[araneida: full taint documentation
Alan Shields <Alan-Shields@omrf.ouhsc.edu>**20051223230203] {
hunk ./doc/request_parameters.html 99
+
+<p>See <a href="taint.html">the CL-TAINT documentation</a> for usage information.
addfile ./doc/taint.html
hunk ./doc/taint.html 1
+<html><head><title>Araneida - Taint</title>
+<LINK rel="stylesheet" href="/doc/araneida.css">
+</head><body>
+
+<h1>CL-TAINT</h1>
+<p>CL-TAINT is a library written by Alan Shields. It is used to easily wrap values
+so that they are only accessed in a controlled manner. This is very useful for web applications,
+where you should not trust the input from the user.
+
+<h1>Basic Tainting and Untainting</h1>
+
+<pre>
+(taint "7")
+=&gt;
+#&lt;TAINTED-VALUE "7" {B682029}&gt;
+(* (length *) (length *))
+ERROR: NOT A SEQUENCE
+
+(* (untaint #'parse-integer *) (untaint #'parse-integer *))
+=&gt; 49
+</pre>
+
+<p>Once a value is tainted, it can't be used until you untaint it. You untaint
+the value by calling UNTAINT with a function that will be run on the internal value, the result
+of which shall be returned.
+
+<p>This helps ensure that the value is only accessed through that function.
+
+<h1>Detaint and With-Detaint</h1>
+<p>I find it useful to think of accepting external values in terms of declarative statements, so
+I created DETAINT and it's ease-of-use macro WITH-DETAINT. Keep in mind that DETAINT currently <emph>only</emph>
+works with strings as input. However, it will work with both tainted and un-tainted strings.
+
+<pre>
+(detaint "7" 'integer)
+=&gt; 7
+(detaint "dslkd" 'integer)
+=&gt; nil
+(detaint "" '(or integer 0))
+=&gt; 0
+</pre>
+
+<p>If you have to untaint several variables at once, it's far more convenient to do it like so:
+<pre>
+(with-detaint ((integer x y z)
+               ((or integer 0) a b c))
+  (list x y z a b c))
+</pre>
+
+<p>It's much like a type declaration.
+
+<h2>Simple Types</h2>
+<p>The most simple usage of DETAINT is with the simple types. These types
+attempt to coerce the input into the target type.
+
+<h3>Integers</h3>
+<pre>
+(detaint "7" 'integer)
+=&gt; 7
+(detaint "a7a" 'integer)
+=&gt; 7
+(detaint "a7a" 'strict-integer)
+=> NIL
+</pre>
+
+<p><tt>integer</tt> and <tt>loose-integer</tt> will find the first contiguous sequence
+of numbers in the input and parse those. If no numbers are found, NIL will be returned.
+
+<p><tt>strict-integer</tt> will only parse a string entirely consisting of numbers. If that
+does not hold, NIL will be returned.
+
+<h3>Strings</h3>
+<pre>
+(detaint "Yes" 'string)
+=&gt; "Yes"
+(detaint "Yes" 'nestring)
+=&gt; "Yes"
+(detaint "" 'string)
+=&gt; ""
+(detaint "" 'nestring)
+=&gt; NIL
+</pre>
+
+<p><tt>string</tt> will return the input string.
+<p><tt>nestring</tt> will return the input string if it is non-empty, NIL otherwise.
+
+<h3>Symbols</h3>
+<pre>
+(detaint "Yes" 'symbol)
+=&gt; YES
+(detaint "Yes" 'exact-symbol)
+=&gt; |Yes|
+(detaint "Yes" 'keyword)
+=&gt; :YES
+</pre>
+
+<p>All of the symbol types (except the keyword ones, obviously) intern the string into the current package.
+<p><tt>symbol</tt>, <tt>keyword</tt> are uppercased.
+<p><tt>exact-symbol</tt>, <tt>msymbol</tt>, <tt>exact-keyword</tt>, <tt>mkeyword</tt> are unaltered.
+
+
+<h2>Advanced Types</h2>
+<p>You can add some clauses to the simple types, restricting which inputs are acceptable.
+
+<p>For example:
+<pre>
+(detaint "7" '(integer :min 6))
+=&gt; 7
+(detaint "7" '(integer :min 8))
+=&gt; NIL
+(detaint "7" '(integer :pred oddp))
+=&gt; 7
+(detaint "7" '(integer :pred evenp))
+=&gt; NIL
+</pre>
+
+<h3>Integers</h3>
+<pre>
+(INTEGER-TYPE <:min literal> <:max literal> <:pred literal>)
+</pre>
+
+<dl>
+<dt>:min</dt><dd>Specifies the minimum value acceptable</dd>
+<dt>:max</dt><dd>Specifies the maximum value acceptable</dd>
+<dt>:pred</dt><dd>A function of one argument which shall receive the parsed integer (if no integer is found, the function will not be called). If
+the function returns a false value, the parse will be rejected, and NIL will be returned.</dd>
+</dl>
+
+<h3>Strings</h3>
+<pre>
+(STRING-TYPE <:min-length literal> <:max-length literal> <:every literal> <:some literal> <:pred literal> <:match literal> <:imatch literal>)
+</pre>
+
+<dl>
+<dt>:min-length</dt><dd>The minimum length acceptable</dd>
+<dt>:max-length</dt><dd>The maximum length acceptable</dd>
+<dt>:every</dt><dd>Every character of the string will be passed to the function, one at a time. If any return value is false, NIL will result.</dd>
+<dt>:some</dt><dd>Every character of the string will be passed to the function, one at a time. If every return value is false, NIL will result.</dd>
+<dt>:pred</dt><dd>The string will be passed to the function as a whole. If the return value is false, NIL will result.</dd>
+<dt>:match</dt><dd>The string must exactly match the specified string.</dd>
+<dt>:imatch</dt><dd>The string must case-insensitively match the specified string.</dd>
+</dl>
+
+<h3>Symbols</h3>
+<pre>
+(SYMBOL-TYPE <:package literal>)
+</pre>
+
+<dl>
+<dt>:package</dt><dd>The symbol will be interned into the specified package, rather than the current package.</dd>
+</dl>
+
+<h2>Combinators</h2>
+<p>By default, when a type fails, NIL is returned. You can propose alternate types using <tt>or</tt> and friends.
+
+<pre>
+(detaint "7" '(or integer 0))
+=&gt; 7
+(detaint "asdf" '(or integer 0))
+=&gt; 0
+(detaint "7" '(if integer t nil))
+=&gt; T
+(detaint "a" '(if integer t nil))
+=&gt; NIL
+(detaint "a" '(when integer t))
+=&gt; NIL
+(detaint "7" '(when integer t))
+=&gt; 7
+(detaint "7" '(or (or (integer :min 42)
+                      (integer :max 4))
+                  0))
+=&gt; 0
+(detaint "44" '(or (or (integer :min 42)
+                       (integer :max 4))
+                   0))
+=&gt; 44
+</pre>
+
+<p><tt>or</tt> and <tt>any</tt> return the first value that returns a true value.
+<p><tt>if</tt> returns the third construct if the second is true, and the fourth if it is not.
+
+<h2>Matchers</h2>
+<p>Sometimes you only want to parse something if it follows a certain pattern.
+Currently the only matcher is <tt>example</tt>, but regular expressions will come soon, thanks to Edi's PCRE library.
+
+<p>If you need to match a simple function, just use (string :pred function) along with when.
+
+<pre>
+(detaint "77" '(with-match (example "99") integer))
+=&gt; 77
+(detaint "7" '(with-match (example "99") integer))
+=&gt; NIL
+(detaint "7777" '(with-match (example "09") integer))
+=&gt; 7777
+</pre>
+
+<p>The third argument (<tt>integer</tt> in the above examples) is a proper specifier, so you can put in <tt>or</tt> constructs,
+more matchers, etc, etc, etc.
+
+<h3>Example Matches</h3>
+<p>The <tt>example</tt> matcher is quite simple. You provide an example of what you'd like to match, and it matches it.
+
+<p>There are a few wildcard characters.
+
+<dl>
+<dt>x</dt><dd>Matches any lowercase letter</dd>
+<dt>X</dt><dd>Matches any uppercase letter</dd>
+<dt>i or I</dt><dd>Matches any letter</dd>
+<dt>* or _</dt><dd>Matches any character</dd>
+<dt>1-9</dt><dd>Matches any number</dd>
+<dt>0</dt><dd>Starts a variable-length number ("09" will match "7", "77", and "77777777". Whereas "99" would only match "77")</dd>
+</dl>
+
+<p>All other characters match only themselves.
+
+<h3>Filters</h3>
+<p>Sometimes you want to filter the string before doing anything with it.
+
+<pre>
+(detaint "a7a" '(with-filter (drop a) string))
+=&gt; "7"
+</pre>
+
+<p>The third argument (<tt>string</tt> in the above example) is, like match, a proper place. So you can put <tt>or</tt>, or even more filters.
+
+<p>The two filters available now are: <tt>gather</tt> (synonyms: <tt>pass</tt>), and <tt>drop</tt> (synonyms: <tt>remove</tt>, <tt>fail</tt>).
+These filters work character-wise. I hope to add some regexp filters using Edi's PCRE soon.
+
+<p><tt>gather</tt> causes the new value to consist of only those characters which match its pattern.
+<p><tt>drop</tt> causes the new value to consist of only those characters which do NOT match its pattern.
+
+<h4>Gather/Drop filters</h4>
+<p>Character literals are specified either as <tt>#\c</tt> -style characters, one-letter symbols, or one-letter strings.
+
+<pre>
+; valid characters:
+#\f
+#\F
+|f|
+f
+"f"
+"F"
+</pre>
+
+<p>While (gather "f") is useful for getting all the fs in a string, it's not all that interesting. Enter the constructs:
+
+<pre>
+(any a b c)
+(not (and "F" "f"))
+</pre>
+
+<dl>
+<dt><tt>any</tt>, <tt>or</tt>, and <tt>union</tt></dt><dd>Match any construct in their argument list.</dd>
+<dt><tt>every</tt>, <tt>and</tt>, and <tt>intersection</tt></dt><dd>Match only if every construct in their argument list matches.</dd>
+<dt><tt>iany</tt>, <tt>ior</tt>, and <tt>iunion</tt></t><dd>Same as <tt>any</tt>, but case insensitive.</dd>
+<dt><tt>ievery</tt>, <tt>iand</tt>, and <tt>iintersection</tt></dt><dd>Same as <tt>every</tt>, but case insensitive.</dd>
+<dt><tt>difference</tt></dt>
+    <dd>Matches if the first construct matches but none of the following do (think of setting up a range then removing ranges from that)</dd>
+<dt><tt>not</tt></dt><dd>Inverses the match of its construct.</dd>
+<dt><tt>pred</tt></dt><dd>Passes the current character to a function. That function returns a true or false value.</dd>
+<dt><tt>not-pred</tt></dt><dd>Like <tt>(not (pred ____))</tt></dd>
+<dt><tt>range</tt></dt><dd>Matches from second -> third (ie (and (range #\a #\z) (range #\A #\Z)) for all of the alphabet)</dd>
+<dt><tt>not-range</tt></dt><dd>Not in the range.</dd>
+<dt><tt>nocase</tt> and <tt>icase</tt></dt><dd>Set all sub-matches to case-insensitive</dd>
+<dt><tt>case</tt></dt><dd>Sets all sub-matches to case sensitive</dd>
+</dl>
+
+<h2>Enjoy!</h2>
+<p>I hope this makes your tainting and untainting more pleasant. At the time this was written, I had a lot of things to do with
+web apps, so I planned on adding more constructs as I needed them. If there's been no change in this in a while, I guess you can
+figure out what happened.
+
+</body>
+</html>
}