feat: Reduce duckdb extensions and filesystem access (#179)

* feat: Lock down duckdb to limit filesystem access

* chore(py): Make py-format

Author: gadenbuie

pkg-py/docs/_examples/multiple-datasets.py

@@ -15,15 +15,19 @@
         qc_penguins.ui()
 
 with ui.nav_panel("Titanic"):
+
     @render.data_frame
     def titanic_table():
         return qc_titanic.df()
 
+
 with ui.nav_panel("Penguins"):
+
     @render.data_frame
     def penguins_table():
         return qc_penguins.df()
 
+
 ui.page_opts(
     id="navbar",
     title="Multiple Datasets with querychat",

pkg-py/docs/_examples/titanic-dashboard.py

@@ -32,6 +32,7 @@ def fare():
             avg = qc.df()["fare"].mean()
             return f"${avg:.2f}"
 
+
 with ui.layout_columns():
     with ui.card():
         with ui.card_header():
@@ -59,6 +60,7 @@ def survival_by_class():
                 labels={"pclass": "Class", "survived": "Survival Rate"},
             )
 
+
 with ui.layout_columns():
     with ui.card():
         ui.card_header("Age Distribution")
@@ -76,6 +78,7 @@ def fare_by_class():
             df = qc.df()
             return px.box(df, x="pclass", y="fare", color="survived")
 
+
 ui.page_opts(
     title="Titanic Survival Analysis",
     fillable=True,

pkg-py/src/querychat/_datasource.py

@@ -115,11 +115,26 @@ def __init__(self, df: IntoFrame, table_name: str):
             Name of the table in SQL queries
 
         """
-        self._conn = duckdb.connect(database=":memory:")
         self._df = nw.from_native(df)
         self.table_name = table_name
-        # TODO(@gadenbuie): If the data frame is already SQL-backed, maybe we shouldn't be making a new copy here.
+
+        self._conn = duckdb.connect(database=":memory:")
+        # TODO(@gadenbuie): What if the data frame is already SQL-backed?
         self._conn.register(table_name, self._df.lazy().collect().to_pandas())
+        self._conn.execute("""
+-- extensions: lock down supply chain + auto behaviors
+SET allow_community_extensions = false;
+SET allow_unsigned_extensions = false;
+SET autoinstall_known_extensions = false;
+SET autoload_known_extensions = false;
+
+-- external I/O: block file/database/network access from SQL
+SET enable_external_access = false;
+SET disabled_filesystems = 'LocalFileSystem';
+
+-- freeze configuration so user SQL can't relax anything
+SET lock_configuration = true;
+        """)
 
     def get_db_type(self) -> str:
         """

pkg-r/R/DataSource.R

@@ -163,13 +163,33 @@ DataFrameSource <- R6::R6Class(
       # Create in-memory connection and register the data frame
       if (engine == "duckdb") {
         check_installed("duckdb")
+
         private$conn <- DBI::dbConnect(duckdb::duckdb(), dbdir = ":memory:")
+
         duckdb::duckdb_register(
           private$conn,
           table_name,
           df,
           experimental = FALSE
         )
+
+        DBI::dbExecute(
+          private$conn,
+          r"(
+-- extensions: lock down supply chain + auto behaviors
+SET allow_community_extensions = false;
+SET allow_unsigned_extensions = false;
+SET autoinstall_known_extensions = false;
+SET autoload_known_extensions = false;
+
+-- external I/O: block file/database/network access from SQL
+SET enable_external_access = false;
+SET disabled_filesystems = 'LocalFileSystem';
+
+-- freeze configuration so user SQL can't relax anything
+SET lock_configuration = true;
+        )"
+        )
       } else if (engine == "sqlite") {
         check_installed("RSQLite")
         private$conn <- DBI::dbConnect(RSQLite::SQLite(), ":memory:")