[langsec-discuss] Tainting input for better security

Carter Schonwald carter.schonwald at gmail.com
Thu Jun 14 21:05:04 UTC 2012


The glib but perhaps accurate answer is not enough people use Haskell ! :-)

The point Being that If your tools don't make writing or reasoning about
code jointly simple, all bets are off :-)

On Wednesday, June 13, 2012, Will Sargent wrote:

> Hi all,
>
> I'm not a security professional, so excuse me if I'm reinventing the wheel
> here, but here's what I got from the talk.
>
> So it seems clear that unless you're validating your input (and can trust
> your validator), then your input is untrusted.
>
> What that means for me practically is that any input I have from the
> client, in the form of headers, parameters, cookies or form fields, should
> be automatically tainted by the system unless an appropriate validator is
> found for it.
>
> val taintedEmail: Taint[String] = request.queryString("email")
>
> Ideally the validation should result in a strongly typed object, so an
> EmailValidator would return an type Email, a URLValidator would return a
> URL, a MixedCaseStringValidator would return a MixedCaseString, etc, so you
> never pass around the raw tainted input.
>
> val result:Either[Failure,Email] = emailValidator.validate taintedEmail
> result.fold(
>   failure => {
>     BadRequest(html.index).**flashing 'error -> failure
>   },
>   success => {
>      Ok(html.index)
>   }
> )
>
> Email and URL validation is complicated (I think
> https://code.google.com/p/**isemail/ <https://code.google.com/p/isemail/>is amazing) and I don't think anyone's really made a good HTML validation
> library yet, but it seems like this would be a useful if not necessary
> thing.
>
> So, two questions:
>
> 1) Why don't all web frameworks do this out of the box?
> 2) Why is validation in such a terrible state?  It seems like people just
> throw regexps at the problem and hope for the best.
>
> Will.
> ______________________________**_________________
> langsec-discuss mailing list
> langsec-discuss at lists.langsec.org
> https://lists.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://lists.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.langsec.org/pipermail/langsec-discuss/attachments/20120614/a475193a/attachment.html>


More information about the langsec-discuss mailing list