gristlabs_grist-core/app
Paul Fitzpatrick 6e15d44cf6 (core) start applying defenses for untrusted document uploads
Summary:
This applies some mitigations suggested by SQLite authors when
opening untrusted SQLite databases, as we do when Grist docs
are uploaded by the user.  See:
  https://www.sqlite.org/security.html#untrusted_sqlite_database_files

Steps implemented in this diff are:
  * Setting `trusted_schema` to off
  * Running a SQLite-level integrity check on uploads

Other steps will require updates to our node-sqlite3 fork, since they
are not available via the node-sqlite3 api (one more reason to migrate
to better-sqlite3).

I haven't yet managed to create a file that triggers an integrity
check failure without also being detected as corruption by sqlite
at a more basic level, so that is a TODO for testing.

Test Plan:
existing tests pass; need to come up with exploits to
actually test the defences and have not yet

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2909
2021-07-14 18:34:27 -04:00
..
client (core) Refactoring google drive plugin 2021-07-14 09:52:04 +02:00
common (core) Refactoring google drive plugin 2021-07-14 09:52:04 +02:00
gen-server (core) link AppSumo activations with stripe, and support upgrades/downgrades 2021-06-24 10:18:42 -04:00
plugin (core) Showing censored values as a grey cell 2021-06-07 13:11:41 +02:00
server (core) start applying defenses for untrusted document uploads 2021-07-14 18:34:27 -04:00
tsconfig.json (core) move home server into core 2020-07-21 20:39:10 -04:00