Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Metaobjects tainted and untainted
package metaobjectTest
import untainted
object Tainted
func run {
var String@tainted(sql) maliciousSqlCode =
"I will delete your database";
var String@untainted(sql) safeSqlCode;
// compile-time error: this assignment should
// be in a special prototype/package to be allowed
// safeSqlCode = "safe sql code";
// ok
safeSqlCode = TaintedToUntainted toUntaintedSql: "safe sql code";
// TaintedToUntainted is a safe prototype
safeSqlCode = TaintedToUntainted toUntaintedSql: "safe sql code";
maliciousSqlCode = safeSqlCode; // ok
//safeSqlCode = maliciousSqlCode; // compile-time error
let String@tainted(html) badHtmlCode = "bad home page";
// compile-time error
//safeSqlCode = badHtmlCode;
// compile-time error
//let String@untainted(html) safeHtmlCode = badHtmlCode;
}
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment