SQL/SQLite: handle option SQLITE_OPEN_NOFOLLOW

Since SQLite 3.31 there is a new open() option SQLITE_OPEN_NOFOLLOW to disallow a filename with a symlink for security reason. Expose this option to QSQLite via QSQLITE_OPEN_NOFOLLOW. [ChangeLog][SQL][SQLite] Add new option QSQLITE_OPEN_NOFOLLOW to expose open mode SQLITE_OPEN_NOFOLLOW. Change-Id: I2d6218bde2bf8b4f1bc36125dffa551b52369072 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 3379fd2322d112af4ef7ce75aafe18c27746acae) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2024-01-29 20:03:37 +01:00 · 2024-01-29 20:03:37 +01:00 · 03514d8f2c
commit 03514d8f2c
parent ecaf35b4c5
2 changed files with 16 additions and 1 deletions
--- a/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp
+++ b/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp
@ -754,6 +754,7 @@ bool QSQLiteDriver::open(const QString & db, const QString &, const QString &, c
    bool useExtendedResultCodes = true;
    bool useQtVfs = false;
    bool useQtCaseFolding = false;
+    bool openNoFollow = false;
 #if QT_CONFIG(regularexpression)
    static const auto regexpConnectOption = "QSQLITE_ENABLE_REGEXP"_L1;
    bool defineRegexp = false;
@ -783,6 +784,8 @@ bool QSQLiteDriver::open(const QString & db, const QString &, const QString &, c
            useExtendedResultCodes = false;
        } else if (option == "QSQLITE_ENABLE_NON_ASCII_CASE_FOLDING"_L1) {
            useQtCaseFolding = true;
+        } else if (option == "QSQLITE_OPEN_NOFOLLOW"_L1) {
+            openNoFollow = true;
        }
 #if QT_CONFIG(regularexpression)
        else if (option.startsWith(regexpConnectOption)) {
@ -800,12 +803,21 @@ bool QSQLiteDriver::open(const QString & db, const QString &, const QString &, c
            }
        }
 #endif
+        else
+            qWarning("Unsupported option '%ls'", qUtf16Printable(option.toString()));
    }

    int openMode = (openReadOnlyOption ? SQLITE_OPEN_READONLY : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE));
    openMode |= (sharedCache ? SQLITE_OPEN_SHAREDCACHE : SQLITE_OPEN_PRIVATECACHE);
    if (openUriOption)
        openMode |= SQLITE_OPEN_URI;
+    if (openNoFollow) {
+#if defined(SQLITE_OPEN_NOFOLLOW)
+        openMode |= SQLITE_OPEN_NOFOLLOW;
+#else
+        qWarning("SQLITE_OPEN_NOFOLLOW not supported with the SQLite version %s", sqlite3_libversion());
+#endif
+    }

    openMode |= SQLITE_OPEN_NOMUTEX;

--- a/src/sql/doc/src/sql-driver.qdoc
+++ b/src/sql/doc/src/sql-driver.qdoc
@ -756,11 +756,14 @@
    \row
      \li QSQLITE_NO_USE_EXTENDED_RESULT_CODES
      \li Disables the usage of the \l {https://www.sqlite.org/c3ref/extended_result_codes.html}
-          {extended result code} feature in SQLite (for backwards compatibility)
+          {extended result code} feature in SQLite
    \row
      \li QSQLITE_ENABLE_NON_ASCII_CASE_FOLDING
      \li If set, the plugin replaces the functions 'lower' and 'upper' with
          QString functions for correct case folding of non-ascii characters
+    \row
+      \li QSQLITE_OPEN_NOFOLLOW
+      \li If set, the database filename is not allowed to contain a symbolic link
    \endtable

    \section3 How to Build the QSQLITE Plugin