Security Advisories (8)

CVE-2020-14393 (2020-09-16)

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-14392 (2020-06-17)

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

CVE-2019-20919 (2020-09-17)

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CPANSA-DBI-2014-01 (2014-10-15)

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

CVE-2014-10402 (2020-09-16)

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

CVE-2014-10401 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVE-2013-7491 (2020-09-11)

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.

CVE-2013-7490 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

NAME

DBD::File - Base class for writing DBI drivers

SYNOPSIS

This module is a base class for writing other DBDs.
It is not intended to function as a DBD itself.
If you want to access flatfiles, use DBD::AnyData, or DBD::CSV,
(both of which are subclasses of DBD::File).

DESCRIPTION

The DBD::File module is not a true DBI driver, but an abstract base class for deriving concrete DBI drivers from it. The implication is, that these drivers work with plain files, for example CSV files or INI files. The module is based on the SQL::Statement module, a simple SQL engine.

See DBI for details on DBI, SQL::Statement for details on SQL::Statement and DBD::CSV or DBD::IniFile for example drivers.

Metadata

The following attributes are handled by DBI itself and not by DBD::File, thus they all work like expected:

Active
ActiveKids
CachedKids
CompatMode             (Not used)
InactiveDestroy
Kids
PrintError
RaiseError
Warn                   (Not used)

The following DBI attributes are handled by DBD::File:

AutoCommit: Always on
ChopBlanks: Works
NUM_OF_FIELDS: Valid after $sth-execute>
NUM_OF_PARAMS: Valid after $sth-prepare>
NAME: Valid after $sth-execute>; undef for Non-Select statements.
NULLABLE: Not really working, always returns an array ref of one's, as DBD::CSV doesn't verify input data. Valid after $sth-execute>; undef for Non-Select statements.

These attributes and methods are not supported:

bind_param_inout
CursorName
LongReadLen
LongTruncOk

Additional to the DBI attributes, you can use the following dbh attribute:

f_dir: This attribute is used for setting the directory where CSV files are opened. Usually you set it in the dbh, it defaults to the current directory ("."). However, it is overwritable in the statement handles.

Driver private methods

data_sources

The data_sources method returns a list of subdirectories of the current directory in the form "DBI:CSV:f_dir=$dirname".

If you want to read the subdirectories of another directory, use

my($drh) = DBI->install_driver("CSV");
my(@list) = $drh->data_sources('f_dir' => '/usr/local/csv_data' );

list_tables

This method returns a list of file names inside $dbh->{'f_dir'}. Example:

my($dbh) = DBI->connect("DBI:CSV:f_dir=/usr/local/csv_data");
my(@list) = $dbh->func('list_tables');

Note that the list includes all files contained in the directory, even those that have non-valid table names, from the view of SQL.

KNOWN BUGS

The module is using flock() internally. However, this function is not available on all platforms. Using flock() is disabled on MacOS and Windows 95: There's no locking at all (perhaps not so important on MacOS and Windows 95, as there's a single user anyways).

AUTHOR AND COPYRIGHT

This module is currently maintained by

Jeff Zucker < jzucker @ cpan.org >

The original author is Jochen Wiedmann.

You may freely distribute and/or modify this module under the terms of either the GNU General Public License (GPL) or the Artistic License, as specified in the Perl README file.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)