(Wietse Venema) wrote:
! zend_uchar is_ref:7;
! zend_uchar taint_flag:1;
Beginning of this year I was actually making tests with something like
that but I used
zend_uchar is_ref:1;
zend_uchar flags:7;
to be able to support multiple taint types (HTML and DB where the main
targets). And my tainting was the other way around: Everything not
marked with a flag is unsafe.
The scope of my approach was smaller than what you are proposing: The
runtime engine only does very little with the flags, the actual work is
done by user land code. So there is very little overhead.
My goal was to enhance our HTML generation toolkit to be able to trap
missing htmlspecialchar()s.
Let me outline what I did:
- Variables assigned from constants are marked safe
- All other variables inherit the flags of the right hand side
- String concatenation does an AND of all flags for the result
- Added var_setflag($var, $flag) and var_getflag($var, $flag) functions
My HTML-Generator then used
...
if (!(var_getflag($result, 1))
error_log(...);
var_setflag($result, 1);
return $result;
}
This could certainly be enhanced (I tried various function names and
semantics but wasn't 100% happy with any of them), e.g. by making some
of the string functions aware of flags. And it leaves most of the work
to the toolkit developer. It doesn't try to provide any safety per se,
only a mechanism to write safe(r) toolkits.
Unfortunately I didn't get around to fully implement it (yet) but this
approach looked promising while being simple.
- Chris
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
