Database file imports allow virtual tables to exist

[CodingDoug]

The CREATE VIRTUAL TABLE command is disallowed by sqld, but it's possible to import database files whose schema includes them. Here is a (hopefully) harmless example:

$ sqlite3 local.db
sqlite> create virtual table foo using dbstat(main);
sqlite> .schema
CREATE VIRTUAL TABLE foo using dbstat(main)
/* foo(name,path,pageno,pagetype,ncell,payload,unused,mx_payload,pgoffset,pgsize) */;
sqlite> .quit

$ turso db create tmp --from-file local.db
...

$ turso db shell tmp
→  .schema
CREATE VIRTUAL TABLE foo using dbstat(main)
→  select * from foo;
NAME                       PATH     PAGENO     PAGETYPE     NCELL     PAYLOAD     UNUSED     MX PAYLOAD     PGOFFSET     PGSIZE
sqlite_schema              /        1          leaf         4         396         3563       141            0            4096
libsql_wasm_func_table     /        2          leaf         0         0           4076       0              4096         4096
_litestream_seq            /        3          leaf         1         3           4069       3              8192         4096
_litestream_lock           /        4          leaf         0         0           4076       0              12288        4096

The imported database could have other types of virtual tables that depend on loaded modules and external data, and would probably fail in spectacular ways when queried.

It's probably best if the import process fails entirely if it receives a file that has virtual tables, and possibly other verboten schema.