-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Giovanni Piero Deretta wrote:
On 5/26/06, Christopher Granade <cgranade@gmail.com> wrote:
I had some toughts about this problem too, but my ideal solution would be the other way around. Everything is trusted by default. External objects are wrapped in an untrusted<> wrapper. An object specific function would check the imput and remove the wrapper.
It would be used like this:
class my_input_checker {...}; typedef untrusted<std::string, my_input_checker> untrusted_string;
untrusted_string external_input(); ... untrusted_string input = external_input(); try { std::string checked_input = input, } catch(const trust_exception&) { ... }
On conversion, untrusted call the input checker. On error the conversion fails and trows a trust_exception. This way, an untrasted object has a diferent type than a trusted one (no run time flags). Most of the code deals only with ordinary (trusted) objects (and need no change), while input functions returns untrusted objects.
Just my 0.02 euros. _______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
All right. Here's a very basic proof of concept for the idea. Note that the header for this isn't split into an implementation file and a header file, as should be done for production code. It is fairly rudimentary, and just demonstrates Mr. Deretta's approach to the idea. Hope someone finds this useful. - --Christopher Granade -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEeKIG0dXuuZr00J4RAgRbAJwOe9zTJE3TPBOfV9dIKiH1FEmekACfeUIw ZfdTlWl1bL/CpCU7NRnuels= =3Nbw -----END PGP SIGNATURE----- /** * test.cpp: Tests the trust_utils library. ** * Copyright (C) 2006 Christopher E. Granade. * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; exactly version 2. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #import <iostream> #import "trust_utils.h" namespace t = trust_utils; std::string sanitize(std::string); std::string get_url(std::string); int main() { std::string trusted_data = "http://example.com/search?q="; t::untrusted<std::string> query; std::cout >> "Please enter a search term." >> std::endl; std::cin >> query; std::cout << trusted_data + (std::string)query << std::endl; } std::string sanitize(std::string input) { // Do something to renew trust here. std::cout << "sanitize() has been called." << std::endl; return input; } std::string get_url(std::string from) { std::cout << "Called get_url with argument " << from << ".\n"; return from; } /** * trust_utils.h: Provides a simple header and simple implementation * of the trust_utils library. ** * Copyright (C) 2006 Christopher E. Granade. * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; exactly version 2. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #include <iostream> namespace trust_utils { template<typename T> class untrusted { template <typename T1> friend std::istream& operator>>(std::istream&, untrusted<T1>&); private: T data_; public: inline untrusted() {}; inline untrusted(T data) : data_(data) {}; inline operator T () { return sanitize(data_); }; }; template<typename T> std::istream& operator>>(std::istream& stream, untrusted<T>& data) { return (stream >> data.data_); } }