Fossil SCM
test-db-prepare command: added --auth-report and --auth-ticket flags to install either the report or ticket schema authorizer for purposes of testing the given statement preparation. Basic sanity tests pass but needs more testing.
Commit
1bb06c94d650c6bdd4b279da28e3d832b769fde899c7eac9d2745b652f0baa9e
Parent
02226325b6e10f1…
3 files changed
+34
-1
+2
-1
+16
-2
M
src/db.c
+34
-1
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -864,23 +864,56 @@ | ||
| 864 | 864 | db_exec(&err); |
| 865 | 865 | } |
| 866 | 866 | |
| 867 | 867 | /* |
| 868 | 868 | ** COMMAND: test-db-prepare |
| 869 | -** Usage: %fossil test-db-prepare ?OPTIONS? SQL | |
| 869 | +** Usage: %fossil test-db-prepare ?OPTIONS? SQL-STATEMENT | |
| 870 | +** | |
| 871 | +** Options: | |
| 872 | +** | |
| 873 | +** --auth-report Enable the ticket report query authorizer. | |
| 874 | +** --auth-ticket Enable the ticket schema query authorizer. | |
| 870 | 875 | ** |
| 871 | 876 | ** Invoke db_prepare() on the SQL input. Report any errors encountered. |
| 872 | 877 | ** This command is used to verify error detection logic in the db_prepare() |
| 873 | 878 | ** utility routine. |
| 874 | 879 | */ |
| 875 | 880 | void db_test_db_prepare(void){ |
| 881 | + const int fAuthReport = find_option("auth-report",0,0)!=0; | |
| 882 | + const int fAuthSchema = find_option("auth-ticket",0,0)!=0; | |
| 883 | + const int fAuth = fAuthReport + fAuthSchema; | |
| 884 | + char * zReportErr = 0; /* auth-report error string. */ | |
| 885 | + int nSchemaErr = 0; /* Number of auth-ticket errors. */ | |
| 876 | 886 | Stmt err; |
| 887 | + | |
| 888 | + if(fAuth>1){ | |
| 889 | + fossil_fatal("Only one of --auth-report or --auth-ticket " | |
| 890 | + "may be used."); | |
| 891 | + } | |
| 877 | 892 | db_find_and_open_repository(0,0); |
| 878 | 893 | verify_all_options(); |
| 879 | 894 | if( g.argc!=3 ) usage("?OPTIONS? SQL"); |
| 895 | + if(fAuthReport){ | |
| 896 | + report_restrict_sql(&zReportErr); | |
| 897 | + }else if(fAuthSchema){ | |
| 898 | + ticket_restrict_sql(&nSchemaErr); | |
| 899 | + } | |
| 880 | 900 | db_prepare(&err, "%s", g.argv[2]/*safe-for-%s*/); |
| 881 | 901 | db_finalize(&err); |
| 902 | + if(fAuthReport){ | |
| 903 | + report_unrestrict_sql(); | |
| 904 | + if(zReportErr){ | |
| 905 | + fossil_warning("Report authorizer error: %s\n", zReportErr); | |
| 906 | + fossil_free(zReportErr); | |
| 907 | + } | |
| 908 | + }else if(fAuthSchema){ | |
| 909 | + ticket_unrestrict_sql(); | |
| 910 | + if(nSchemaErr){ | |
| 911 | + fossil_warning("Ticket schema authorizer error count: %d\n", | |
| 912 | + nSchemaErr); | |
| 913 | + } | |
| 914 | + } | |
| 882 | 915 | } |
| 883 | 916 | |
| 884 | 917 | /* |
| 885 | 918 | ** Print the output of one or more SQL queries on standard output. |
| 886 | 919 | ** This routine is used for debugging purposes only. |
| 887 | 920 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -864,23 +864,56 @@ | |
| 864 | db_exec(&err); |
| 865 | } |
| 866 | |
| 867 | /* |
| 868 | ** COMMAND: test-db-prepare |
| 869 | ** Usage: %fossil test-db-prepare ?OPTIONS? SQL |
| 870 | ** |
| 871 | ** Invoke db_prepare() on the SQL input. Report any errors encountered. |
| 872 | ** This command is used to verify error detection logic in the db_prepare() |
| 873 | ** utility routine. |
| 874 | */ |
| 875 | void db_test_db_prepare(void){ |
| 876 | Stmt err; |
| 877 | db_find_and_open_repository(0,0); |
| 878 | verify_all_options(); |
| 879 | if( g.argc!=3 ) usage("?OPTIONS? SQL"); |
| 880 | db_prepare(&err, "%s", g.argv[2]/*safe-for-%s*/); |
| 881 | db_finalize(&err); |
| 882 | } |
| 883 | |
| 884 | /* |
| 885 | ** Print the output of one or more SQL queries on standard output. |
| 886 | ** This routine is used for debugging purposes only. |
| 887 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -864,23 +864,56 @@ | |
| 864 | db_exec(&err); |
| 865 | } |
| 866 | |
| 867 | /* |
| 868 | ** COMMAND: test-db-prepare |
| 869 | ** Usage: %fossil test-db-prepare ?OPTIONS? SQL-STATEMENT |
| 870 | ** |
| 871 | ** Options: |
| 872 | ** |
| 873 | ** --auth-report Enable the ticket report query authorizer. |
| 874 | ** --auth-ticket Enable the ticket schema query authorizer. |
| 875 | ** |
| 876 | ** Invoke db_prepare() on the SQL input. Report any errors encountered. |
| 877 | ** This command is used to verify error detection logic in the db_prepare() |
| 878 | ** utility routine. |
| 879 | */ |
| 880 | void db_test_db_prepare(void){ |
| 881 | const int fAuthReport = find_option("auth-report",0,0)!=0; |
| 882 | const int fAuthSchema = find_option("auth-ticket",0,0)!=0; |
| 883 | const int fAuth = fAuthReport + fAuthSchema; |
| 884 | char * zReportErr = 0; /* auth-report error string. */ |
| 885 | int nSchemaErr = 0; /* Number of auth-ticket errors. */ |
| 886 | Stmt err; |
| 887 | |
| 888 | if(fAuth>1){ |
| 889 | fossil_fatal("Only one of --auth-report or --auth-ticket " |
| 890 | "may be used."); |
| 891 | } |
| 892 | db_find_and_open_repository(0,0); |
| 893 | verify_all_options(); |
| 894 | if( g.argc!=3 ) usage("?OPTIONS? SQL"); |
| 895 | if(fAuthReport){ |
| 896 | report_restrict_sql(&zReportErr); |
| 897 | }else if(fAuthSchema){ |
| 898 | ticket_restrict_sql(&nSchemaErr); |
| 899 | } |
| 900 | db_prepare(&err, "%s", g.argv[2]/*safe-for-%s*/); |
| 901 | db_finalize(&err); |
| 902 | if(fAuthReport){ |
| 903 | report_unrestrict_sql(); |
| 904 | if(zReportErr){ |
| 905 | fossil_warning("Report authorizer error: %s\n", zReportErr); |
| 906 | fossil_free(zReportErr); |
| 907 | } |
| 908 | }else if(fAuthSchema){ |
| 909 | ticket_unrestrict_sql(); |
| 910 | if(nSchemaErr){ |
| 911 | fossil_warning("Ticket schema authorizer error count: %d\n", |
| 912 | nSchemaErr); |
| 913 | } |
| 914 | } |
| 915 | } |
| 916 | |
| 917 | /* |
| 918 | ** Print the output of one or more SQL queries on standard output. |
| 919 | ** This routine is used for debugging purposes only. |
| 920 |
+2
-1
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -240,11 +240,12 @@ | ||
| 240 | 240 | } |
| 241 | 241 | return rc; |
| 242 | 242 | } |
| 243 | 243 | |
| 244 | 244 | /* |
| 245 | -** Activate the query authorizer | |
| 245 | +** Activate the ticket report query authorizer. Must be followed by an | |
| 246 | +** eventual call to ticket_unrestrict_sql(). | |
| 246 | 247 | */ |
| 247 | 248 | void report_restrict_sql(char **pzErr){ |
| 248 | 249 | db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); |
| 249 | 250 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 250 | 251 | } |
| 251 | 252 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -240,11 +240,12 @@ | |
| 240 | } |
| 241 | return rc; |
| 242 | } |
| 243 | |
| 244 | /* |
| 245 | ** Activate the query authorizer |
| 246 | */ |
| 247 | void report_restrict_sql(char **pzErr){ |
| 248 | db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); |
| 249 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 250 | } |
| 251 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -240,11 +240,12 @@ | |
| 240 | } |
| 241 | return rc; |
| 242 | } |
| 243 | |
| 244 | /* |
| 245 | ** Activate the ticket report query authorizer. Must be followed by an |
| 246 | ** eventual call to ticket_unrestrict_sql(). |
| 247 | */ |
| 248 | void report_restrict_sql(char **pzErr){ |
| 249 | db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); |
| 250 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 251 | } |
| 252 |
+16
-2
| --- src/tkt.c | ||
| +++ src/tkt.c | ||
| @@ -467,10 +467,24 @@ | ||
| 467 | 467 | ticket_schema_error: |
| 468 | 468 | if( pNErr ) *(int*)pNErr = 1; |
| 469 | 469 | return SQLITE_DENY; |
| 470 | 470 | } |
| 471 | 471 | |
| 472 | +/* | |
| 473 | +** Activate the ticket schema authorizer. Must be followed by | |
| 474 | +** an eventual call to ticket_unrestrict_sql(). | |
| 475 | +*/ | |
| 476 | +void ticket_restrict_sql(int * pNErr){ | |
| 477 | + db_set_authorizer(ticket_schema_auth,(void*)pNErr,"Ticket-Schema"); | |
| 478 | +} | |
| 479 | +/* | |
| 480 | +** Deactivate the ticket schema authorizer. | |
| 481 | +*/ | |
| 482 | +void ticket_unrestrict_sql(void){ | |
| 483 | + db_clear_authorizer(); | |
| 484 | +} | |
| 485 | + | |
| 472 | 486 | |
| 473 | 487 | /* |
| 474 | 488 | ** Recreate the TICKET and TICKETCHNG tables. |
| 475 | 489 | */ |
| 476 | 490 | void ticket_create_table(int separateConnection){ |
| @@ -479,18 +493,18 @@ | ||
| 479 | 493 | db_multi_exec( |
| 480 | 494 | "DROP TABLE IF EXISTS ticket;" |
| 481 | 495 | "DROP TABLE IF EXISTS ticketchng;" |
| 482 | 496 | ); |
| 483 | 497 | zSql = ticket_table_schema(); |
| 484 | - db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); | |
| 498 | + ticket_restrict_sql(0); | |
| 485 | 499 | if( separateConnection ){ |
| 486 | 500 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 487 | 501 | db_init_database(g.zRepositoryName, zSql, 0); |
| 488 | 502 | }else{ |
| 489 | 503 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 490 | 504 | } |
| 491 | - db_clear_authorizer(); | |
| 505 | + ticket_unrestrict_sql(); | |
| 492 | 506 | fossil_free(zSql); |
| 493 | 507 | } |
| 494 | 508 | |
| 495 | 509 | /* |
| 496 | 510 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 497 | 511 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -467,10 +467,24 @@ | |
| 467 | ticket_schema_error: |
| 468 | if( pNErr ) *(int*)pNErr = 1; |
| 469 | return SQLITE_DENY; |
| 470 | } |
| 471 | |
| 472 | |
| 473 | /* |
| 474 | ** Recreate the TICKET and TICKETCHNG tables. |
| 475 | */ |
| 476 | void ticket_create_table(int separateConnection){ |
| @@ -479,18 +493,18 @@ | |
| 479 | db_multi_exec( |
| 480 | "DROP TABLE IF EXISTS ticket;" |
| 481 | "DROP TABLE IF EXISTS ticketchng;" |
| 482 | ); |
| 483 | zSql = ticket_table_schema(); |
| 484 | db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); |
| 485 | if( separateConnection ){ |
| 486 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 487 | db_init_database(g.zRepositoryName, zSql, 0); |
| 488 | }else{ |
| 489 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 490 | } |
| 491 | db_clear_authorizer(); |
| 492 | fossil_free(zSql); |
| 493 | } |
| 494 | |
| 495 | /* |
| 496 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 497 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -467,10 +467,24 @@ | |
| 467 | ticket_schema_error: |
| 468 | if( pNErr ) *(int*)pNErr = 1; |
| 469 | return SQLITE_DENY; |
| 470 | } |
| 471 | |
| 472 | /* |
| 473 | ** Activate the ticket schema authorizer. Must be followed by |
| 474 | ** an eventual call to ticket_unrestrict_sql(). |
| 475 | */ |
| 476 | void ticket_restrict_sql(int * pNErr){ |
| 477 | db_set_authorizer(ticket_schema_auth,(void*)pNErr,"Ticket-Schema"); |
| 478 | } |
| 479 | /* |
| 480 | ** Deactivate the ticket schema authorizer. |
| 481 | */ |
| 482 | void ticket_unrestrict_sql(void){ |
| 483 | db_clear_authorizer(); |
| 484 | } |
| 485 | |
| 486 | |
| 487 | /* |
| 488 | ** Recreate the TICKET and TICKETCHNG tables. |
| 489 | */ |
| 490 | void ticket_create_table(int separateConnection){ |
| @@ -479,18 +493,18 @@ | |
| 493 | db_multi_exec( |
| 494 | "DROP TABLE IF EXISTS ticket;" |
| 495 | "DROP TABLE IF EXISTS ticketchng;" |
| 496 | ); |
| 497 | zSql = ticket_table_schema(); |
| 498 | ticket_restrict_sql(0); |
| 499 | if( separateConnection ){ |
| 500 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 501 | db_init_database(g.zRepositoryName, zSql, 0); |
| 502 | }else{ |
| 503 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 504 | } |
| 505 | ticket_unrestrict_sql(); |
| 506 | fossil_free(zSql); |
| 507 | } |
| 508 | |
| 509 | /* |
| 510 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 511 |