[Haskell] intent-typing
Marcus Sundman
sundman at iki.fi
Mon Nov 15 10:17:46 EST 2010
Hi, how would one go about implementing (or using if it's supported
out-of-the-box) intent-typing* for haskell?
*) Intent-typing is compiler/verifier/parser enforced typing similar to
"apps hungarian" notation. E.g., say I have a webapp with fields for a
user's first name and last name, which I at some point show on another
webpage that the user loads, which is a typical XSS vulnerability
situation. So I have 2 functions, getParam(...) and setParam(...), which
return the value of a user-provided parameter and gives a parameter to
the template displayed to the user, respectively. I want to somehow flag
the getParam(...)-function as returning a user-provided string (say,
"unsafe-string"), and the setParam(...)-function as requiring a safely
encoded string (say, "safe-string"), so that if I sometimes forget to
run the user-provided string through some anti-xss-encoding thingy
(which would take an "unsafe-string" and return a "safe-string"), and
don't (unit-)test this particular aspect of said code, then some
verifier thingy (preferably a static verifier) would notice this and
show me a warning.
Cheers,
Marcus
More information about the Haskell
mailing list