Created
April 14, 2014 18:28
-
-
Save dwd/10671760 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#ifndef TAINTCXX_H | |
#define TAINTCXX_H | |
namespace taint { | |
template<typename X> class tainted { | |
private: | |
X m_x; | |
public: | |
tainted(X const & x) : m_x(x) {} | |
tainted(X && x) : m_x(x) {} | |
tainted(tainted<X> && y) : m_x(y.m_x) {} | |
tainted(const tainted<X> & y) : m_x(y.m_x) {} | |
tainted() : m_x() {}; | |
X const * operator -> () const { | |
return &m_x; | |
} | |
X * operator -> () { | |
return &m_x; | |
} | |
X const & detaint() const { | |
return m_x; | |
} | |
X & detaint() { | |
} | |
}; | |
template<typename X> X const & detaint_cast<X>(tainted<X> const & y) { | |
return t.detaint(); | |
} | |
template<typename S> class tainted_istream { | |
private: | |
S & m_s; | |
public: | |
tainted_istream(S & s) : m_s(s) {} | |
template<typename X> tainted_istream<S> & operator >> (tainted<X> & t) { | |
m_s >> t.detaint(); | |
} | |
}; | |
} | |
#endif |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In which case I wonder if approaching this from the other side isn't beneficial. Essentially the type system within the compiler is able to prove theorems -- if a theorem is wrong then you get a compile error. So what would a theorem about your input processing look like?
Is it enough for your network code to return a
tainted<std::vector<char>>
and to only allow access of those bytes through theat()
operator or iterators, both of which enforce bounds checking?If you're reading some sort of structure then you really need to be able to chain the reads. Not sure how that ought to look. If you're ok with the tainted vector having state to mark what has been read then you could do:
Although the
detaint
could just as easily be a member of the tainted type. Under this model the tainted class is really just the network data buffer that your underlying library is pulling from the socket.