain query plan WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
|
"explain query plan WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
|
||||||
|
"SELECT * FROM pragma_index_info('idx52')",
|
||||||
|
"select * from pragma_table_xinfo('table')",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
def test_validate_sql_select_good(good_sql):
|
def test_validate_sql_select_good(good_sql):
|
||||||
|
|
Ładowanie…
Reference in New Issue