Secure code: what the machines are saying about us
on
August 8, 2008
Secure code: what the machines are saying about us
This morning my Drupal development environment came miraculously to life. I used the opportunity to learn more about how the machines view us as humans and what their terms are for communicating with us. Here's a transcript of our conversation.
So I've been dying to know, machine, what do you think of us humans?
Um, come again? I'm not quite sure I get what you're saying.
Okay, I think you've made that amply clear now. But after all, you have to interact with us. How can you talk with us if we're 'impure'?
So if I'm following you you're saying that whatever's in the codebase is sacrosanct but anything from users can't be trusted. But isn't that taking things a bit too far? What about known, proven people--say, site administrators? Surely we're not all that untrustworthy?
Ah, so there are some kinds of user input that can be partially trusted. Well, that's at least better. So what do you do with our 'unclean' input then?
Oh, I see. You pass our input through some sort of filter before you're willing to display it. But what do you mean by 'plain'?
Okay, I've read through that. It seems like it's all about code. You don't want us humans to be able to include code in what you print or output?
Because it might be 'bad' code?
But what about those trusted users I mentioned? Surely they should be able to put some code in?
Okay, I get it. For any old user you strip everything out, but for admins you allow a limited subset of code. But sometimes we'll need more. Like, say, when we're formatting a table of information, for example. What then?
Ah, so you're prepared to allow at least some users a bit more code, subject of course to your controls. A magnanimous gesture no doubt. But listen, I think you're forgetting something. Where would you be without humans? It may be true that...
Resorting to threats, are we? That's going too far. After all, we're the ones who wrote you in the first place. I mean, think about it, where would you be without us to fix you up, upgrade you to new versions? You wouldn't dare terminate us. We're still needed for countless...
So there you have it, as much as I got out of my development environment before it went blank. I suspect it's been reading drupal.org again, particularly Input, the root of all evil.
So I've been dying to know, machine, what do you think of us humans?
<?php
define('MACHINE', 'pure');
define('USER', 'impure');
?><?php
// Sometimes you have to make things so obvious even humans will understand.
$machine = 'good';
$human_user = 'bad';
?><?php
define('CODE_INPUT', 'sweet and pure');
define('USER_INPUT', 'unclean');
?><?php
define('ADMIN_USER_INPUT', 'slightly less unclean');
?><?php
$clean = check_plain($unclean_user_input);
echo $clean;
?><?php
// See http://api.drupal.org/api/function/check_plain.
?><?php
echo ':)';
?><?php
echo ':)';
?><?php
if ($input_type == USER_INPUT) {
$clean = check_plain($unclean_user_input);
}
elseif ($input_type == ADMIN_USER_INPUT) {
$clean = filter_xss_admin($unclean_user_input);
}
echo $clean;
// See http://api.drupal.org/api/function/filter_xss_admin.
?><?php
$clean = check_markup($unclean_user_input, $filter_format);
echo $clean;
// See http://api.drupal.org/api/function/check_markup.
?><?php
function terminate_human_prattle() {
echo 'I warned you.';
exit;
}
?><?php
echo 'Just watch me.';
terminate_human_prattle();
?>So there you have it, as much as I got out of my development environment before it went blank. I suspect it's been reading drupal.org again, particularly Input, the root of all evil.
Like it? Share it!
<?phpterminate_human_prattle();
?>