plugin: Allow json_object and json_group_array functions in sql plugin
Changelog-Added: Plugins: `sql` also supports functions `json_object(key1, value1, ...)` to construct JSON objects and `json_group_array(value)` to aggregate rows into JSON array.
Security Considerations
- No new SQL injection risks: Functions only process explicitly provided column values (no arbitrary string parsing).
- Explicit column requirements: Wildcards (*) are not supported, all fields must be named (e.g., json_object('peer_id', id)).
- Permission-bound data access: Functions adhere to the same table/row permissions as the underlying query.
Performance Impact
- Optimized native execution: Leverages SQLite’s built-in JSON1 extension (when available) for efficiency.
- Moderate CPU overhead: Complex nesting may impact performance on large datasets but still faster than application-layer JSON conversion.
This commit is contained in:
ShahanaFarooqui
committed by
Rusty Russell
Rusty Russell
parent
b3774d4d6f
commit
d5c73185aa
@@ -352,6 +352,10 @@ static int sqlite_authorize(void *dbq_, int code,
|
||||
return SQLITE_OK;
|
||||
if (streq(b, "unixepoch"))
|
||||
return SQLITE_OK;
|
||||
if (streq(b, "json_object"))
|
||||
return SQLITE_OK;
|
||||
if (streq(b, "json_group_array"))
|
||||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
/* See https://www.sqlite.org/c3ref/c_alter_table.html to decode these! */
|
||||
|
||||
Reference in New Issue
Block a user