ISAR/rusqlite
3
0
Fork 0
mirror of https://github.com/isar/rusqlite.git synced 2024-11-22 16:29:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check SQL query passed to execute

Browse Source 
When `extra_check` feature is activated:
Fail when query has a column count > 0
Or when query is readonly.
This commit is contained in:
gwenn 2019-08-26 20:21:23 +02:00
parent 835b69fcb7
commit 00d50199a2
5 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -28,7 +28,7 @@ script:
- cargo build --features sqlcipher - cargo build --features sqlcipher
- cargo build --features "bundled sqlcipher" - cargo build --features "bundled sqlcipher"
- cargo test - cargo test
- cargo test --features "backup blob" - cargo test --features "backup blob extra_check"
- cargo test --features "collation functions" - cargo test --features "collation functions"
- cargo test --features "hooks limits" - cargo test --features "hooks limits"
- cargo test --features load_extension - cargo test --features load_extension

5
Cargo.toml
View File

@ -48,12 +48,13 @@ csvtab = ["csv", "vtab"]
# pointer passing interfaces: 3.20.0 # pointer passing interfaces: 3.20.0
array = ["vtab"] array = ["vtab"]
# session extension: 3.13.0 # session extension: 3.13.0
session = ["libsqlite3-sys/session", "hooks"] #session = ["libsqlite3-sys/session", "hooks"]
# window functions: 3.25.0 # window functions: 3.25.0
window = ["functions"] window = ["functions"]
# 3.9.0 # 3.9.0
series = ["vtab"] series = ["vtab"]
# check for invalid query.
extra_check = []
[dependencies] [dependencies]
time = "0.1.0" time = "0.1.0"

4
src/collation.rs
View File

@ -125,7 +125,9 @@ impl InnerConnection {
str::from_utf8_unchecked(c_slice) str::from_utf8_unchecked(c_slice)
}; };
callback(&conn, collation_name) callback(&conn, collation_name)
}).is_err() { })
.is_err()
{
return; // FIXME How ? return; // FIXME How ?
} }
} }

3
src/lib.rs
View File

@ -890,7 +890,8 @@ mod test {
) )
.expect("create temp db"); .expect("create temp db");
let mut db1 = Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_WRITE).unwrap(); let mut db1 =
Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_WRITE).unwrap();
let mut db2 = Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_ONLY).unwrap(); let mut db2 = Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_ONLY).unwrap();
db1.busy_timeout(Duration::from_millis(0)).unwrap(); db1.busy_timeout(Duration::from_millis(0)).unwrap();

25
src/statement.rs
View File

@ -511,6 +511,7 @@ impl Statement<'_> {
} }
fn execute_with_bound_parameters(&mut self) -> Result<usize> { fn execute_with_bound_parameters(&mut self) -> Result<usize> {
self.check_update()?;
let r = self.stmt.step(); let r = self.stmt.step();
self.stmt.reset(); self.stmt.reset();
match r { match r {
@ -547,6 +548,30 @@ impl Statement<'_> {
Ok(()) Ok(())
} }
#[cfg(all(feature = "bundled", feature = "extra_check"))]
#[inline]
fn check_update(&self) -> Result<()> {
if self.column_count() > 0 || self.stmt.readonly() {
return Err(Error::ExecuteReturnedResults);
}
Ok(())
}
#[cfg(all(not(feature = "bundled"), feature = "extra_check"))]
#[inline]
fn check_update(&self) -> Result<()> {
if self.column_count() > 0 {
return Err(Error::ExecuteReturnedResults);
}
Ok(())
}
#[cfg(not(feature = "extra_check"))]
#[inline]
fn check_update(&self) -> Result<()> {
Ok(())
}
/// Returns a string containing the SQL text of prepared statement with /// Returns a string containing the SQL text of prepared statement with
/// bound parameters expanded. /// bound parameters expanded.
#[cfg(feature = "bundled")] #[cfg(feature = "bundled")]