1 /*
2 * Copyright (C) 2007 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #include "config.h"
30 #include "DatabaseAuthorizer.h"
31
32 #include "Database.h"
33 #include "PlatformString.h"
34
35 namespace WebCore {
36
DatabaseAuthorizer()37 DatabaseAuthorizer::DatabaseAuthorizer()
38 : m_securityEnabled(false)
39 {
40 reset();
41 }
42
reset()43 void DatabaseAuthorizer::reset()
44 {
45 m_lastActionWasInsert = false;
46 m_lastActionChangedDatabase = false;
47 }
48
createTable(const String & tableName)49 int DatabaseAuthorizer::createTable(const String& tableName)
50 {
51 m_lastActionChangedDatabase = true;
52 return denyBasedOnTableName(tableName);
53 }
54
createTempTable(const String & tableName)55 int DatabaseAuthorizer::createTempTable(const String& tableName)
56 {
57 return denyBasedOnTableName(tableName);
58 }
59
dropTable(const String & tableName)60 int DatabaseAuthorizer::dropTable(const String& tableName)
61 {
62 return denyBasedOnTableName(tableName);
63 }
64
dropTempTable(const String & tableName)65 int DatabaseAuthorizer::dropTempTable(const String& tableName)
66 {
67 return denyBasedOnTableName(tableName);
68 }
69
allowAlterTable(const String &,const String & tableName)70 int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
71 {
72 m_lastActionChangedDatabase = true;
73 return denyBasedOnTableName(tableName);
74 }
75
createIndex(const String &,const String & tableName)76 int DatabaseAuthorizer::createIndex(const String&, const String& tableName)
77 {
78 m_lastActionChangedDatabase = true;
79 return denyBasedOnTableName(tableName);
80 }
81
createTempIndex(const String &,const String & tableName)82 int DatabaseAuthorizer::createTempIndex(const String&, const String& tableName)
83 {
84 return denyBasedOnTableName(tableName);
85 }
86
dropIndex(const String &,const String & tableName)87 int DatabaseAuthorizer::dropIndex(const String&, const String& tableName)
88 {
89 return denyBasedOnTableName(tableName);
90 }
91
dropTempIndex(const String &,const String & tableName)92 int DatabaseAuthorizer::dropTempIndex(const String&, const String& tableName)
93 {
94 return denyBasedOnTableName(tableName);
95 }
96
createTrigger(const String &,const String & tableName)97 int DatabaseAuthorizer::createTrigger(const String&, const String& tableName)
98 {
99 m_lastActionChangedDatabase = true;
100 return denyBasedOnTableName(tableName);
101 }
102
createTempTrigger(const String &,const String & tableName)103 int DatabaseAuthorizer::createTempTrigger(const String&, const String& tableName)
104 {
105 return denyBasedOnTableName(tableName);
106 }
107
dropTrigger(const String &,const String & tableName)108 int DatabaseAuthorizer::dropTrigger(const String&, const String& tableName)
109 {
110 return denyBasedOnTableName(tableName);
111 }
112
dropTempTrigger(const String &,const String & tableName)113 int DatabaseAuthorizer::dropTempTrigger(const String&, const String& tableName)
114 {
115 return denyBasedOnTableName(tableName);
116 }
117
createVTable(const String &,const String &)118 int DatabaseAuthorizer::createVTable(const String&, const String&)
119 {
120 m_lastActionChangedDatabase = true;
121 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
122 }
123
dropVTable(const String &,const String &)124 int DatabaseAuthorizer::dropVTable(const String&, const String&)
125 {
126 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
127 }
128
allowDelete(const String & tableName)129 int DatabaseAuthorizer::allowDelete(const String& tableName)
130 {
131 return denyBasedOnTableName(tableName);
132 }
133
allowInsert(const String & tableName)134 int DatabaseAuthorizer::allowInsert(const String& tableName)
135 {
136 m_lastActionChangedDatabase = true;
137 m_lastActionWasInsert = true;
138 return denyBasedOnTableName(tableName);
139 }
140
allowUpdate(const String & tableName,const String &)141 int DatabaseAuthorizer::allowUpdate(const String& tableName, const String&)
142 {
143 m_lastActionChangedDatabase = true;
144 return denyBasedOnTableName(tableName);
145 }
146
allowTransaction()147 int DatabaseAuthorizer::allowTransaction()
148 {
149 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
150 }
151
allowRead(const String & tableName,const String &)152 int DatabaseAuthorizer::allowRead(const String& tableName, const String&)
153 {
154 return denyBasedOnTableName(tableName);
155 }
156
allowAnalyze(const String & tableName)157 int DatabaseAuthorizer::allowAnalyze(const String& tableName)
158 {
159 return denyBasedOnTableName(tableName);
160 }
161
allowPragma(const String &,const String &)162 int DatabaseAuthorizer::allowPragma(const String&, const String&)
163 {
164 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
165 }
166
allowAttach(const String &)167 int DatabaseAuthorizer::allowAttach(const String&)
168 {
169 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
170 }
171
allowDetach(const String &)172 int DatabaseAuthorizer::allowDetach(const String&)
173 {
174 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
175 }
176
allowFunction(const String &)177 int DatabaseAuthorizer::allowFunction(const String&)
178 {
179 // FIXME: Are there any of these we need to prevent? One might guess current_date, current_time, current_timestamp because
180 // they would violate the "sandbox environment" part of 4.11.3, but scripts can generate the local client side information via
181 // javascript directly, anyways. Are there any other built-ins we need to be worried about?
182 return SQLAuthAllow;
183 }
184
disable()185 void DatabaseAuthorizer::disable()
186 {
187 m_securityEnabled = false;
188 }
189
enable()190 void DatabaseAuthorizer::enable()
191 {
192 m_securityEnabled = true;
193 }
194
denyBasedOnTableName(const String & tableName)195 int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName)
196 {
197 if (!m_securityEnabled)
198 return SQLAuthAllow;
199
200 // Sadly, normal creates and drops end up affecting sqlite_master in an authorizer callback, so
201 // it will be tough to enforce all of the following policies
202 //if (equalIgnoringCase(tableName, "sqlite_master") || equalIgnoringCase(tableName, "sqlite_temp_master") ||
203 // equalIgnoringCase(tableName, "sqlite_sequence") || equalIgnoringCase(tableName, Database::databaseInfoTableName()))
204 // return SQLAuthDeny;
205
206 if (equalIgnoringCase(tableName, Database::databaseInfoTableName()))
207 return SQLAuthDeny;
208
209 return SQLAuthAllow;
210 }
211
212 } // namespace WebCore
213