• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2007 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1.  Redistributions of source code must retain the above copyright
9  *     notice, this list of conditions and the following disclaimer.
10  * 2.  Redistributions in binary form must reproduce the above copyright
11  *     notice, this list of conditions and the following disclaimer in the
12  *     documentation and/or other materials provided with the distribution.
13  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14  *     its contributors may be used to endorse or promote products derived
15  *     from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include "config.h"
30 #include "DatabaseAuthorizer.h"
31 
32 #include "Database.h"
33 #include "PlatformString.h"
34 
35 namespace WebCore {
36 
DatabaseAuthorizer()37 DatabaseAuthorizer::DatabaseAuthorizer()
38     : m_securityEnabled(false)
39 {
40     reset();
41 }
42 
reset()43 void DatabaseAuthorizer::reset()
44 {
45     m_lastActionWasInsert = false;
46     m_lastActionChangedDatabase = false;
47     m_readOnly = false;
48 }
49 
createTable(const String & tableName)50 int DatabaseAuthorizer::createTable(const String& tableName)
51 {
52     if (m_readOnly && m_securityEnabled)
53         return SQLAuthDeny;
54 
55     m_lastActionChangedDatabase = true;
56     return denyBasedOnTableName(tableName);
57 }
58 
createTempTable(const String & tableName)59 int DatabaseAuthorizer::createTempTable(const String& tableName)
60 {
61     return denyBasedOnTableName(tableName);
62 }
63 
dropTable(const String & tableName)64 int DatabaseAuthorizer::dropTable(const String& tableName)
65 {
66     if (m_readOnly && m_securityEnabled)
67         return SQLAuthDeny;
68 
69     return denyBasedOnTableName(tableName);
70 }
71 
dropTempTable(const String & tableName)72 int DatabaseAuthorizer::dropTempTable(const String& tableName)
73 {
74     return denyBasedOnTableName(tableName);
75 }
76 
allowAlterTable(const String &,const String & tableName)77 int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
78 {
79     if (m_readOnly && m_securityEnabled)
80         return SQLAuthDeny;
81 
82     m_lastActionChangedDatabase = true;
83     return denyBasedOnTableName(tableName);
84 }
85 
createIndex(const String &,const String & tableName)86 int DatabaseAuthorizer::createIndex(const String&, const String& tableName)
87 {
88     if (m_readOnly && m_securityEnabled)
89         return SQLAuthDeny;
90 
91     m_lastActionChangedDatabase = true;
92     return denyBasedOnTableName(tableName);
93 }
94 
createTempIndex(const String &,const String & tableName)95 int DatabaseAuthorizer::createTempIndex(const String&, const String& tableName)
96 {
97     return denyBasedOnTableName(tableName);
98 }
99 
dropIndex(const String &,const String & tableName)100 int DatabaseAuthorizer::dropIndex(const String&, const String& tableName)
101 {
102     if (m_readOnly && m_securityEnabled)
103         return SQLAuthDeny;
104 
105     return denyBasedOnTableName(tableName);
106 }
107 
dropTempIndex(const String &,const String & tableName)108 int DatabaseAuthorizer::dropTempIndex(const String&, const String& tableName)
109 {
110     return denyBasedOnTableName(tableName);
111 }
112 
createTrigger(const String &,const String & tableName)113 int DatabaseAuthorizer::createTrigger(const String&, const String& tableName)
114 {
115     if (m_readOnly && m_securityEnabled)
116         return SQLAuthDeny;
117 
118     m_lastActionChangedDatabase = true;
119     return denyBasedOnTableName(tableName);
120 }
121 
createTempTrigger(const String &,const String & tableName)122 int DatabaseAuthorizer::createTempTrigger(const String&, const String& tableName)
123 {
124     return denyBasedOnTableName(tableName);
125 }
126 
dropTrigger(const String &,const String & tableName)127 int DatabaseAuthorizer::dropTrigger(const String&, const String& tableName)
128 {
129     if (m_readOnly && m_securityEnabled)
130         return SQLAuthDeny;
131 
132     return denyBasedOnTableName(tableName);
133 }
134 
dropTempTrigger(const String &,const String & tableName)135 int DatabaseAuthorizer::dropTempTrigger(const String&, const String& tableName)
136 {
137     return denyBasedOnTableName(tableName);
138 }
139 
createVTable(const String &,const String &)140 int DatabaseAuthorizer::createVTable(const String&, const String&)
141 {
142     if (m_readOnly && m_securityEnabled)
143         return SQLAuthDeny;
144 
145     m_lastActionChangedDatabase = true;
146     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
147 }
148 
dropVTable(const String &,const String &)149 int DatabaseAuthorizer::dropVTable(const String&, const String&)
150 {
151     if (m_readOnly && m_securityEnabled)
152         return SQLAuthDeny;
153 
154     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
155 }
156 
allowDelete(const String & tableName)157 int DatabaseAuthorizer::allowDelete(const String& tableName)
158 {
159     if (m_readOnly && m_securityEnabled)
160         return SQLAuthDeny;
161 
162     return denyBasedOnTableName(tableName);
163 }
164 
allowInsert(const String & tableName)165 int DatabaseAuthorizer::allowInsert(const String& tableName)
166 {
167     if (m_readOnly && m_securityEnabled)
168         return SQLAuthDeny;
169 
170     m_lastActionChangedDatabase = true;
171     m_lastActionWasInsert = true;
172     return denyBasedOnTableName(tableName);
173 }
174 
allowUpdate(const String & tableName,const String &)175 int DatabaseAuthorizer::allowUpdate(const String& tableName, const String&)
176 {
177     if (m_readOnly && m_securityEnabled)
178         return SQLAuthDeny;
179 
180     m_lastActionChangedDatabase = true;
181     return denyBasedOnTableName(tableName);
182 }
183 
allowTransaction()184 int DatabaseAuthorizer::allowTransaction()
185 {
186     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
187 }
188 
allowRead(const String & tableName,const String &)189 int DatabaseAuthorizer::allowRead(const String& tableName, const String&)
190 {
191     return denyBasedOnTableName(tableName);
192 }
193 
allowAnalyze(const String & tableName)194 int DatabaseAuthorizer::allowAnalyze(const String& tableName)
195 {
196     return denyBasedOnTableName(tableName);
197 }
198 
allowPragma(const String &,const String &)199 int DatabaseAuthorizer::allowPragma(const String&, const String&)
200 {
201     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
202 }
203 
allowAttach(const String &)204 int DatabaseAuthorizer::allowAttach(const String&)
205 {
206     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
207 }
208 
allowDetach(const String &)209 int DatabaseAuthorizer::allowDetach(const String&)
210 {
211     return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow;
212 }
213 
allowFunction(const String &)214 int DatabaseAuthorizer::allowFunction(const String&)
215 {
216     // FIXME: Are there any of these we need to prevent?  One might guess current_date, current_time, current_timestamp because
217     // they would violate the "sandbox environment" part of 4.11.3, but scripts can generate the local client side information via
218     // javascript directly, anyways.  Are there any other built-ins we need to be worried about?
219     return SQLAuthAllow;
220 }
221 
disable()222 void DatabaseAuthorizer::disable()
223 {
224     m_securityEnabled = false;
225 }
226 
enable()227 void DatabaseAuthorizer::enable()
228 {
229     m_securityEnabled = true;
230 }
231 
setReadOnly()232 void DatabaseAuthorizer::setReadOnly()
233 {
234     m_readOnly = true;
235 }
236 
denyBasedOnTableName(const String & tableName)237 int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName)
238 {
239     if (!m_securityEnabled)
240         return SQLAuthAllow;
241 
242     // Sadly, normal creates and drops end up affecting sqlite_master in an authorizer callback, so
243     // it will be tough to enforce all of the following policies
244     //if (equalIgnoringCase(tableName, "sqlite_master") || equalIgnoringCase(tableName, "sqlite_temp_master") ||
245     //    equalIgnoringCase(tableName, "sqlite_sequence") || equalIgnoringCase(tableName, Database::databaseInfoTableName()))
246     //        return SQLAuthDeny;
247 
248     if (equalIgnoringCase(tableName, Database::databaseInfoTableName()))
249         return SQLAuthDeny;
250 
251     return SQLAuthAllow;
252 }
253 
254 } // namespace WebCore
255