Ok, I think I like this! Here's the full PR with this new Restrict type: https://github.com/bluejekyll/trust-dns/pull/586#pullrequestreview-164511419 … I think this is worth a blog post, and after using it, I think it will help prevent bugs and especially issues like: https://rustsec.org/advisories/RUSTSEC-2018-0007.html … Feel free to leave feedback.https://twitter.com/benj_fry/status/1051117215645237254 …
-
-
I agree, that the problem is the bare usage of primitives, but that's exactly what this change fixes, it forces those to be wrapped in a Restrict type when read from an untrusted, malicious source.
-
While the TryFrom approach would catch some issues, I think it would be very type heavy, as we'd need to create a bunch of single use types. What I liked about this approach is that we were able to chain all math operations without unwrapping the Restricted type.
-
I do see the value of you're suggestion, but I wanted something that could be used for all data read from a potentially malicious stream, it wouldn't preclude us from adopting the approach you suggest in the future.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.