sqlite3.Connection.enable_load_extension enables loading third party shared libraries. Should there be an audit event for this?
If Python is configured with
--enable-loadable-sqlite-extensions, it is possible to load third party SQLite extensions (shared libraries/DLL’s) via the
sqlite3 extension module. This is probably not a very much used feature, as it is disabled by default. When enabled, the
sqlite3.Connection.enable_load_extension() class method will enable the loading of third party extensions via SQL queries, using the SQL function load_extension(). (It also enables loading extension via C, using the
sqlite3.Connection.load_extension() class method.) Quoting from the SQLite docs:
" It is recommended that extension loading be enabled using the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method rather than this interface, so the load_extension() SQL function remains disabled. This will prevent SQL injections from giving attackers access to extension loading capabilities."
SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION is an SQLite option that must be set before opening a database connection. Using this option, one can choose to only enable loading extensions via the C API, and to keep the SQL function disabled.
I know that PEP 578 don’t try to sandbox Python, but I still think it would be nice to add an audit hook for the