feat(ext/node): support path-scoped FFI for SQLite extension loading

Previously, using `allowExtension: true` or calling `loadExtension()`
required unrestricted `--allow-ffi` permission. This made it impossible
to sandbox code that needs to load only specific, pre-approved SQLite
extensions.

This change allows scoped FFI permissions:
- `allowExtension: true` now requires partial FFI permission (any scope)
- `loadExtension(path)` requires FFI permission covering that specific path

Example: `--allow-ffi=/path/to/extension.so` now permits loading only
that extension, rather than granting unrestricted FFI access.

Note that this now universally disables the SQL `load_extension()` function,
whether or not FFI is globally enabled.

Fixes: #31426

Author: charles-dyfis-net

ext/node/ops/sqlite/database.rs

@@ -273,13 +273,22 @@ fn set_db_config(
   }
 }
 
+/// Opens a SQLite database connection with appropriate permission checks.
+///
+/// Performs file-system permission checks via `state`, configures ATTACH
+/// restrictions when the caller lacks full permissions for the path, and
+/// enables or disables extension loading based on `allow_extension`.
+///
+/// When `allow_extension` is `true`, partial FFI permission is required
+/// (any `--allow-ffi` scope suffices). The actual extension path is checked
+/// later when `load_extension` is called.
 fn open_db(
   state: &mut OpState,
   readonly: bool,
   location: &str,
   allow_extension: bool,
 ) -> Result<rusqlite::Connection, SqliteError> {
-  let perms = state.borrow::<PermissionsContainer>();
+  let perms = state.borrow_mut::<PermissionsContainer>();
   let disable_attach = perms
     .check_has_all_permissions(Path::new(location))
     .is_err();
@@ -296,7 +305,13 @@ fn open_db(
     }
 
     if allow_extension {
-      perms.check_ffi_all()?;
+      perms.check_ffi_partial_no_path()?;
+      // Enable C API only, not SQL function load_extension()
+      assert!(set_db_config(
+        &conn,
+        SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION,
+        true
+      ));
     } else {
       assert!(set_db_config(
         &conn,
@@ -334,7 +349,13 @@ fn open_db(
     }
 
     if allow_extension {
-      perms.check_ffi_all()?;
+      perms.check_ffi_partial_no_path()?;
+      // Enable C API only, not SQL function load_extension()
+      assert!(set_db_config(
+        &conn,
+        SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION,
+        true
+      ));
     } else {
       assert!(set_db_config(
         &conn,
@@ -349,7 +370,13 @@ fn open_db(
   let conn = rusqlite::Connection::open(location)?;
 
   if allow_extension {
-    perms.check_ffi_all()?;
+    perms.check_ffi_partial_no_path()?;
+    // Enable C API only, not SQL function load_extension()
+    assert!(set_db_config(
+      &conn,
+      SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION,
+      true
+    ));
   } else {
     assert!(set_db_config(
       &conn,
@@ -917,10 +944,11 @@ impl DatabaseSync {
     }
   }
 
-  // Loads a SQLite extension.
+  // Loads a SQLite extension from the specified path.
   //
-  // This is a wrapper around `sqlite3_load_extension`. It requires FFI permission
-  // to be granted and allowExtension must be set to true when opening the database.
+  // This is a wrapper around `sqlite3_load_extension`. It requires:
+  // - `allowExtension: true` when opening the database (which requires partial FFI permission)
+  // - FFI permission covering the extension path (e.g., `--allow-ffi=/path/to/extension.so`)
   fn load_extension(
     &self,
     state: &mut OpState,
@@ -939,7 +967,9 @@ impl DatabaseSync {
       ));
     }
 
-    state.borrow::<PermissionsContainer>().check_ffi_all()?;
+    state
+      .borrow_mut::<PermissionsContainer>()
+      .check_ffi_partial_with_path(Cow::Borrowed(Path::new(path)))?;
 
     // SAFETY: lifetime of the connection is guaranteed by reference counting.
     let raw_handle = unsafe { db.handle() };

tests/sqlite_extension_test/sqlite_extension_test.ts

@@ -86,3 +86,146 @@ Deno.test({
     db.close();
   },
 });
+
+// Tests for scoped FFI permissions (--allow-ffi=/path/to/extension)
+// These require subprocess spawning since Deno.test permissions don't support scoped FFI
+
+Deno.test({
+  name: "[node/sqlite] DatabaseSync with scoped FFI permission succeeds",
+  permissions: { read: true, run: true },
+  async fn() {
+    // Skip if extension not found
+    try {
+      Deno.statSync(extensionPath);
+    } catch {
+      return;
+    }
+
+    const code = `
+      import { DatabaseSync } from "node:sqlite";
+      const extensionPath = Deno.args[0];
+      const db = new DatabaseSync(":memory:", { allowExtension: true });
+      db.loadExtension(extensionPath);
+      const stmt = db.prepare("SELECT test_func('test') AS result");
+      const { result } = stmt.get();
+      if (result !== "test") throw new Error("Unexpected result: " + result);
+      db.close();
+      console.log("OK");
+    `;
+
+    const command = new Deno.Command(Deno.execPath(), {
+      args: [
+        "run",
+        `--allow-read=${extensionPath}`,
+        `--allow-ffi=${extensionPath}`,
+        "--no-lock",
+        "-",
+        extensionPath,
+      ],
+      stdin: "piped",
+      stdout: "piped",
+      stderr: "piped",
+    });
+
+    const child = command.spawn();
+    const writer = child.stdin.getWriter();
+    await writer.write(new TextEncoder().encode(code));
+    await writer.close();
+
+    const { code: exitCode, stdout, stderr } = await child.output();
+    const stdoutText = new TextDecoder().decode(stdout);
+    const stderrText = new TextDecoder().decode(stderr);
+
+    assertEquals(exitCode, 0, `Expected success but got: ${stderrText}`);
+    assertEquals(stdoutText.trim(), "OK");
+  },
+});
+
+Deno.test({
+  name:
+    "[node/sqlite] DatabaseSync loadExtension fails for path outside scoped FFI",
+  permissions: { read: true, run: true },
+  async fn() {
+    // Skip if extension not found
+    try {
+      Deno.statSync(extensionPath);
+    } catch {
+      return;
+    }
+
+    // Grant FFI only for a different path, not the actual extension
+    const wrongPath = "/some/other/path";
+
+    const code = `
+      import { DatabaseSync } from "node:sqlite";
+      const extensionPath = Deno.args[0];
+      const db = new DatabaseSync(":memory:", { allowExtension: true });
+      try {
+        db.loadExtension(extensionPath);
+        console.log("UNEXPECTED_SUCCESS");
+      } catch (e) {
+        if (e instanceof Deno.errors.NotCapable) {
+          console.log("EXPECTED_PERMISSION_ERROR");
+        } else {
+          console.log("UNEXPECTED_ERROR: " + e.constructor.name + ": " + e.message);
+        }
+      }
+      db.close();
+    `;
+
+    const command = new Deno.Command(Deno.execPath(), {
+      args: [
+        "run",
+        `--allow-read=${extensionPath}`,
+        `--allow-ffi=${wrongPath}`,
+        "--no-lock",
+        "-",
+        extensionPath,
+      ],
+      stdin: "piped",
+      stdout: "piped",
+      stderr: "piped",
+    });
+
+    const child = command.spawn();
+    const writer = child.stdin.getWriter();
+    await writer.write(new TextEncoder().encode(code));
+    await writer.close();
+
+    const { stdout } = await child.output();
+    const stdoutText = new TextDecoder().decode(stdout);
+
+    assertEquals(
+      stdoutText.trim(),
+      "EXPECTED_PERMISSION_ERROR",
+      `Expected NotCapable error but got: ${stdoutText}`,
+    );
+  },
+});
+
+Deno.test({
+  name:
+    "[node/sqlite] SQL load_extension() is disabled even with allowExtension: true",
+  permissions: { read: true, write: true, ffi: true },
+  fn() {
+    // Even with allowExtension: true and full FFI permissions,
+    // the SQL function load_extension() should be disabled.
+    // Only the C API loadExtension() method should work.
+    const db = new DatabaseSync(":memory:", {
+      allowExtension: true,
+      readOnly: false,
+    });
+
+    // Attempting to load an extension via SQL should fail with "not authorized"
+    // (distinct from "file not found" or similar errors)
+    assertThrows(
+      () => {
+        db.exec("SELECT load_extension('/some/path/to/extension')");
+      },
+      Error,
+      "not authorized",
+    );
+
+    db.close();
+  },
+});

tests/sqlite_extension_test/tests/integration_tests.rs

@@ -50,6 +50,7 @@ fn sqlite_extension_test() {
     .arg("--allow-read")
     .arg("--allow-write")
     .arg("--allow-ffi")
+    .arg("--allow-run")
     .arg("--config")
     .arg(deno_config_path())
     .arg("--no-check")