Security Advisories (9)

CVE-2020-14393 (2020-09-16)

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-14392 (2020-06-17)

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

CVE-2019-20919 (2020-09-17)

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CPANSA-DBI-2014-01 (2014-10-15)

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

CVE-2005-0077 (2005-05-02)

Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

https://metacpan.org/changes/distribution/DBI

CVE-2014-10402 (2020-09-16)

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

CVE-2014-10401 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVE-2013-7491 (2020-09-11)

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.

CVE-2013-7490 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

NAME

DBI::Shell - Interactive command shell for the DBI

SYNOPSIS

perl -MDBI::Shell -e shell [<DBI data source> [<user> [<password>]]]

dbish [<DBI data source> [<user> [<password>]]]

DESCRIPTION

The DBI::Shell module (and dbish command, if installed) provide a simple but effective command line interface for the Perl DBI module.

DBI::Shell is very new, very experimental and very subject to change. Your milage will vary. Interfaces will change with each release.

TO DO

Proper docs - but not yet, too much is changing.

"/source file" command to read command file. Allow to nest via stack of command file handles. Add command log facility to create batch files.

Commands: load (query?) from file save (query?) to file

Use Data::ShowTable if available.

Define DBI::Shell plug-in semantics. Implement import/export as plug-in module

Clarify meaning of batch mode

Completion hooks

Set/Get DBI handle attributes

Portability

Emulate popular command shell modes (Oracle, Ingres etc)?

COMMANDS

Many commands - few documented, yet!

help

/help

chistory

/chistory          (display history of all commands entered)
/chistory | YourPager (display history with paging)

clear

/clear             (Clears the current command buffer)

commit

/commit            (commit changes to the database)

connect

/connect           (pick from available drivers and sources)
/connect dbi:Oracle (pick source from based on driver)
/connect dbi:YourDriver:YourSource i.e. dbi:Oracle:mysid

Use this option to change userid or password.

current

/current            (Display current statement in the buffer)

do

  /do                 (execute the current (non-select) statement)

	dbish> create table foo ( mykey integer )
	dbish> /do

	dbish> truncate table OldTable /do (Oracle truncate)

drivers

/drivers            (Display available DBI drivers)

edit

/edit               (Edit current statement in an external editor)

Editor is defined using the enviroment variable $VISUAL or $EDITOR or default is vi. Use /option editor=new editor to change in the current session.

To read a file from the operating system invoke the editor (/edit) and read the file into the editor buffer.

exit

/exit              (Exits the shell)

get

/get               (Retrieve a previous command to the current buffer)

go

/go                (Execute the current statement)

Run (execute) the statement in the current buffer. This is the default action if the statement ends with /

dbish> select * from user_views/

dbish> select table_name from user_tables
dbish> where table_name like 'DSP%'
dbish> /

dbish> select table_name from all_tables/ | more

history

/history            (Display combined command and result history)
/history | more

option

/option [option1[=value]] [option2 ...]
/option            (Displays the current options)
/option   MyOption (Displays the value, if exists, of MyOption)
/option   MyOption=4 (defines and/or sets value for MyOption)

perl

/perl               (Evaluate the current statement as perl code)

quit

/quit               (Leaves shell.  Same as exit)

redo

/redo               (Re-execute the previously executed statement)

rhistory

/rhistory           (Display result history)

rollback

/rollback           (rollback changes to the database)

For this to be useful, turn the autocommit off. /option autocommit=0

table_info

/table_info         (display all tables that exist in current database)
/table_info | more  (for paging)

trace

/trace              (set DBI trace level for current database)

Adjust the trace level for DBI 0 - 4. 0 off. 4 is lots of information. Useful for determining what is really happening in DBI. See DBI.

type_info

/type_info          (display data types supported by current server)

AUTHORS and ACKNOWLEDGEMENTS

The DBI::Shell has a long lineage.

It started life around 1994-1997 as the pmsql script written by Andreas König. Jochen Wiedmann picked it up and ran with it (adding much along the way) as dbimon, bundled with his DBD::mSQL driver modules. In 1998, around the time I wanted to bundle a shell with the DBI, Adam Marks was working on a dbish modeled after the Sybase sqsh utility.

Wanting to start from a cleaner slate than the feature-full but complex dbimon, I worked with Adam to create a fairly open modular and very configurable DBI::Shell module. Along the way Tom Lowery chipped in ideas and patches. As we go further along more useful code and concepts from Jochen's dbimon is bound to find it's way back in.

COPYRIGHT

You may distribute under the terms of either the GNU General Public License or the Artistic License, as specified in the Perl README file.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 1179:: Non-ASCII character seen before =encoding in 'König.'. Assuming CP1252

To install DBI, copy and paste the appropriate command in to your terminal.

cpanm

cpanm DBI

CPAN shell

perl -MCPAN -e shell
install DBI

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)