I'm implementing a client to a web service that offers multiple download options - CSV, JSON, Parquet and SQLITE ".db". The response data set has a small number of tabular data sets. SQLite is a good fit, as it eliminates the need to upload the individual tabular data set into a database for efficient join queries.
I'm concerned about protecting against insufficient data from the service.
Technically, is it possible to embed a virus into an SQLite database? I believe CSV, JSON, and the parquet can only carry data (and have parsers who know how to handle buffer overflows, nulls, etc.). The SQLite database is much more complex. Can it carry "executable" instructions? I intend to open the file RO and only do a "select" statement from a Python client.
Any advice will be appreciated. The SQLite site security page discusses some of those questions (https://www.sqlite.org/security.html)) and looks for practitioner feedback.