From 6bbfb65f7cd83d1987ece2984c87be3781039a37 Mon Sep 17 00:00:00 2001
From: Jan Steemann <jan@arangodb.com>
Date: Thu, 12 Sep 2013 11:13:47 +0200
Subject: [PATCH] prevent usage of db._useDatabase() in HTTP requests

---
 arangod/RestServer/ArangoServer.cpp | 2 +-
 arangod/V8Server/ApplicationV8.cpp  | 4 +++-
 arangod/V8Server/ApplicationV8.h    | 7 ++++---
 arangod/V8Server/v8-actions.cpp     | 2 +-
 arangod/V8Server/v8-vocbase.cpp     | 7 ++++++-
 lib/V8/v8-globals.cpp               | 3 ++-
 lib/V8/v8-globals.h                 | 6 ++++++
 7 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/arangod/RestServer/ArangoServer.cpp b/arangod/RestServer/ArangoServer.cpp
index 06522605c4..61d59e3bfa 100644
--- a/arangod/RestServer/ArangoServer.cpp
+++ b/arangod/RestServer/ArangoServer.cpp
@@ -788,7 +788,7 @@ int ArangoServer::executeConsole (OperationMode::server_operation_mode_e mode) {
   _applicationV8->start();
 
   // enter V8 context
-  ApplicationV8::V8Context* context = _applicationV8->enterContext(vocbase, true);
+  ApplicationV8::V8Context* context = _applicationV8->enterContext(vocbase, true, true);
 
   // .............................................................................
   // execute everything with a global scope
diff --git a/arangod/V8Server/ApplicationV8.cpp b/arangod/V8Server/ApplicationV8.cpp
index 5a0ed6b4cf..6ede608578 100644
--- a/arangod/V8Server/ApplicationV8.cpp
+++ b/arangod/V8Server/ApplicationV8.cpp
@@ -263,7 +263,8 @@ void ApplicationV8::skipUpgrade () {
 ////////////////////////////////////////////////////////////////////////////////
 
 ApplicationV8::V8Context* ApplicationV8::enterContext (TRI_vocbase_s* vocbase, 
-                                                       bool initialise) {
+                                                       bool initialise,
+                                                       bool allowUseDatabase) {
   CONDITION_LOCKER(guard, _contextCondition);
 
   while (_freeContexts.empty() && ! _stopping) {
@@ -307,6 +308,7 @@ ApplicationV8::V8Context* ApplicationV8::enterContext (TRI_vocbase_s* vocbase,
   v8::HandleScope scope;
   TRI_v8_global_t* v8g = (TRI_v8_global_t*) v8::Isolate::GetCurrent()->GetData();  
   v8g->_vocbase = vocbase;
+  v8g->_allowUseDatabase = allowUseDatabase;
   
   return context;
 }
diff --git a/arangod/V8Server/ApplicationV8.h b/arangod/V8Server/ApplicationV8.h
index 87cfb50370..07ffbbdd54 100644
--- a/arangod/V8Server/ApplicationV8.h
+++ b/arangod/V8Server/ApplicationV8.h
@@ -223,8 +223,9 @@ namespace triagens {
 /// @brief enters an context
 ////////////////////////////////////////////////////////////////////////////////
 
-        V8Context* enterContext (TRI_vocbase_s* vocbase, 
-                                 bool initialise);
+        V8Context* enterContext (TRI_vocbase_s*, 
+                                 bool,
+                                 bool);
 
 ////////////////////////////////////////////////////////////////////////////////
 /// @brief exists an context
@@ -236,7 +237,7 @@ namespace triagens {
 /// @brief adds a global context functions to be executed asap
 ////////////////////////////////////////////////////////////////////////////////
 
-        void addGlobalContextMethod (string const& method);
+        void addGlobalContextMethod (string const&);
 
 ////////////////////////////////////////////////////////////////////////////////
 /// @brief runs the garbage collection
diff --git a/arangod/V8Server/v8-actions.cpp b/arangod/V8Server/v8-actions.cpp
index 6a30f6694b..f6428d54be 100644
--- a/arangod/V8Server/v8-actions.cpp
+++ b/arangod/V8Server/v8-actions.cpp
@@ -126,7 +126,7 @@ class v8_action_t : public TRI_action_t {
 ////////////////////////////////////////////////////////////////////////////////
 
     HttpResponse* execute (TRI_vocbase_t* vocbase, HttpRequest* request) {
-      ApplicationV8::V8Context* context = GlobalV8Dealer->enterContext(vocbase, false);
+      ApplicationV8::V8Context* context = GlobalV8Dealer->enterContext(vocbase, false, false);
 
       // note: the context might be 0 in case of shut-down
       if (context == 0) {
diff --git a/arangod/V8Server/v8-vocbase.cpp b/arangod/V8Server/v8-vocbase.cpp
index d75480e774..aa7298de8b 100644
--- a/arangod/V8Server/v8-vocbase.cpp
+++ b/arangod/V8Server/v8-vocbase.cpp
@@ -7701,8 +7701,13 @@ static v8::Handle<v8::Value> JS_UseDatabase (v8::Arguments const& argv) {
     TRI_V8_EXCEPTION_USAGE(scope, "db._useDatabase(<name>)");
   }
 
-  const string name = TRI_ObjectToString(argv[0]);
   TRI_v8_global_t* v8g = (TRI_v8_global_t*) v8::Isolate::GetCurrent()->GetData();  
+
+  if (! v8g->_allowUseDatabase) {
+    TRI_V8_EXCEPTION(scope, TRI_ERROR_FORBIDDEN);
+  }
+
+  const string name = TRI_ObjectToString(argv[0]);
  
   TRI_vocbase_t* vocbase = TRI_UseDatabaseServer((TRI_server_t*) v8g->_server, name.c_str());  
 
diff --git a/lib/V8/v8-globals.cpp b/lib/V8/v8-globals.cpp
index 9ea58fc31c..b1721e5bb8 100644
--- a/lib/V8/v8-globals.cpp
+++ b/lib/V8/v8-globals.cpp
@@ -111,7 +111,8 @@ TRI_v8_global_s::TRI_v8_global_s (v8::Isolate* isolate)
     _currentTransaction(0),
     _server(0),
     _vocbase(0),
-    _loader(0) 
+    _loader(0),
+    _allowUseDatabase(true) 
 {
   v8::HandleScope scope;
 
diff --git a/lib/V8/v8-globals.h b/lib/V8/v8-globals.h
index 4cf3c99a82..08e6d69e14 100644
--- a/lib/V8/v8-globals.h
+++ b/lib/V8/v8-globals.h
@@ -638,6 +638,12 @@ typedef struct TRI_v8_global_s {
 ////////////////////////////////////////////////////////////////////////////////
 
   void* _loader;
+
+////////////////////////////////////////////////////////////////////////////////
+/// @brief whether or not useDatabase() is allowed
+////////////////////////////////////////////////////////////////////////////////
+
+  bool _allowUseDatabase;
 }
 TRI_v8_global_t;