[issue45243] [sqlite3] add support for changing connection limits

2021-11-13 Thread Erlend E. Aasland 


Change by Erlend E. Aasland :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-11-05 Thread Serhiy Storchaka 


Serhiy Storchaka  added the comment:


New changeset 3d42cd9461e60c7427f3793f640cd975fbd99289 by Erlend Egeberg 
Aasland in branch 'main':
bpo-45243: Use connection limits to simplify `sqlite3` tests (GH-29356)
https://github.com/python/cpython/commit/3d42cd9461e60c7427f3793f640cd975fbd99289


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-11-02 Thread Erlend E. Aasland 


Erlend E. Aasland  added the comment:

Steve, do you think it is worth it adding an audit hook for setting connection 
limits?

Most of the limits are harmless, but limits that control recursion are more 
interesting.

SQLITE_LIMIT_EXPR_DEPTH:

Maximum Depth Of An Expression Tree

SQLite parses expressions into a tree for processing. During code
generation, SQLite walks this tree recursively. The depth of expression
trees is therefore limited in order to avoid using too much stack space.
[...] If the value is 0, then no limit is enforced.

SQLITE_LIMIT_TRIGGER_DEPTH:

Maximum Depth Of Trigger Recursion

SQLite limits the depth of recursion of triggers in order to prevent a
statement involving recursive triggers from using an unbounded amount of
memory.

Note also, how the SQLite docs talk about SQLITE_LIMIT_LENGTH:

Maximum length of a string or BLOB

[...] In security-sensitive applications it is best not to try to increase
the maximum string and blob length. In fact, you might do well to lower
the maximum string and blob length to something more in the range of a few
million if that is possible.

--
nosy: +steve.dower

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-11-01 Thread Erlend E. Aasland 


Change by Erlend E. Aasland :


--
pull_requests: +27616
pull_request: https://github.com/python/cpython/pull/29356

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-11-01 Thread Pablo Galindo Salgado 


Pablo Galindo Salgado  added the comment:


New changeset b6b38a82267ff70d2abaf2a8371327268887c97d by Erlend Egeberg 
Aasland in branch 'main':
bpo-45243: Add support for setting/getting `sqlite3` connection limits 
(GH-28463)
https://github.com/python/cpython/commit/b6b38a82267ff70d2abaf2a8371327268887c97d


--
nosy: +pablogsal

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-10-07 Thread Erlend E. Aasland 


Change by Erlend E. Aasland :


--
pull_requests: +27123
pull_request: https://github.com/python/cpython/pull/28790

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-09-19 Thread Erlend E. Aasland 


Change by Erlend E. Aasland :


--
keywords: +patch
pull_requests: +26864
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/28463

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-09-19 Thread Erlend E. Aasland 


Erlend E. Aasland  added the comment:

Christian, how about adding an audit event for something like 
sqlite3.Connection.setlimit()? My initial thought is: yes.

--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45243] [sqlite3] add support for changing connection limits

2021-09-19 Thread Erlend E. Aasland 


New submission from Erlend E. Aasland :

I propose to add wrappers for the SQLite sqlite3_limit() C API. Using this API, 
it is possible to query and set limits on a connection basis. This will make it 
easier (and faster) to test various corner cases in the test suite without 
relying on test.support.bigmemtest.


Quoting from the SQLite sqlite3_limit() docs:

  Run-time limits are intended for use in applications that manage both their
  own internal database and also databases that are controlled by untrusted
  external sources. An example application might be a web browser that has its
  own databases for storing history and separate databases controlled by
  JavaScript applications downloaded off the Internet. The internal databases
  can be given the large, default limits. Databases managed by external
  sources can be given much smaller limits designed to prevent a denial of
  service attack.


See also:
  - https://sqlite.org/c3ref/limit.html
  - https://sqlite.org/c3ref/c_limit_attached.html
  - https://sqlite.org/limits.html


Limit categories (C from SQLite docs)
---

SQLITE_LIMIT_LENGTH
The maximum size of any string or BLOB or table row, in bytes.

SQLITE_LIMIT_SQL_LENGTH
The maximum length of an SQL statement, in bytes.

SQLITE_LIMIT_COLUMN
The maximum number of columns in a table definition or in the result set of a 
SELECT or the maximum number of columns in an index or in an ORDER BY or GROUP 
BY clause.

SQLITE_LIMIT_EXPR_DEPTH
The maximum depth of the parse tree on any expression.

SQLITE_LIMIT_COMPOUND_SELECT
The maximum number of terms in a compound SELECT statement.

SQLITE_LIMIT_VDBE_OP
The maximum number of instructions in a virtual machine program used to 
implement an SQL statement. If sqlite3_prepare_v2() or the equivalent tries to 
allocate space for more than this many opcodes in a single prepared statement, 
an SQLITE_NOMEM error is returned.

SQLITE_LIMIT_FUNCTION_ARG
The maximum number of arguments on a function.

SQLITE_LIMIT_ATTACHED
The maximum number of attached databases.

SQLITE_LIMIT_LIKE_PATTERN_LENGTH
The maximum length of the pattern argument to the LIKE or GLOB operators.

SQLITE_LIMIT_VARIABLE_NUMBER
The maximum index number of any parameter in an SQL statement.

SQLITE_LIMIT_TRIGGER_DEPTH
The maximum depth of recursion for triggers.

SQLITE_LIMIT_WORKER_THREADS
The maximum number of auxiliary worker threads that a single prepared statement 
may start.

--
assignee: erlendaasland
components: Extension Modules
messages: 402176
nosy: berker.peksag, erlendaasland, serhiy.storchaka
priority: low
severity: normal
status: open
title: [sqlite3] add support for changing connection limits
type: enhancement

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com