On Wed, 06 Mar 2013 09:37:00 +0100 Hendrik Tews wrote: > The problem is, that even pure OCaml contains enough features > that may permit arbitrary memory corruptions by an attacker. For > instance, String.unsafe_blit has no bounds checks, Obj.magic is > an unsafe cast, Marshal.from_channel may break the type > system, ... Another unsafe feature are the Unix process spawning functions, some of which use the shell and are thus vulnerable to metacharacter injection. Is there a tool that will check for all of these unsafe features? I'm writing check-all-the-things, which is a tool that wraps a lot of other check tools. For OCaml, I have ocaml-lintian and a grep for the OCaml Unix process spawning functions but I would like more checks. https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git/tree/data/ocaml For other languages there are style checkers too, are there OCaml ones? -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part