paulfitz/update-llm-readme
spoffy/webdriver-logs
dependabot/npm_and_yarn/webpack-5.94.0
latest_candidate
main
paulfitz/q-test
dependabot/npm_and_yarn/dompurify-3.1.3
dependabot/npm_and_yarn/express-4.20.0
latest
dependabot/npm_and_yarn/elliptic-6.5.7
dependabot/npm_and_yarn/axios-1.7.4
dependabot/npm_and_yarn/micromatch-4.0.8
berhalak/build-test
ignore-alert
link-to-issue-templates
spoffy/rename-candidate-action-job
dependabot/npm_and_yarn/fast-xml-parser-4.4.1
spoffy/playwright
spoffy/grist-ee-defaults
dependabot/npm_and_yarn/ws-8.17.1
dependabot/npm_and_yarn/tar-6.2.1
dependabot/npm_and_yarn/braces-3.0.3
jordigh/native-arm64
paulfitz/preview
paulfitz/smoosh
test-server-reset
dsagal-readme-gvisor
readme-update-dec2023
paulfitz/bundle-widget-prep
jv-linkstate-bubbles-tooltips
jv-linkstate-bubbles-base
jv-bidirectional-tests
preview
bidirectional
chainlink-fix
alex/skip-fstrings-3.9
alex/upgrade-pyodide
alex/3.11-tests
alex/_importParsedFileAsNewTable
poc-engine-data-layer
poc-engine
sponsors-section
removing-missing-key-error
friendly-locale
messytables-requirements
add-page-name
markdown-cells
v1.1.12
v1.1.11
v1.1.10
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v0.7.9
v0.7.8
v0.7.7
v0.7.6
v0.7.5
v0.7.4
v0.7.1
v0.7.2
v0.7.3
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
${ noResults }
1 Commits (24fc3a2d0025d8c6b719fda35b3ccbc78379a725)
Author | SHA1 | Message | Date |
---|---|---|---|
Paul Fitzpatrick | 6e15d44cf6 |
(core) start applying defenses for untrusted document uploads
Summary: This applies some mitigations suggested by SQLite authors when opening untrusted SQLite databases, as we do when Grist docs are uploaded by the user. See: https://www.sqlite.org/security.html#untrusted_sqlite_database_files Steps implemented in this diff are: * Setting `trusted_schema` to off * Running a SQLite-level integrity check on uploads Other steps will require updates to our node-sqlite3 fork, since they are not available via the node-sqlite3 api (one more reason to migrate to better-sqlite3). I haven't yet managed to create a file that triggers an integrity check failure without also being detected as corruption by sqlite at a more basic level, so that is a TODO for testing. Test Plan: existing tests pass; need to come up with exploits to actually test the defences and have not yet Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2909 |
3 years ago |