joseoliv
6/15/2018 - 1:28 PM
Metaobjects tainted and untainted
Metaobjects tainted and untainted
package metaobjectTest
import untainted
object Tainted
func run {
var String@tainted(sql) maliciousSqlCode =
"I will delete your database";
var String@untainted(sql) safeSqlCode;
// compile-time error: this assignment should
// be in a special prototype/package to be allowed
// safeSqlCode = "safe sql code";
// ok
safeSqlCode = TaintedToUntainted toUntaintedSql: "safe sql code";
// TaintedToUntainted is a safe prototype
safeSqlCode = TaintedToUntainted toUntaintedSql: "safe sql code";
maliciousSqlCode = safeSqlCode; // ok
//safeSqlCode = maliciousSqlCode; // compile-time error
let String@tainted(html) badHtmlCode = "bad home page";
// compile-time error
//safeSqlCode = badHtmlCode;
// compile-time error
//let String@untainted(html) safeHtmlCode = badHtmlCode;
}
end