Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sqld: reject ATTACH statements #1841

Merged
merged 2 commits into from
Nov 26, 2024
Merged

sqld: reject ATTACH statements #1841

merged 2 commits into from
Nov 26, 2024

Conversation

LucioFranco
Copy link
Contributor

This adds support for rejecting ATTACH statements from dumps. ATTACH statements should be considered dangerous in a multi-tenant setting. With this commit any ATTACH statement inside a dump will be rejected with a 400 status code and a message. In addition, any other sql errors returned by sqlite will be returned as a 400. All other dump errors through this code path (conn.with_raw) will return a 500 like before.

@LucioFranco
sqld: reject ATTACH statements
3c62bd7 
This adds support for rejecting `ATTACH` statements from dumps. `ATTACH`
statements should be considered dangerous in a multi-tenant setting.
With this commit any `ATTACH` statement inside a dump will be rejected
with a 400 status code and a message. In addition, any other sql errors
returned by sqlite will be returned as a 400. All other dump errors
through this code path (conn.with_raw) will return a 500 like before.
haaawk
haaawk reviewed Nov 25, 2024
View reviewed changes
Copy link
Contributor

@haaawk haaawk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I think Nikita's suggestions are good

@LucioFranco LucioFranco added this pull request to the merge queue Nov 26, 2024
Merged via the queue into main with commit 33b2777 Nov 26, 2024
18 checks passed
@LucioFranco LucioFranco deleted the lucio/fix-attach-dump branch November 26, 2024 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haaawk haaawk haaawk left review comments

@sivukhin sivukhin sivukhin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LucioFranco @haaawk @sivukhin