◐ Shell
clean mode source ↗

sqlite: add limits property to DatabaseSync · nodejs/node@4c181e2

@@ -160,6 +160,23 @@ changes:

160160

language features that allow ordinary SQL to deliberately corrupt the database file are disabled.

161161

The defensive flag can also be set using `enableDefensive()`.

162162

**Default:** `true`.

163+

* `limits` {Object} Configuration for various SQLite limits. These limits

164+

can be used to prevent excessive resource consumption when handling

165+

potentially malicious input. See [Run-Time Limits][] and [Limit Constants][]

166+

in the SQLite documentation for details. Default values are determined by

167+

SQLite's compile-time defaults and may vary depending on how SQLite was

168+

built. The following properties are supported:

169+

* `length` {number} Maximum length of a string or BLOB.

170+

* `sqlLength` {number} Maximum length of an SQL statement.

171+

* `column` {number} Maximum number of columns.

172+

* `exprDepth` {number} Maximum depth of an expression tree.

173+

* `compoundSelect` {number} Maximum number of terms in a compound SELECT.

174+

* `vdbeOp` {number} Maximum number of VDBE instructions.

175+

* `functionArg` {number} Maximum number of function arguments.

176+

* `attach` {number} Maximum number of attached databases.

177+

* `likePatternLength` {number} Maximum length of a LIKE pattern.

178+

* `variableNumber` {number} Maximum number of SQL variables.

179+

* `triggerDepth` {number} Maximum trigger recursion depth.

163180164181

Constructs a new `DatabaseSync` instance.

165182

@@ -447,6 +464,36 @@ added:

447464

* Type: {boolean} Whether the database is currently within a transaction. This method

448465

is a wrapper around [`sqlite3_get_autocommit()`][].

449466467+

### `database.limits`

468+469+

<!-- YAML

470+

added: REPLACEME

471+

-->

472+473+

* Type: {Object}

474+475+

An object for getting and setting SQLite database limits at runtime.

476+

Each property corresponds to an SQLite limit and can be read or written.

477+478+

```js

479+

const db = new DatabaseSync(':memory:');

480+481+

// Read current limit

482+

console.log(db.limits.length);

483+484+

// Set a new limit

485+

db.limits.sqlLength = 100000;

486+487+

// Reset a limit to its compile-time maximum

488+

db.limits.sqlLength = Infinity;

489+

```

490+491+

Available properties: `length`, `sqlLength`, `column`, `exprDepth`,

492+

`compoundSelect`, `vdbeOp`, `functionArg`, `attach`, `likePatternLength`,

493+

`variableNumber`, `triggerDepth`.

494+495+

Setting a property to `Infinity` resets the limit to its compile-time maximum value.

496+450497

### `database.open()`

451498452499

<!-- YAML

@@ -1472,6 +1519,8 @@ callback function to indicate what type of operation is being authorized.

14721519

[Changesets and Patchsets]: https://www.sqlite.org/sessionintro.html#changesets_and_patchsets

14731520

[Constants Passed To The Conflict Handler]: https://www.sqlite.org/session/c_changeset_conflict.html

14741521

[Constants Returned From The Conflict Handler]: https://www.sqlite.org/session/c_changeset_abort.html

1522+

[Limit Constants]: https://www.sqlite.org/c3ref/c_limit_attached.html

1523+

[Run-Time Limits]: https://www.sqlite.org/c3ref/limit.html

14751524

[SQL injection]: https://en.wikipedia.org/wiki/SQL_injection

14761525

[Type conversion between JavaScript and SQLite]: #type-conversion-between-javascript-and-sqlite

14771526

[`ATTACH DATABASE`]: https://www.sqlite.org/lang_attach.html