[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: String tainting
- From: "Dirk Feytons" <dirk.feytons@...>
- Date: Fri, 8 Feb 2008 10:43:26 +0100
Hi,
I've been looking into adding some support for string tainting. In
short I want to be able to (un)taint a string and find out whether a
string is tainted or not. This would allow me to mark certain strings
tainted in one place and do something different with them somewhere
else.
A trivial implementation in Lua is something like:
----- taint.lua -----
local tainted = {}
local strlib = getmetatable("")["__index"]
strlib["taint"] = function(s)
tainted[s] = true
end
strlib["untaint"] = function(s)
tainted[s] = nil
end
strlib["istainted"] = function(s)
return tainted[s] == true
end
----- taint.lua -----
Works fine for trivial cases but it fails in combination with string
concatenation through .. or table.concat(). I can probably get
table.concat() to work but .. is more problematic since it is
hardwired into the VM. Has anybody ever done something similar? Any
implementation ideas or pitfalls to watch out for if I go hack on the
VM?
--
Dirk