lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


I've been looking into adding some support for string tainting. In
short I want to be able to (un)taint a string and find out whether a
string is tainted or not. This would allow me to mark certain strings
tainted in one place and do something different with them somewhere
A trivial implementation in Lua is something like:

----- taint.lua -----
local tainted = {}
local strlib = getmetatable("")["__index"]
strlib["taint"] = function(s)
  tainted[s] = true

strlib["untaint"] = function(s)
  tainted[s] = nil

strlib["istainted"] = function(s)
  return tainted[s] == true
----- taint.lua -----

Works fine for trivial cases but it fails in combination with string
concatenation through .. or table.concat(). I can probably get
table.concat() to work but .. is more problematic since it is
hardwired into the VM. Has anybody ever done something similar? Any
implementation ideas or pitfalls to watch out for if I go hack on the