| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 */ | 27 */ |
| 28 | 28 |
| 29 #include "modules/webdatabase/DatabaseAuthorizer.h" | 29 #include "modules/webdatabase/DatabaseAuthorizer.h" |
| 30 | 30 |
| 31 #include "wtf/HashSet.h" |
| 32 #include "wtf/StdLibExtras.h" |
| 33 #include "wtf/text/StringHash.h" |
| 34 |
| 31 namespace blink { | 35 namespace blink { |
| 32 | 36 |
| 33 DatabaseAuthorizer* DatabaseAuthorizer::create(const String& databaseInfoTableNa
me) | 37 DatabaseAuthorizer* DatabaseAuthorizer::create(const String& databaseInfoTableNa
me) |
| 34 { | 38 { |
| 35 return new DatabaseAuthorizer(databaseInfoTableName); | 39 return new DatabaseAuthorizer(databaseInfoTableName); |
| 36 } | 40 } |
| 37 | 41 |
| 38 DatabaseAuthorizer::DatabaseAuthorizer(const String& databaseInfoTableName) | 42 DatabaseAuthorizer::DatabaseAuthorizer(const String& databaseInfoTableName) |
| 39 : m_securityEnabled(false) | 43 : m_securityEnabled(false) |
| 40 , m_databaseInfoTableName(databaseInfoTableName) | 44 , m_databaseInfoTableName(databaseInfoTableName) |
| 41 { | 45 { |
| 42 DCHECK(isMainThread()); | 46 DCHECK(isMainThread()); |
| 43 | 47 |
| 44 reset(); | 48 reset(); |
| 45 addWhitelistedFunctions(); | |
| 46 } | 49 } |
| 47 | 50 |
| 48 void DatabaseAuthorizer::reset() | 51 void DatabaseAuthorizer::reset() |
| 49 { | 52 { |
| 50 m_lastActionWasInsert = false; | 53 m_lastActionWasInsert = false; |
| 51 m_lastActionChangedDatabase = false; | 54 m_lastActionChangedDatabase = false; |
| 52 m_permissions = ReadWriteMask; | 55 m_permissions = ReadWriteMask; |
| 53 } | 56 } |
| 54 | 57 |
| 55 void DatabaseAuthorizer::resetDeletes() | 58 void DatabaseAuthorizer::resetDeletes() |
| 56 { | 59 { |
| 57 m_hadDeletes = false; | 60 m_hadDeletes = false; |
| 58 } | 61 } |
| 59 | 62 |
| 60 void DatabaseAuthorizer::addWhitelistedFunctions() | 63 namespace { |
| 64 using FunctionNameList = HashSet<String, CaseFoldingHash>; |
| 65 |
| 66 const FunctionNameList& whitelistedFunctions() |
| 61 { | 67 { |
| 62 // SQLite functions used to help implement some operations | 68 DEFINE_STATIC_LOCAL(FunctionNameList, list, ({ |
| 63 // ALTER TABLE helpers | 69 // SQLite functions used to help implement some operations |
| 64 m_whitelistedFunctions.add("sqlite_rename_table"); | 70 // ALTER TABLE helpers |
| 65 m_whitelistedFunctions.add("sqlite_rename_trigger"); | 71 "sqlite_rename_table", |
| 66 // GLOB helpers | 72 "sqlite_rename_trigger", |
| 67 m_whitelistedFunctions.add("glob"); | 73 // GLOB helpers |
| 68 | 74 "glob", |
| 69 // SQLite core functions | 75 // SQLite core functions |
| 70 m_whitelistedFunctions.add("abs"); | 76 "abs", |
| 71 m_whitelistedFunctions.add("changes"); | 77 "changes", |
| 72 m_whitelistedFunctions.add("coalesce"); | 78 "coalesce", |
| 73 m_whitelistedFunctions.add("glob"); | 79 "glob", |
| 74 m_whitelistedFunctions.add("ifnull"); | 80 "ifnull", |
| 75 m_whitelistedFunctions.add("hex"); | 81 "hex", |
| 76 m_whitelistedFunctions.add("last_insert_rowid"); | 82 "last_insert_rowid", |
| 77 m_whitelistedFunctions.add("length"); | 83 "length", |
| 78 m_whitelistedFunctions.add("like"); | 84 "like", |
| 79 m_whitelistedFunctions.add("lower"); | 85 "lower", |
| 80 m_whitelistedFunctions.add("ltrim"); | 86 "ltrim", |
| 81 m_whitelistedFunctions.add("max"); | 87 "max", |
| 82 m_whitelistedFunctions.add("min"); | 88 "min", |
| 83 m_whitelistedFunctions.add("nullif"); | 89 "nullif", |
| 84 m_whitelistedFunctions.add("quote"); | 90 "quote", |
| 85 m_whitelistedFunctions.add("replace"); | 91 "replace", |
| 86 m_whitelistedFunctions.add("round"); | 92 "round", |
| 87 m_whitelistedFunctions.add("rtrim"); | 93 "rtrim", |
| 88 m_whitelistedFunctions.add("soundex"); | 94 "soundex", |
| 89 m_whitelistedFunctions.add("sqlite_source_id"); | 95 "sqlite_source_id", |
| 90 m_whitelistedFunctions.add("sqlite_version"); | 96 "sqlite_version", |
| 91 m_whitelistedFunctions.add("substr"); | 97 "substr", |
| 92 m_whitelistedFunctions.add("total_changes"); | 98 "total_changes", |
| 93 m_whitelistedFunctions.add("trim"); | 99 "trim", |
| 94 m_whitelistedFunctions.add("typeof"); | 100 "typeof", |
| 95 m_whitelistedFunctions.add("upper"); | 101 "upper", |
| 96 m_whitelistedFunctions.add("zeroblob"); | 102 "zeroblob", |
| 97 | 103 // SQLite date and time functions |
| 98 // SQLite date and time functions | 104 "date", |
| 99 m_whitelistedFunctions.add("date"); | 105 "time", |
| 100 m_whitelistedFunctions.add("time"); | 106 "datetime", |
| 101 m_whitelistedFunctions.add("datetime"); | 107 "julianday", |
| 102 m_whitelistedFunctions.add("julianday"); | 108 "strftime", |
| 103 m_whitelistedFunctions.add("strftime"); | 109 // SQLite aggregate functions |
| 104 | 110 // max() and min() are already in the list |
| 105 // SQLite aggregate functions | 111 "avg", |
| 106 // max() and min() are already in the list | 112 "count", |
| 107 m_whitelistedFunctions.add("avg"); | 113 "group_concat", |
| 108 m_whitelistedFunctions.add("count"); | 114 "sum", |
| 109 m_whitelistedFunctions.add("group_concat"); | 115 "total", |
| 110 m_whitelistedFunctions.add("sum"); | 116 // SQLite FTS functions |
| 111 m_whitelistedFunctions.add("total"); | 117 "match", |
| 112 | 118 "snippet", |
| 113 // SQLite FTS functions | 119 "offsets", |
| 114 m_whitelistedFunctions.add("match"); | 120 "optimize", |
| 115 m_whitelistedFunctions.add("snippet"); | 121 // SQLite ICU functions |
| 116 m_whitelistedFunctions.add("offsets"); | 122 // like(), lower() and upper() are already in the list |
| 117 m_whitelistedFunctions.add("optimize"); | 123 "regexp", |
| 118 | 124 })); |
| 119 // SQLite ICU functions | 125 return list; |
| 120 // like(), lower() and upper() are already in the list | 126 } |
| 121 m_whitelistedFunctions.add("regexp"); | |
| 122 } | 127 } |
| 123 | 128 |
| 124 int DatabaseAuthorizer::createTable(const String& tableName) | 129 int DatabaseAuthorizer::createTable(const String& tableName) |
| 125 { | 130 { |
| 126 if (!allowWrite()) | 131 if (!allowWrite()) |
| 127 return SQLAuthDeny; | 132 return SQLAuthDeny; |
| 128 | 133 |
| 129 m_lastActionChangedDatabase = true; | 134 m_lastActionChangedDatabase = true; |
| 130 return denyBasedOnTableName(tableName); | 135 return denyBasedOnTableName(tableName); |
| 131 } | 136 } |
| (...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 366 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow; | 371 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow; |
| 367 } | 372 } |
| 368 | 373 |
| 369 int DatabaseAuthorizer::allowDetach(const String&) | 374 int DatabaseAuthorizer::allowDetach(const String&) |
| 370 { | 375 { |
| 371 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow; | 376 return m_securityEnabled ? SQLAuthDeny : SQLAuthAllow; |
| 372 } | 377 } |
| 373 | 378 |
| 374 int DatabaseAuthorizer::allowFunction(const String& functionName) | 379 int DatabaseAuthorizer::allowFunction(const String& functionName) |
| 375 { | 380 { |
| 376 if (m_securityEnabled && !m_whitelistedFunctions.contains(functionName)) | 381 if (m_securityEnabled && !whitelistedFunctions().contains(functionName)) |
| 377 return SQLAuthDeny; | 382 return SQLAuthDeny; |
| 378 | 383 |
| 379 return SQLAuthAllow; | 384 return SQLAuthAllow; |
| 380 } | 385 } |
| 381 | 386 |
| 382 void DatabaseAuthorizer::disable() | 387 void DatabaseAuthorizer::disable() |
| 383 { | 388 { |
| 384 m_securityEnabled = false; | 389 m_securityEnabled = false; |
| 385 } | 390 } |
| 386 | 391 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 | 423 |
| 419 int DatabaseAuthorizer::updateDeletesBasedOnTableName(const String& tableName) | 424 int DatabaseAuthorizer::updateDeletesBasedOnTableName(const String& tableName) |
| 420 { | 425 { |
| 421 int allow = denyBasedOnTableName(tableName); | 426 int allow = denyBasedOnTableName(tableName); |
| 422 if (allow) | 427 if (allow) |
| 423 m_hadDeletes = true; | 428 m_hadDeletes = true; |
| 424 return allow; | 429 return allow; |
| 425 } | 430 } |
| 426 | 431 |
| 427 } // namespace blink | 432 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2142513003:
Use initializer_lists for static WTF::HashSets. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master