[langsec-discuss] Enforcing validation layer with types

William Sargent will.sargent at gmail.com
Tue Dec 18 04:04:29 UTC 2012


On Dec 17, 2012, at 5:52 PM, "Meredith L. Patterson" <clonearmy at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> No, this is great, actually -- it's a typesystem-side way to handle
> tainting, and it plays nicely with both handrolled input handling and
> inline DSLs. Sometimes your input language isn't large enough to need
> a grammar stronger than a few regular expressions -- is the username
> one or more non-control UTF-8 characters? is the zip code 5 digits? --
> and if you can parse each input in a form with one regex per input, by
> the principle of least power, you *should*. Returning Option[T] from
> each parsing function clearly demarcates whether validation succeeded
> (a la scala.util.parsing.combinator.Parsers.ParseResult's Success and
> Failure/Error cases).
> 
> I can sort of see how this can be extended to non-Scala API design,
> though a static typesystem definitely makes things easier. I'll have
> to play with this some; conveniently, at work I'm in the middle of
> refactoring a boundary of competence between user input and some
> in-house C++.

Awesome.  I wasn't sure whether you'd consider this taint checking or a trademark feature, but either way it's cool.

Academic paper if you want to poke at it some more (see 3.5):

http://www.cs.rutgers.edu/~ccshan/cs252/usage.pdf 

Will.


More information about the langsec-discuss mailing list