WIP: withUndefinedBehavior block #371
Conversation
|
Let me know if v7.0.0 satisfies the needs of this PR, via the new unsafe mode. |
|
Wow, v7 looks amazing! I'll definitely play with the worker threads. I'm not sure if any of the use-cases that had been discussed actually require SQLITE_DBCONFIG_DEFENSIVE to be disabled? That might cross the border of what is sensible. I think all we need was to allow behavior that SQLIte3 considers undefined but I don't think that means you can corrupt the database. Unfortunately unsafeMode does not solve #338, which I believe is even allowed by SQLite3 and not even considered undefined behavior. What I had in mind with this PR was to disable the checks that better-sqlite3 puts in place that might not even be needed by SQLite3 itself. This is a stupid example, but you get the gist. I cannot execute queries inside user-defined functions even though everything is even read-only and cannot possibly cause damage. Sure currently better-sqlite3 currently catches things like endless recursions this way, but that's the kind of responsibility I'm willing to take when going into unsafeMode. const Database = require('better-sqlite3');
const db = new Database(':memory:');
db.function('f', () => {
db.exec('SELECT 1');
return 1;
});
db.unsafeMode(true);
db.exec('SELECT f()');
db.unsafeMode(false);
|
|
I'm writing a second comment since this a separate concern: have you considered also adding a |
|
@missinglink thanks for clarifying. Now I understand and I agree with your comment in #380. If it's something that can be done in SQLite3 at your own risk it should be possible with any client. But it's absolutely sensible that these things are disabled by default and it's amazing that unsafe mode can be enable incrementally, because even advanced users don't want to shoot themselves in the foot. |
|
I'll come back to this once my requirement comes up again |
Tests are not working yet, but I wanted to get this out to get some feedback. Especially about the
NODE_METHOD(JS_withUndefinedBehavior)block. This could be implement in JS as well, but I guess the assertions make sense in C++?I didn't go the "all or nothing" route. Only certain things are allowed inside the block.
@missinglink