github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/761#issuecomment-624790887 | https://api.github.com/repos/simonw/datasette/issues/761 | 624790887 | MDEyOklzc3VlQ29tbWVudDYyNDc5MDg4Nw== | 9599 | 2020-05-06T17:41:21Z | 2020-05-06T17:41:21Z | OWNER | More demos here: https://github.com/simonw/til/blob/master/sqlite/list-all-columns-in-a-database.md | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 | |
https://github.com/simonw/datasette/issues/761#issuecomment-624783996 | https://api.github.com/repos/simonw/datasette/issues/761 | 624783996 | MDEyOklzc3VlQ29tbWVudDYyNDc4Mzk5Ng== | 9599 | 2020-05-06T17:28:20Z | 2020-05-06T17:28:20Z | OWNER | Interestingly https://latest.datasette.io/fixtures?sql=select+*+from+pragma_function_list() doesn't work, when it DOES work on my laptop. `latest.datasette.io` currently runs SQLite `3.27.2` while my laptop runs `3.31.1` https://www.sqlite.org/changes.html#version_3_30_0 says that as-of 3.30.0: > The PRAGMA function_list, PRAGMA module_list, and PRAGMA pragma_list commands are now enabled in all builds by default. Disable them using -DSQLITE_OMIT_INTROSPECTION_PRAGMAS. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 | |
https://github.com/simonw/datasette/issues/761#issuecomment-624782775 | https://api.github.com/repos/simonw/datasette/issues/761 | 624782775 | MDEyOklzc3VlQ29tbWVudDYyNDc4Mjc3NQ== | 9599 | 2020-05-06T17:26:05Z | 2020-05-06T17:26:05Z | OWNER | Some demos: * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_database_list%28%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_foreign_key_list%28%27complex_foreign_keys%27%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_function_list%28%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_index_info%28%27idx_compound_three_primary_keys_content%27%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_index_list%28%27compound_three_primary_keys%27%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_index_xinfo%28%27idx_compound_three_primary_keys_content%27%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_page_count%28%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_max_page_count%28%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_page_size%28%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_schema_version%28%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_table_info%28%27complex_foreign_keys%27%29 * https://latest.datasette.io/fixtures?sql=select+*+from+pragma_table_xinfo%28%27complex_foreign_keys%27%29 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 | |
https://github.com/simonw/datasette/issues/761#issuecomment-624774928 | https://api.github.com/repos/simonw/datasette/issues/761 | 624774928 | MDEyOklzc3VlQ29tbWVudDYyNDc3NDkyOA== | 9599 | 2020-05-06T17:11:15Z | 2020-05-06T17:11:15Z | OWNER | For the moment I'll allow-list the following: * `pragma_database_list` * `pragma_foreign_key_list` * `pragma_function_list` * `pragma_index_info` * `pragma_index_list` * `pragma_index_xinfo` * `pragma_page_count` * `pragma_max_page_count` * `pragma_page_size` * `pragma_schema_version` * `pragma_table_info` * `pragma_table_xinfo` | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 | |
https://github.com/simonw/datasette/issues/761#issuecomment-624766424 | https://api.github.com/repos/simonw/datasette/issues/761 | 624766424 | MDEyOklzc3VlQ29tbWVudDYyNDc2NjQyNA== | 9599 | 2020-05-06T16:54:38Z | 2020-05-06T17:01:02Z | OWNER | I could allow-list some other useful `pragma_x` tables too. SQLite calls these "pragma functions" - documented here: https://www.sqlite.org/pragma.html#pragfunc They sound safe: > Table-valued functions exist only for PRAGMAs that return results and that have no side-effects. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 | |
https://github.com/simonw/datasette/issues/761#issuecomment-624768744 | https://api.github.com/repos/simonw/datasette/issues/761 | 624768744 | MDEyOklzc3VlQ29tbWVudDYyNDc2ODc0NA== | 9599 | 2020-05-06T16:59:01Z | 2020-05-06T16:59:01Z | OWNER | Maybe use a negative lookahead assertion? https://docs.python.org/3/library/re.html#index-20 > `(?!...)` > > Matches if `...` doesn’t match next. This is a negative lookahead assertion. For example, `Isaac (?!Asimov)` will match 'Isaac ' only if it’s not followed by 'Asimov'. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 | |
https://github.com/simonw/datasette/issues/761#issuecomment-624767466 | https://api.github.com/repos/simonw/datasette/issues/761 | 624767466 | MDEyOklzc3VlQ29tbWVudDYyNDc2NzQ2Ng== | 9599 | 2020-05-06T16:56:40Z | 2020-05-06T16:57:03Z | OWNER | The rationale for blocking `pragma` entirely from statements is that it can be used to change the state of the SQLite database, e.g. from https://www.sqlite.org/pragma.html : ``` PRAGMA schema.application_id; PRAGMA schema.application_id = integer ; ``` That second line is unsafe. I don't think it's possible to use the `pragma_table_x` variants to make writes in this way. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
613467382 |