Created
June 15, 2018 13:28
-
-
Save joseoliv/636851a5a6f5c02c2b40a15c059dd07b to your computer and use it in GitHub Desktop.
Metaobjects tainted and untainted
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package metaobjectTest | |
import untainted | |
object Tainted | |
func run { | |
var String@tainted(sql) maliciousSqlCode = | |
"I will delete your database"; | |
var String@untainted(sql) safeSqlCode; | |
// compile-time error: this assignment should | |
// be in a special prototype/package to be allowed | |
// safeSqlCode = "safe sql code"; | |
// ok | |
safeSqlCode = TaintedToUntainted toUntaintedSql: "safe sql code"; | |
// TaintedToUntainted is a safe prototype | |
safeSqlCode = TaintedToUntainted toUntaintedSql: "safe sql code"; | |
maliciousSqlCode = safeSqlCode; // ok | |
//safeSqlCode = maliciousSqlCode; // compile-time error | |
let String@tainted(html) badHtmlCode = "bad home page"; | |
// compile-time error | |
//safeSqlCode = badHtmlCode; | |
// compile-time error | |
//let String@untainted(html) safeHtmlCode = badHtmlCode; | |
} | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment