Boost logo

Boost :

From: Christopher Granade (cgranade_at_[hidden])
Date: 2006-05-27 15:01:26


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Giovanni Piero Deretta wrote:
> On 5/26/06, Christopher Granade <cgranade_at_[hidden]> wrote:
>
> I had some toughts about this problem too, but my ideal solution would
> be the other way around. Everything is trusted by default. External objects
> are wrapped in
> an untrusted<> wrapper. An object specific function would check the imput
> and remove the wrapper.
>
> It would be used like this:
>
> class my_input_checker {...};
> typedef untrusted<std::string, my_input_checker> untrusted_string;
>
> untrusted_string external_input();
> ...
> untrusted_string input = external_input();
> try {
> std::string checked_input = input,
> } catch(const trust_exception&) {
> ...
> }
>
> On conversion, untrusted call the input checker. On error the conversion
> fails and trows
> a trust_exception.
> This way, an untrasted object has a diferent type than a trusted one (no run
> time flags). Most of the code deals only with ordinary (trusted) objects
> (and need no change), while input functions returns untrusted objects.
>
> Just my 0.02 euros.
> _______________________________________________
> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
>

All right. Here's a very basic proof of concept for the idea. Note that
the header for this isn't split into an implementation file and a header
file, as should be done for production code. It is fairly rudimentary,
and just demonstrates Mr. Deretta's approach to the idea.

Hope someone finds this useful.

- --Christopher Granade
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEeKIG0dXuuZr00J4RAgRbAJwOe9zTJE3TPBOfV9dIKiH1FEmekACfeUIw
ZfdTlWl1bL/CpCU7NRnuels=
=3Nbw
-----END PGP SIGNATURE-----


/**
 * test.cpp: Tests the trust_utils library.
 **
 * Copyright (C) 2006 Christopher E. Granade.
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; exactly version 2.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */

#import <iostream>

#import "trust_utils.h"

namespace t = trust_utils;

std::string sanitize(std::string);
std::string get_url(std::string);

int main() {
    
    std::string trusted_data = "http://example.com/search?q=";
    t::untrusted<std::string> query;
    
    std::cout >> "Please enter a search term." >> std::endl;
    std::cin >> query;
    
    std::cout << trusted_data + (std::string)query << std::endl;
    
}

std::string sanitize(std::string input) {
    
    // Do something to renew trust here.
    std::cout << "sanitize() has been called." << std::endl;
    return input;
    
}

std::string get_url(std::string from) {
    std::cout << "Called get_url with argument " << from << ".\n";
    return from;
}


/**
 * trust_utils.h: Provides a simple header and simple implementation
 * of the trust_utils library.
 **
 * Copyright (C) 2006 Christopher E. Granade.
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; exactly version 2.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */

#include <iostream>

namespace trust_utils {
    
    template<typename T>
    class untrusted {
        
        template <typename T1>
        friend std::istream& operator>>(std::istream&, untrusted<T1>&);
        
        private:
            T data_;
            
        public:
            inline untrusted() {};
            inline untrusted(T data) : data_(data) {};
            
            inline operator T () {
                return sanitize(data_);
            };
        
    };
    
    template<typename T>
    std::istream& operator>>(std::istream& stream, untrusted<T>& data) {
        return (stream >> data.data_);
    }
    
    
}


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk