test/trustschema1.test - external/github.com/sqlite/sqlite - Git at Google

 # 2020-01-08
 #
 # The author disclaims copyright to this source code.  In place of
 # a legal notice, here is a blessing:
 #
 #    May you do good and not evil.
 #    May you find forgiveness for yourself and forgive others.
 #    May you share freely, never taking more than you give.
 #
 #***********************************************************************
 #
 # Test cases for managing execution of code snippets found in untrusted
 # schemas.
 #

 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
 set testprefix trustschema1

 # edgy functions used in generated columns
 #
 proc f1 {x} {return $x}
 do_test 1.100 {
   db function f1 -innocuous -deterministic f1
   db function f2 -deterministic f1
   db function f3 -directonly -deterministic f1
   db eval {
     CREATE TABLE t1(a, b AS (f1(a+1)), c AS (f2(a+2)));
     INSERT INTO t1 VALUES(100),(200);
   }
 } {}
 do_catchsql_test 1.110 {
   SELECT a, b, c FROM t1;
 } {0 {100 101 102 200 201 202}}
 do_execsql_test 1.120 {
   PRAGMA trusted_schema=OFF;
 } {}
 do_catchsql_test 1.130 {
   SELECT a, b FROM t1;
 } {0 {100 101 200 201}}
 do_catchsql_test 1.140 {
   SELECT a, b, c FROM t1;
 } {1 {unsafe use of f2()}}
 do_catchsql_test 1.150 {
   PRAGMA trusted_schema=ON;
   DROP TABLE t1;
   CREATE TABLE t1(a, b AS (f3(a+1)));
 } {1 {unsafe use of f3()}}
 do_execsql_test 1.160 {
   PRAGMA trusted_schema=OFF;
   CREATE TEMP TABLE temp1(a,b AS (f3(a+1)));
   INSERT INTO temp1(a) VALUES(100),(900);
   SELECT * FROM temp1;
 } {100 101 900 901}

 # edgy functions used in CHECK constraints
 #
 do_catchsql_test 1.200 {
   PRAGMA trusted_schema=ON;
   CREATE TABLE t2(a,b,c,CHECK(f3(c)==c));
 } {1 {unsafe use of f3()}}
 do_catchsql_test 1.210 {
   PRAGMA trusted_schema=Off;
   CREATE TABLE t2(a,b,c,CHECK(f2(c)==c));
 } {1 {unsafe use of f2()}}
 do_catchsql_test 1.211 {
   PRAGMA trusted_schema=On;
   CREATE TABLE t2(a,b,c,CHECK(f2(c)==c));
 } {0 {}}
 do_catchsql_test 1.220 {
   INSERT INTO t2 VALUES(1,2,3);
   SELECT * FROM t2;
 } {0 {1 2 3}}
 do_catchsql_test 1.230 {
   PRAGMA trusted_schema=off;
   INSERT INTO t2 VALUES(4,5,6);
 } {1 {unsafe use of f2()}}
 do_execsql_test 1.231 {
   SELECT * FROM t2;
 } {1 2 3}
 # Ok to put as many edgy functions as you want in a
 # TEMP table.
 do_execsql_test 1.240 {
   PRAGMA trusted_schema=OFF;
   CREATE TEMP TABLE temp2(a, b, CHECK(f3(b)==b));
   INSERT INTO temp2(a,b) VALUES(1,2),('x','y');
   SELECT * FROM temp2;
 } {1 2 x y}

 # edgy functions used in DEFAULT constraints
 #
 do_catchsql_test 1.300 {
   CREATE TABLE t3(a,b DEFAULT(f2(25)));
 } {0 {}}
 do_catchsql_test 1.310 {
   PRAGMA trusted_schema=Off;
   INSERT INTO t3(a) VALUES(1);
 } {1 {unsafe use of f2()}}
 do_catchsql_test 1.311 {
   INSERT INTO t3(a,b) VALUES(1,2);
 } {0 {}}
 do_execsql_test 1.320 {
   CREATE TEMP TABLE temp3(a, b DEFAULT(f3(31)));
   INSERT INTO temp3(a) VALUES(22);
   SELECT * FROM temp3;
 } {22 31}

 # edgy functions used in partial indexes.
 #
 do_execsql_test 1.400 {
   CREATE TABLE t4(a,b,c);
   INSERT INTO t4 VALUES(1,2,3),('a','b','c'),(4,'d',0);
   SELECT * FROM t4;
   CREATE TEMP TABLE temp4(a,b,c);
   INSERT INTO temp4 SELECT * FROM t4;
 } {1 2 3 a b c 4 d 0}
 do_catchsql_test 1.410 {
   CREATE INDEX t4a ON t4(a) WHERE f3(c);
 } {1 {unsafe use of f3()}}
 do_catchsql_test 1.420 {
   PRAGMA trusted_schema=OFF;
   CREATE INDEX t4a ON t4(a) WHERE f2(c);
 } {1 {unsafe use of f2()}}
 do_execsql_test 1.421 {
   CREATE INDEX t4a ON t4(a) WHERE f1(c);
   SELECT a FROM t4 WHERE f1(c) ORDER BY a;
 } {1}
 do_execsql_test 1.430 {
   PRAGMA trusted_schema=ON;
   CREATE INDEX t4b ON t4(b) WHERE f2(c);
   SELECT b FROM t4 WHERE f2(c) ORDER BY b;
 } {2}
 do_execsql_test 1.440 {
   PRAGMA trusted_schema=OFF;
   CREATE INDEX temp4a ON temp4(a) WHERE f3(c);
   SELECT a FROM temp4 WHERE f2(c) ORDER BY a;
 } {1}

 # edgy functions used in index expressions
 #
 do_execsql_test 1.500 {
   CREATE TABLE t5(a,b,c);
   INSERT INTO t5 VALUES(1,2,3),(4,5,6),(7,0,-3);
   SELECT * FROM t5;
   CREATE TEMP TABLE temp5(a,b,c);
   INSERT INTO temp5 SELECT * FROM t5;
 } {1 2 3 4 5 6 7 0 -3}
 do_catchsql_test 1.510 {
   CREATE INDEX t5x1 ON t5(a+f3(b));
 } {1 {unsafe use of f3()}}
 do_catchsql_test 1.520 {
   PRAGMA trusted_schema=OFF;
   CREATE INDEX t5x1 ON t5(a+f2(b));
 } {1 {unsafe use of f2()}}
 do_execsql_test 1.521 {
   CREATE INDEX t5x1 ON t5(a+f1(b));
   SELECT * FROM t5 INDEXED BY t5x1 WHERE a+f1(b)=3;
 } {1 2 3}
 do_execsql_test 1.530 {
   PRAGMA trusted_schema=ON;
   CREATE INDEX t5x2 ON t5(b+f2(c));
   SELECT * FROM t5 INDEXED BY t5x2 WHERE b+f2(c)=11;
 } {4 5 6}
 do_execsql_test 1.540 {
   PRAGMA trusted_schema=OFF;
   CREATE INDEX temp5x1 ON temp5(a+f3(b));
   SELECT * FROM temp5 INDEXED BY temp5x1 WHERE a+f3(b)=7;
 } {7 0 -3}

 # edgy functions in VIEWs
 #
 reset_db
 db function f1 -innocuous -deterministic f1
 db function f2 -deterministic f1
 db function f3 -directonly -deterministic f1
 do_execsql_test 2.100 {
   CREATE TABLE t1(a,b,c);
   INSERT INTO t1 VALUES(1,2,3),(100,50,75),(-11,22,-33);
   CREATE VIEW v1a AS SELECT f3(a+b) FROM t1;
   SELECT f3(a+b) FROM t1;
 } {3 150 11}
 do_catchsql_test 2.110 {
   PRAGMA trusted_schema=ON;
   SELECT * FROM v1a;
 } {1 {unsafe use of f3()}}
 do_catchsql_test 2.111 {
   PRAGMA trusted_schema=OFF;
   SELECT * FROM v1a;
 } {1 {unsafe use of f3()}}
 do_execsql_test 2.120 {
   DROP VIEW v1a;
   CREATE TEMP VIEW v1a AS SELECT f3(a+b) FROM t1;
   SELECT * FROM v1a;
 } {3 150 11}
 do_execsql_test 2.130 {
   CREATE VIEW v1b AS SELECT f2(b+c) FROM t1;
   SELECT f2(b+c) FROM t1;
 } {5 125 -11}
 do_catchsql_test 2.140 {
   PRAGMA trusted_schema=ON;
   SELECT * FROM v1b;
 } {0 {5 125 -11}}
 do_catchsql_test 2.141 {
   PRAGMA trusted_schema=OFF;
   SELECT * FROM v1b;
 } {1 {unsafe use of f2()}}
 do_execsql_test 2.150 {
   DROP VIEW v1b;
   CREATE TEMP VIEW v1b AS SELECT f2(b+c) FROM t1;
   SELECT * FROM v1b;
 } {5 125 -11}

 # edgy functions inside of triggers
 #
 do_execsql_test 3.100 {
   DELETE FROM t1;
   CREATE TABLE t2(x);
   CREATE TRIGGER r1 AFTER INSERT ON t1 BEGIN
     INSERT INTO t2(x) SELECT f3(new.a);
   END;
 } {}
 do_catchsql_test 3.110 {
   INSERT INTO t1 VALUES(7,6,5);
 } {1 {unsafe use of f3()}}
 do_execsql_test 3.111 {
   SELECT * FROM t1;
   SELECT * FROM t2;
 } {}

 do_execsql_test 3.120 {
   DROP TRIGGER r1;
   CREATE TRIGGER r1 AFTER INSERT ON t1 BEGIN
     INSERT INTO t2(x) SELECT f2(new.a)+100;
   END;
   PRAGMA trusted_schema=ON;
   INSERT INTO t1 VALUES(7,6,5);
   SELECT * FROM t1, t2;
 } {7 6 5 107}
 do_catchsql_test 3.130 {
   DELETE FROM t1;
   DELETE FROM t2;
   PRAGMA trusted_schema=OFF;
   INSERT INTO t1 VALUES(7,6,5);
 } {1 {unsafe use of f2()}}
 do_execsql_test 3.131 {
   SELECT * FROM t1;
   SELECT * FROM t2;
 } {}

 # 2023-01-09 https://sqlite.org/forum/forumpost/c88a671ad083d153
 #
 do_execsql_test 4.1 {
   PRAGMA trusted_schema=OFF;
   CREATE VIEW test41(x) AS SELECT json_extract('{"a":123}','$.a');
   SELECT * FROM test41;
 } 123
 do_execsql_test 4.2 {
   PRAGMA trusted_schema=ON;
   SELECT * FROM test41;
 } 123

 finish_test
	# 2020-01-08
	#
	# The author disclaims copyright to this source code. In place of
	# a legal notice, here is a blessing:
	#
	# May you do good and not evil.
	# May you find forgiveness for yourself and forgive others.
	# May you share freely, never taking more than you give.
	#
	#***********************************************************************
	#
	# Test cases for managing execution of code snippets found in untrusted
	# schemas.
	#

	set testdir [file dirname $argv0]
	source $testdir/tester.tcl
	set testprefix trustschema1

	# edgy functions used in generated columns
	#
	proc f1 {x} {return $x}
	do_test 1.100 {
	db function f1 -innocuous -deterministic f1
	db function f2 -deterministic f1
	db function f3 -directonly -deterministic f1
	db eval {
	CREATE TABLE t1(a, b AS (f1(a+1)), c AS (f2(a+2)));
	INSERT INTO t1 VALUES(100),(200);
	}
	} {}
	do_catchsql_test 1.110 {
	SELECT a, b, c FROM t1;
	} {0 {100 101 102 200 201 202}}
	do_execsql_test 1.120 {
	PRAGMA trusted_schema=OFF;
	} {}
	do_catchsql_test 1.130 {
	SELECT a, b FROM t1;
	} {0 {100 101 200 201}}
	do_catchsql_test 1.140 {
	SELECT a, b, c FROM t1;
	} {1 {unsafe use of f2()}}
	do_catchsql_test 1.150 {
	PRAGMA trusted_schema=ON;
	DROP TABLE t1;
	CREATE TABLE t1(a, b AS (f3(a+1)));
	} {1 {unsafe use of f3()}}
	do_execsql_test 1.160 {
	PRAGMA trusted_schema=OFF;
	CREATE TEMP TABLE temp1(a,b AS (f3(a+1)));
	INSERT INTO temp1(a) VALUES(100),(900);
	SELECT * FROM temp1;
	} {100 101 900 901}

	# edgy functions used in CHECK constraints
	#
	do_catchsql_test 1.200 {
	PRAGMA trusted_schema=ON;
	CREATE TABLE t2(a,b,c,CHECK(f3(c)==c));
	} {1 {unsafe use of f3()}}
	do_catchsql_test 1.210 {
	PRAGMA trusted_schema=Off;
	CREATE TABLE t2(a,b,c,CHECK(f2(c)==c));
	} {1 {unsafe use of f2()}}
	do_catchsql_test 1.211 {
	PRAGMA trusted_schema=On;
	CREATE TABLE t2(a,b,c,CHECK(f2(c)==c));
	} {0 {}}
	do_catchsql_test 1.220 {
	INSERT INTO t2 VALUES(1,2,3);
	SELECT * FROM t2;
	} {0 {1 2 3}}
	do_catchsql_test 1.230 {
	PRAGMA trusted_schema=off;
	INSERT INTO t2 VALUES(4,5,6);
	} {1 {unsafe use of f2()}}
	do_execsql_test 1.231 {
	SELECT * FROM t2;
	} {1 2 3}
	# Ok to put as many edgy functions as you want in a
	# TEMP table.
	do_execsql_test 1.240 {
	PRAGMA trusted_schema=OFF;
	CREATE TEMP TABLE temp2(a, b, CHECK(f3(b)==b));
	INSERT INTO temp2(a,b) VALUES(1,2),('x','y');
	SELECT * FROM temp2;
	} {1 2 x y}

	# edgy functions used in DEFAULT constraints
	#
	do_catchsql_test 1.300 {
	CREATE TABLE t3(a,b DEFAULT(f2(25)));
	} {0 {}}
	do_catchsql_test 1.310 {
	PRAGMA trusted_schema=Off;
	INSERT INTO t3(a) VALUES(1);
	} {1 {unsafe use of f2()}}
	do_catchsql_test 1.311 {
	INSERT INTO t3(a,b) VALUES(1,2);
	} {0 {}}
	do_execsql_test 1.320 {
	CREATE TEMP TABLE temp3(a, b DEFAULT(f3(31)));
	INSERT INTO temp3(a) VALUES(22);
	SELECT * FROM temp3;
	} {22 31}

	# edgy functions used in partial indexes.
	#
	do_execsql_test 1.400 {
	CREATE TABLE t4(a,b,c);
	INSERT INTO t4 VALUES(1,2,3),('a','b','c'),(4,'d',0);
	SELECT * FROM t4;
	CREATE TEMP TABLE temp4(a,b,c);
	INSERT INTO temp4 SELECT * FROM t4;
	} {1 2 3 a b c 4 d 0}
	do_catchsql_test 1.410 {
	CREATE INDEX t4a ON t4(a) WHERE f3(c);
	} {1 {unsafe use of f3()}}
	do_catchsql_test 1.420 {
	PRAGMA trusted_schema=OFF;
	CREATE INDEX t4a ON t4(a) WHERE f2(c);
	} {1 {unsafe use of f2()}}
	do_execsql_test 1.421 {
	CREATE INDEX t4a ON t4(a) WHERE f1(c);
	SELECT a FROM t4 WHERE f1(c) ORDER BY a;
	} {1}
	do_execsql_test 1.430 {
	PRAGMA trusted_schema=ON;
	CREATE INDEX t4b ON t4(b) WHERE f2(c);
	SELECT b FROM t4 WHERE f2(c) ORDER BY b;
	} {2}
	do_execsql_test 1.440 {
	PRAGMA trusted_schema=OFF;
	CREATE INDEX temp4a ON temp4(a) WHERE f3(c);
	SELECT a FROM temp4 WHERE f2(c) ORDER BY a;
	} {1}

	# edgy functions used in index expressions
	#
	do_execsql_test 1.500 {
	CREATE TABLE t5(a,b,c);
	INSERT INTO t5 VALUES(1,2,3),(4,5,6),(7,0,-3);
	SELECT * FROM t5;
	CREATE TEMP TABLE temp5(a,b,c);
	INSERT INTO temp5 SELECT * FROM t5;
	} {1 2 3 4 5 6 7 0 -3}
	do_catchsql_test 1.510 {
	CREATE INDEX t5x1 ON t5(a+f3(b));
	} {1 {unsafe use of f3()}}
	do_catchsql_test 1.520 {
	PRAGMA trusted_schema=OFF;
	CREATE INDEX t5x1 ON t5(a+f2(b));
	} {1 {unsafe use of f2()}}
	do_execsql_test 1.521 {
	CREATE INDEX t5x1 ON t5(a+f1(b));
	SELECT * FROM t5 INDEXED BY t5x1 WHERE a+f1(b)=3;
	} {1 2 3}
	do_execsql_test 1.530 {
	PRAGMA trusted_schema=ON;
	CREATE INDEX t5x2 ON t5(b+f2(c));
	SELECT * FROM t5 INDEXED BY t5x2 WHERE b+f2(c)=11;
	} {4 5 6}
	do_execsql_test 1.540 {
	PRAGMA trusted_schema=OFF;
	CREATE INDEX temp5x1 ON temp5(a+f3(b));
	SELECT * FROM temp5 INDEXED BY temp5x1 WHERE a+f3(b)=7;
	} {7 0 -3}

	# edgy functions in VIEWs
	#
	reset_db
	db function f1 -innocuous -deterministic f1
	db function f2 -deterministic f1
	db function f3 -directonly -deterministic f1
	do_execsql_test 2.100 {
	CREATE TABLE t1(a,b,c);
	INSERT INTO t1 VALUES(1,2,3),(100,50,75),(-11,22,-33);
	CREATE VIEW v1a AS SELECT f3(a+b) FROM t1;
	SELECT f3(a+b) FROM t1;
	} {3 150 11}
	do_catchsql_test 2.110 {
	PRAGMA trusted_schema=ON;
	SELECT * FROM v1a;
	} {1 {unsafe use of f3()}}
	do_catchsql_test 2.111 {
	PRAGMA trusted_schema=OFF;
	SELECT * FROM v1a;
	} {1 {unsafe use of f3()}}
	do_execsql_test 2.120 {
	DROP VIEW v1a;
	CREATE TEMP VIEW v1a AS SELECT f3(a+b) FROM t1;
	SELECT * FROM v1a;
	} {3 150 11}
	do_execsql_test 2.130 {
	CREATE VIEW v1b AS SELECT f2(b+c) FROM t1;
	SELECT f2(b+c) FROM t1;
	} {5 125 -11}
	do_catchsql_test 2.140 {
	PRAGMA trusted_schema=ON;
	SELECT * FROM v1b;
	} {0 {5 125 -11}}
	do_catchsql_test 2.141 {
	PRAGMA trusted_schema=OFF;
	SELECT * FROM v1b;
	} {1 {unsafe use of f2()}}
	do_execsql_test 2.150 {
	DROP VIEW v1b;
	CREATE TEMP VIEW v1b AS SELECT f2(b+c) FROM t1;
	SELECT * FROM v1b;
	} {5 125 -11}

	# edgy functions inside of triggers
	#
	do_execsql_test 3.100 {
	DELETE FROM t1;
	CREATE TABLE t2(x);
	CREATE TRIGGER r1 AFTER INSERT ON t1 BEGIN
	INSERT INTO t2(x) SELECT f3(new.a);
	END;
	} {}
	do_catchsql_test 3.110 {
	INSERT INTO t1 VALUES(7,6,5);
	} {1 {unsafe use of f3()}}
	do_execsql_test 3.111 {
	SELECT * FROM t1;
	SELECT * FROM t2;
	} {}

	do_execsql_test 3.120 {
	DROP TRIGGER r1;
	CREATE TRIGGER r1 AFTER INSERT ON t1 BEGIN
	INSERT INTO t2(x) SELECT f2(new.a)+100;
	END;
	PRAGMA trusted_schema=ON;
	INSERT INTO t1 VALUES(7,6,5);
	SELECT * FROM t1, t2;
	} {7 6 5 107}
	do_catchsql_test 3.130 {
	DELETE FROM t1;
	DELETE FROM t2;
	PRAGMA trusted_schema=OFF;
	INSERT INTO t1 VALUES(7,6,5);
	} {1 {unsafe use of f2()}}
	do_execsql_test 3.131 {
	SELECT * FROM t1;
	SELECT * FROM t2;
	} {}

	# 2023-01-09 https://sqlite.org/forum/forumpost/c88a671ad083d153
	#
	do_execsql_test 4.1 {
	PRAGMA trusted_schema=OFF;
	CREATE VIEW test41(x) AS SELECT json_extract('{"a":123}','$.a');
	SELECT * FROM test41;
	} 123
	do_execsql_test 4.2 {
	PRAGMA trusted_schema=ON;
	SELECT * FROM test41;
	} 123

	finish_test