[prev in list] [next in list] [prev in thread] [next in thread]
List: e-lang
Subject: [e-lang] 'for' loop security concerns
From: kpreid () attglobal ! net (Kevin Reid)
Date: 2003-11-08 2:36:40
[Download RAW message or body]
Assuming an untrusted collection object, two potential problems:
First: a collection can save the function it's passed and call it later.
This is (at least to me) a rather surprising default behavior which is
not obvious from inspection of the unexpanded source (since no other
{block} in E's control structures behaves this way), and it is awkward
to protect against.
Second: the 'for' expression's return value is that of the collection's
iterate method. The 'break' expression can specify a return value, but
there is no way to control what value is returned if the collection is
empty (or acts as if it is). This is inconvenient (and potentially
surprising) behavior because you can't rely on the return value being
something chosen by your code (or null).
A revised Kernel-E expansion of the 'for' loop which should avoid these
(I think) undesirable behaviors:
escape __break :any {
def [func :any, revoker :any] := makeRevoker.run(body)
try {
collection.iterate(func)
null
} finally {
revoker.revoke(OutOfScopeException)
}
}
('body' and 'collection' are the rest of the expansion, 'makeRevoker' is
<import:org.erights.e.facet.makeRevoker>, OutOfScopeException is
whatever's appropriate)
--
Kevin Reid
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic