|
Boost : |
From: Christopher Granade (cgranade_at_[hidden])
Date: 2006-05-27 15:01:26
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Giovanni Piero Deretta wrote:
> On 5/26/06, Christopher Granade <cgranade_at_[hidden]> wrote:
>
> I had some toughts about this problem too, but my ideal solution would
> be the other way around. Everything is trusted by default. External objects
> are wrapped in
> an untrusted<> wrapper. An object specific function would check the imput
> and remove the wrapper.
>
> It would be used like this:
>
> class my_input_checker {...};
> typedef untrusted<std::string, my_input_checker> untrusted_string;
>
> untrusted_string external_input();
> ...
> untrusted_string input = external_input();
> try {
> std::string checked_input = input,
> } catch(const trust_exception&) {
> ...
> }
>
> On conversion, untrusted call the input checker. On error the conversion
> fails and trows
> a trust_exception.
> This way, an untrasted object has a diferent type than a trusted one (no run
> time flags). Most of the code deals only with ordinary (trusted) objects
> (and need no change), while input functions returns untrusted objects.
>
> Just my 0.02 euros.
> _______________________________________________
> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
>
All right. Here's a very basic proof of concept for the idea. Note that
the header for this isn't split into an implementation file and a header
file, as should be done for production code. It is fairly rudimentary,
and just demonstrates Mr. Deretta's approach to the idea.
Hope someone finds this useful.
- --Christopher Granade
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEeKIG0dXuuZr00J4RAgRbAJwOe9zTJE3TPBOfV9dIKiH1FEmekACfeUIw
ZfdTlWl1bL/CpCU7NRnuels=
=3Nbw
-----END PGP SIGNATURE-----
/**
* test.cpp: Tests the trust_utils library.
**
* Copyright (C) 2006 Christopher E. Granade.
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; exactly version 2.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#import <iostream>
#import "trust_utils.h"
namespace t = trust_utils;
std::string sanitize(std::string);
std::string get_url(std::string);
int main() {
std::string trusted_data = "http://example.com/search?q=";
t::untrusted<std::string> query;
std::cout >> "Please enter a search term." >> std::endl;
std::cin >> query;
std::cout << trusted_data + (std::string)query << std::endl;
}
std::string sanitize(std::string input) {
// Do something to renew trust here.
std::cout << "sanitize() has been called." << std::endl;
return input;
}
std::string get_url(std::string from) {
std::cout << "Called get_url with argument " << from << ".\n";
return from;
}
/**
* trust_utils.h: Provides a simple header and simple implementation
* of the trust_utils library.
**
* Copyright (C) 2006 Christopher E. Granade.
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; exactly version 2.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include <iostream>
namespace trust_utils {
template<typename T>
class untrusted {
template <typename T1>
friend std::istream& operator>>(std::istream&, untrusted<T1>&);
private:
T data_;
public:
inline untrusted() {};
inline untrusted(T data) : data_(data) {};
inline operator T () {
return sanitize(data_);
};
};
template<typename T>
std::istream& operator>>(std::istream& stream, untrusted<T>& data) {
return (stream >> data.data_);
}
}
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk