Mercurial > urweb
view tests/policy.ur @ 1218:48d2ca496d2c
Path conditions, used to track implicit flows
author | Adam Chlipala <adamc@hcoop.net> |
---|---|
date | Sat, 10 Apr 2010 13:02:15 -0400 |
parents | 648e6b087dfb |
children | 7dfa67560916 |
line wrap: on
line source
type fruit = int table fruit : { Id : fruit, Nam : string, Weight : float, Secret : string } PRIMARY KEY Id, CONSTRAINT Nam UNIQUE Nam type order = int table order : { Id : order, Fruit : fruit, Qty : int, Code : int } PRIMARY KEY Id, CONSTRAINT Fruit FOREIGN KEY Fruit REFERENCES fruit(Id) (* Everyone may knows IDs and names. *) policy sendClient (SELECT fruit.Id, fruit.Nam FROM fruit) (* The weight is sensitive information; you must know the secret. *) policy sendClient (SELECT fruit.Weight, fruit.Secret FROM fruit WHERE known(fruit.Secret)) policy sendClient (SELECT order.Id, order.Fruit, order.Qty FROM order, fruit WHERE order.Fruit = fruit.Id AND order.Qty = 13) fun fname r = x <- queryX (SELECT fruit.Weight FROM fruit WHERE fruit.Nam = {[r.Nam]} AND fruit.Secret = {[r.Secret]} AND fruit.Weight <> 3.14 AND fruit.Weight < 100.0 AND fruit.Weight <= 200.1 AND fruit.Weight > 1.23 AND fruit.Weight >= 1.24) (fn r => <xml>Weight is {[r.Fruit.Weight]}</xml>); return <xml><body> {x} </body></xml> fun main () = x1 <- queryX (SELECT fruit.Id, fruit.Nam FROM fruit WHERE fruit.Nam = "apple") (fn x => <xml><li>{[x.Fruit.Id]}: {[x.Fruit.Nam]}</li></xml>); x2 <- queryX (SELECT fruit.Nam, order.Qty FROM fruit, order WHERE fruit.Id = order.Fruit AND order.Qty = 13) (fn x => <xml><li>{[x.Fruit.Nam]}: {[x.Order.Qty]}</li></xml>); return <xml><body> <ul>{x1}</ul> <ul>{x2}</ul> <form> Fruit name: <textbox{#Nam}/><br/> Secret: <textbox{#Secret}/><br/> <submit action={fname}/> </form> </body></xml>