ksql

yet another SQLite wrapper

ksql is a lazy man's C/C++ wrapper for the SQLite API interface. It is written to make sure sloppy programming won't cause your SQLite database to be inconsistent (transactions and statements open on exit and certain signals). Specifically, it exits on any database errors; and upon exit (or signal), cleans up open statements, transactions, and databases. See ksql(3) and friends for details.

It also has some handy security features: a split-process model protecting the database from your application, full RBAC capabilities on the statement level, and immutable stored statements to prevent the application from crafting its own SQL.

The library runs on UNIX systems: OpenBSD, FreeBSD, Linux (musl and glibc), and Mac OS X. It benefits the most from OpenBSD systems using the pledge(2) security mechanism. It is a BSD.lv project.

Version 0.3.5 (2018-12-28)

Fix which functions are deprecated. The bind functions are not—the stmt functions (which return data without checking type) are. No functional change.

Sync with latest oconfigure and test compiling on Linux (musl, glibc), FreeBSD, and of course the origin system OpenBSD. No functional change.
Version 0.3.4 (2018-12-17)

Complete musl work, at least with musl-gcc on Debian. Finally mark unsafe functions as being deprecated.
Version 0.3.3 (2018-12-16)

Build compatibility with musl and sync with newest oconfigure. No code change beyond that.
Version 0.3.2 (2018-05-09)

Add the ksql_result_double(3) family of functions. These will replace the existing ksql_stmt_double(3) family with safe versions. Specifically, the functions return an error code (if not exiting with errors) that check for null values and columns outside of the result range.
Version 0.3.1 (2018-04-26)

Make sure that one cannot bind a parameter to an invalid index. These now cause the bind functions (see ksql_bind_double(3) and friends) to return KSQL_BINDPARAM.

API change: have ksql_trace(3) and ksql_untrace(3) return proper error codes.

Document pledge(2) promises in ksql(3).

A nice fix due to issues/7 as investigated by schwarze@: allow running without /dev/null at all. Yay!

The fixes in this release were implemented or suggested by Ingo Schwarze (schwarze@) in an audit generously funded by CAPEM Solutions, Inc. Thank you so much!
Version 0.3.0 (2018-03-21)

Minor release bump: this is because I've added a new field to struct ksqlrole to specify whether a role is allowed to run ksql_open(3). This plugs a hole of arbitrary roles being able to close out the database, then open another one.

Merge documentation and error-path patches by cornett—thank you!

The remaining fixes in this release were implemented or suggested by Ingo Schwarze (schwarze@) in an audit generously funded by CAPEM Solutions, Inc. Thank you so much!

Mention correct headers (erring on the side of caution) in documentation.

Have security issues (e.g., transition to a disallowed role) result in a log message directly to stderr and terminating the application. Earlier, there was no log message.

Fix up the ksql_lastid(3) function and manpage to handle boundary conditions and include an example.

API change: earlier, ksql_open(3) would close out existing databases before opening. Now it errors out, requiring the caller to close the database manually. Also, add a field to struct ksqlrole that inhibits a role's ability to open a database.

When binding blobs or text, the application now internally copies the buffer. This allows callers to discard the memory buffer immediately after binding it, without needing to wait until the statement is finalised.
Version 0.2.5 (2018-03-09)

Fix a memory leak in ksql_open(3) if the system spins on a failed opening of the database. Also fix a possible error when closing the database fails, then a log message follows that might re-invoke the closed database.

The fixes in this release were implemented or suggested by Ingo Schwarze (schwarze@) in an audit generously funded by CAPEM Solutions, Inc. Thank you so much!
Version 0.2.4 (2018-02-01)

Back out debugging code accidentally left in release version. No change to functionality except an error message on stderr.

Also use abort instead of assert for run-time failures in roles or statements.
Version 0.2.3 (2018-01-31)

Show atom feed. No functional change to any code or documentation.
Version 0.2.2 (2018-01-30)

Add full RBAC capability. (Still somewhat experimental…) See ksql_role(3) and ksql_cfg_defaults(3) for details.