公共Lisp中格式指令的安全解析 [英] Safe Parsing of Format Directives in Common Lisp

问题描述

我想从输入文件（可能已由用户修改或未由用户修改）中读取字符串。我想将此字符串视为要使用固定数量的参数调用的格式指令。但是，我了解某些格式指令（尤其是想到〜/ ）可能会被用于注入函数调用，从而使这种方法本质上不安全。

I would like to read in a string from an input file (which may or may not have been modified by the user). I would like to treat this string as a format directive to be called with a fixed number of arguments. However, I understand that some format directives (particularly, the ~/ comes to mind) could potentially be used to inject function calls, making this approach inherently unsafe.

使用 read 解析Common Lisp中的数据时，该语言会提供 * read-eval * 动态变量，可以将其设置为 nil 以禁用＃。代码注入。我正在寻找类似的东西，以防止格式指令内的代码注入和任意函数调用。

When using read to parse data in Common Lisp, the language provides the *read-eval* dynamic variable which can be set to nil to disable #. code injection. I'm looking for something similar that would prevent code injection and arbitrary function calls inside format directives.

推荐答案

如果用户无法介绍自定义代码，但仅格式化字符串，则可以避免 print-object 的问题。请记住使用 with-standard-io-syntax （或其定制版本）以控制要生成的确切输出类型（请考虑 * print-base * ，...）。

If the user cannot introduce custom code but only format strings, then you can avoid the problems of print-object. Remember to use with-standard-io-syntax (or a customized version of it) to control to exact kind of output you will generate (think about *print-base*, ...).

您可以扫描输入字符串以检测〜/ 的存在（但 ~~ / 有效），并拒绝解释包含黑名单结构的格式。
但是，某些分析更加困难，您可能需要在运行时采取行动。

You can scan the input strings to detect the presence of ~/ (but ~~/ is valid) and refuse to interpret format that contains blacklisted constructs. However, some analysis are more difficult and you might need to act at runtime.

例如，如果格式字符串格式错误，则可能会导致错误，必须进行处理（此外，您可能会给期望的参数赋予错误的值）。

For example, if the format string is malformed, you will probably encouter an error, which must be handled (also, you may give bad values to the expected arguments).

即使用户不是恶意的，您也可能在迭代构造方面遇到问题：

Even if the user is not malicious, you can also have problems with iteration constructs:

~{<X>~:*~}

...从不停止是因为〜：* 会回退当前参数。为了处理此问题，您必须考虑< X> 可以打印或不打印某些内容。您可以实施这两种策略：

... never stops because ~:* rewinds current argument. In order to handle this, you must consider that <X> may, or not, print something. You could implement both of those strategies:

• 有超时时间来限制格式化时间


• 在写入过多内容（例如写入字符串缓冲区）时，使基础流到达文件末尾。

我目前看不到的问题，请小心。

There might be other problems I currently don't see, be careful.

这篇关于公共Lisp中格式指令的安全解析的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！