websql: Update and simplify SQLite authorizer.

The authorizer now explicitly denies SAVEPOINT statements and recursive
queries. This behavior was implicit before this CL, because the action
codes were not handled, and the (correct) default is to deny any unknown
action.

The authorizer now always denies ATTACH and DETACH statements. Before
this CL, these statements were allowed when security checks were
disabled. However, security checks are only disabled to execute
WebSQL-internal statements, and our implementation does not rely on
attaching and detaching databases. The statements are very dangerous,
so this CL denies them at all times.

Change-Id: I4d1df92888670dcb5ceb7afa63767d1d4c7a741b
Reviewed-on: https://chromium-review.googlesource.com/c/1342858
Commit-Queue: Victor Costan <pwnall@chromium.org>
Reviewed-by: Joshua Bell <jsbell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609757}

third_party/blink/renderer/modules/webdatabase/database_authorizer.cc

@@ -319,14 +319,6 @@ int DatabaseAuthorizer::AllowPragma(const String&, const String&) {
   return security_enabled_ ? kSQLAuthDeny : kSQLAuthAllow;
 }
 
-int DatabaseAuthorizer::AllowAttach(const String&) {
-  return security_enabled_ ? kSQLAuthDeny : kSQLAuthAllow;
-}
-
-int DatabaseAuthorizer::AllowDetach(const String&) {
-  return security_enabled_ ? kSQLAuthDeny : kSQLAuthAllow;
-}
-
 int DatabaseAuthorizer::AllowFunction(const String& function_name) {
   if (security_enabled_ && !WhitelistedFunctions().Contains(function_name))
     return kSQLAuthDeny;

third_party/blink/renderer/modules/webdatabase/database_authorizer.h

@@ -89,9 +89,6 @@ class DatabaseAuthorizer
   int AllowFunction(const String& function_name);
   int AllowPragma(const String& pragma_name, const String& first_argument);
 
-  int AllowAttach(const String& filename);
-  int AllowDetach(const String& database_name);
-
   void Disable();
   void Enable();
   void SetPermissions(int permissions);

third_party/blink/renderer/modules/webdatabase/sqlite/sqlite_database.cc

@@ -311,14 +311,13 @@ int SQLiteDatabase::AuthorizerFunction(void* user_data,
     case SQLITE_UPDATE:
       return auth->AllowUpdate(parameter1, parameter2);
     case SQLITE_ATTACH:
-      return auth->AllowAttach(parameter1);
+      return kSQLAuthDeny;
     case SQLITE_DETACH:
-      return auth->AllowDetach(parameter1);
+      return kSQLAuthDeny;
     case SQLITE_ALTER_TABLE:
       return auth->AllowAlterTable(parameter1, parameter2);
     case SQLITE_REINDEX:
       return auth->AllowReindex(parameter1);
-#if SQLITE_VERSION_NUMBER >= 3003013
     case SQLITE_ANALYZE:
       return auth->AllowAnalyze(parameter1);
     case SQLITE_CREATE_VTABLE:
@@ -327,11 +326,13 @@ int SQLiteDatabase::AuthorizerFunction(void* user_data,
       return auth->DropVTable(parameter1, parameter2);
     case SQLITE_FUNCTION:
       return auth->AllowFunction(parameter2);
-#endif
-    default:
-      NOTREACHED();
+    case SQLITE_SAVEPOINT:
+      return kSQLAuthDeny;
+    case SQLITE_RECURSIVE:
       return kSQLAuthDeny;
   }
+  NOTREACHED();
+  return kSQLAuthDeny;
 }
 
 void SQLiteDatabase::SetAuthorizer(DatabaseAuthorizer* auth) {