gristlabs_grist-core/app/server
Paul Fitzpatrick 6e15d44cf6 (core) start applying defenses for untrusted document uploads
Summary:
This applies some mitigations suggested by SQLite authors when
opening untrusted SQLite databases, as we do when Grist docs
are uploaded by the user.  See:
  https://www.sqlite.org/security.html#untrusted_sqlite_database_files

Steps implemented in this diff are:
  * Setting `trusted_schema` to off
  * Running a SQLite-level integrity check on uploads

Other steps will require updates to our node-sqlite3 fork, since they
are not available via the node-sqlite3 api (one more reason to migrate
to better-sqlite3).

I haven't yet managed to create a file that triggers an integrity
check failure without also being detected as corruption by sqlite
at a more basic level, so that is a TODO for testing.

Test Plan:
existing tests pass; need to come up with exploits to
actually test the defences and have not yet

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2909
2021-07-14 18:34:27 -04:00
..
lib (core) start applying defenses for untrusted document uploads 2021-07-14 18:34:27 -04:00
declarations.d.ts (core) start applying defenses for untrusted document uploads 2021-07-14 18:34:27 -04:00
devServerMain.ts (core) Refactoring google drive plugin 2021-07-14 09:52:04 +02:00
mergedServerMain.ts (core) Refactoring google drive plugin 2021-07-14 09:52:04 +02:00
serverMethods.ts (core) Use individual choices for filtering choice lists 2021-06-11 09:34:06 -07:00
tsconfig.json (core) move home server into core 2020-07-21 20:39:10 -04:00