annotate tests/policy2.ur @ 2297:6d56080f495c

Fix a read-after-free bug using a timestamp check
author Adam Chlipala <adam@chlipala.net>
date Thu, 19 Nov 2015 13:18:58 -0500
parents d5ecceb7d1a1
children
rev   line source
adamc@1236 1 type fruit = int
adamc@1236 2 table fruit : { Id : fruit, Nam : string, Weight : float, Secret : string }
adamc@1236 3 PRIMARY KEY Id,
adamc@1236 4 CONSTRAINT Nam UNIQUE Nam
adamc@1236 5
adamc@1236 6 (* Everyone may knows IDs and names. *)
adamc@1236 7 policy sendClient (SELECT fruit.Id, fruit.Nam
adamc@1236 8 FROM fruit)
adamc@1236 9
adamc@1236 10 (* The weight is sensitive information; you must know the secret. *)
adamc@1236 11 policy sendClient (SELECT fruit.Weight, fruit.Secret
adamc@1236 12 FROM fruit
adamc@1236 13 WHERE known(fruit.Secret))
adamc@1236 14
adamc@1236 15 fun main () =
adamc@1236 16 x1 <- queryX (SELECT fruit.Id, fruit.Nam
adamc@1236 17 FROM fruit
adamc@1236 18 WHERE fruit.Nam = "apple")
adamc@1236 19 (fn x => <xml><li>{[x.Fruit.Id]}: {[x.Fruit.Nam]}</li></xml>);
adamc@1236 20 return <xml><body>
adamc@1236 21 <ul>{x1}</ul>
adamc@1236 22 </body></xml>