summaryrefslogtreecommitdiff
path: root/static/netbsd/man3/SQLITE_DETERMINISTIC.3
diff options
context:
space:
mode:
Diffstat (limited to 'static/netbsd/man3/SQLITE_DETERMINISTIC.3')
-rw-r--r--static/netbsd/man3/SQLITE_DETERMINISTIC.3129
1 files changed, 129 insertions, 0 deletions
diff --git a/static/netbsd/man3/SQLITE_DETERMINISTIC.3 b/static/netbsd/man3/SQLITE_DETERMINISTIC.3
new file mode 100644
index 00000000..625aaef2
--- /dev/null
+++ b/static/netbsd/man3/SQLITE_DETERMINISTIC.3
@@ -0,0 +1,129 @@
+.Dd January 24, 2024
+.Dt SQLITE_DETERMINISTIC 3
+.Os
+.Sh NAME
+.Nm SQLITE_DETERMINISTIC ,
+.Nm SQLITE_DIRECTONLY ,
+.Nm SQLITE_SUBTYPE ,
+.Nm SQLITE_INNOCUOUS ,
+.Nm SQLITE_RESULT_SUBTYPE
+.Nd function flags
+.Sh SYNOPSIS
+.In sqlite3.h
+.Fd #define SQLITE_DETERMINISTIC
+.Fd #define SQLITE_DIRECTONLY
+.Fd #define SQLITE_SUBTYPE
+.Fd #define SQLITE_INNOCUOUS
+.Fd #define SQLITE_RESULT_SUBTYPE
+.Sh DESCRIPTION
+These constants may be ORed together with the preferred text encoding
+as the fourth argument to
+.Fn sqlite3_create_function ,
+.Fn sqlite3_create_function16 ,
+or
+.Fn sqlite3_create_function_v2 .
+.Bl -tag -width Ds
+.It SQLITE_DETERMINISTIC
+The SQLITE_DETERMINISTIC flag means that the new function always gives
+the same output when the input parameters are the same.
+The abs() function is deterministic, for example, but
+randomblob() is not.
+Functions must be deterministic in order to be used in certain contexts
+such as with the WHERE clause of partial indexes or
+in generated columns.
+SQLite might also optimize deterministic functions by factoring them
+out of inner loops.
+.It SQLITE_DIRECTONLY
+The SQLITE_DIRECTONLY flag means that the function may only be invoked
+from top-level SQL, and cannot be used in VIEWs or TRIGGERs nor in
+schema structures such as CHECK constraints, DEFAULT clauses,
+expression indexes, partial indexes,
+or generated columns.
+.Pp
+The SQLITE_DIRECTONLY flag is recommended for any application-defined SQL function
+that has side-effects or that could potentially leak sensitive information.
+This will prevent attacks in which an application is tricked into using
+a database file that has had its schema surreptitiously modified to
+invoke the application-defined function in ways that are harmful.
+.Pp
+Some people say it is good practice to set SQLITE_DIRECTONLY on all
+application-defined SQL functions,
+regardless of whether or not they are security sensitive, as doing
+so prevents those functions from being used inside of the database
+schema, and thus ensures that the database can be inspected and modified
+using generic tools (such as the CLI) that do not have access to
+the application-defined functions.
+.It SQLITE_INNOCUOUS
+The SQLITE_INNOCUOUS flag means that the function is unlikely to cause
+problems even if misused.
+An innocuous function should have no side effects and should not depend
+on any values other than its input parameters.
+The abs() function is an example of an innocuous function.
+The load_extension() SQL function is not
+innocuous because of its side effects.
+.Pp
+SQLITE_INNOCUOUS is similar to SQLITE_DETERMINISTIC, but is not exactly
+the same.
+The random() function is an example of a function
+that is innocuous but not deterministic.
+.Pp
+Some heightened security settings (SQLITE_DBCONFIG_TRUSTED_SCHEMA
+and PRAGMA trusted_schema=OFF) disable the
+use of SQL functions inside views and triggers and in schema structures
+such as CHECK constraints, DEFAULT clauses,
+expression indexes, partial indexes,
+and generated columns unless the function is tagged
+with SQLITE_INNOCUOUS.
+Most built-in functions are innocuous.
+Developers are advised to avoid using the SQLITE_INNOCUOUS flag for
+application-defined functions unless the function has been carefully
+audited and found to be free of potentially security-adverse side-effects
+and information-leaks.
+.It SQLITE_SUBTYPE
+The SQLITE_SUBTYPE flag indicates to SQLite that a function might call
+.Fn sqlite3_value_subtype
+to inspect the sub-types of its arguments.
+This flag instructs SQLite to omit some corner-case optimizations that
+might disrupt the operation of the
+.Fn sqlite3_value_subtype
+function, causing it to return zero rather than the correct subtype().
+SQL functions that invokes
+.Fn sqlite3_value_subtype
+should have this property.
+If the SQLITE_SUBTYPE property is omitted, then the return value from
+.Fn sqlite3_value_subtype
+might sometimes be zero even though a non-zero subtype was specified
+by the function argument expression.
+.It SQLITE_RESULT_SUBTYPE
+The SQLITE_RESULT_SUBTYPE flag indicates to SQLite that a function
+might call
+.Fn sqlite3_result_subtype
+to cause a sub-type to be associated with its result.
+Every function that invokes
+.Fn sqlite3_result_subtype
+should have this property.
+If it does not, then the call to
+.Fn sqlite3_result_subtype
+might become a no-op if the function is used as term in an expression index.
+On the other hand, SQL functions that never invoke
+.Fn sqlite3_result_subtype
+should avoid setting this property, as the purpose of this property
+is to disable certain optimizations that are incompatible with subtypes.
+.El
+.Pp
+.Sh IMPLEMENTATION NOTES
+These declarations were extracted from the
+interface documentation at line 5513.
+.Bd -literal
+#define SQLITE_DETERMINISTIC 0x000000800
+#define SQLITE_DIRECTONLY 0x000080000
+#define SQLITE_SUBTYPE 0x000100000
+#define SQLITE_INNOCUOUS 0x000200000
+#define SQLITE_RESULT_SUBTYPE 0x001000000
+.Ed
+.Sh SEE ALSO
+.Xr sqlite3_create_function 3 ,
+.Xr sqlite3_result_subtype 3 ,
+.Xr sqlite3_value_subtype 3 ,
+.Xr SQLITE_DBCONFIG_MAINDBNAME 3 ,
+.Xr SQLITE_UTF8 3
generated by cgit v1.2.3 (git 2.46.0) at 2026-05-15 14:27:47 +0000