adam@1595: (* Copyright (c) 2011, Adam Chlipala adam@1595: * All rights reserved. adam@1595: * adam@1595: * Redistribution and use in source and binary forms, with or without adam@1595: * modification, are permitted provided that the following conditions are met: adam@1595: * adam@1595: * - Redistributions of source code must retain the above copyright notice, adam@1595: * this list of conditions and the following disclaimer. adam@1595: * - Redistributions in binary form must reproduce the above copyright notice, adam@1595: * this list of conditions and the following disclaimer in the documentation adam@1595: * and/or other materials provided with the distribution. adam@1595: * - The names of contributors may not be used to endorse or promote products adam@1595: * derived from this software without specific prior written permission. adam@1595: * adam@1595: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" adam@1595: * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE adam@1595: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE adam@1595: * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE adam@1595: * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR adam@1595: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF adam@1595: * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS adam@1595: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN adam@1595: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) adam@1595: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE adam@1595: * POSSIBILITY OF SUCH DAMAGE. adam@1595: *) adam@1595: adam@1595: structure SideCheck :> SIDE_CHECK = struct adam@1595: adam@1595: open Mono adam@1595: adam@1595: structure E = ErrorMsg adam@1595: adam@2116: structure SK = struct adam@2116: type ord_key = string adam@2116: val compare = String.compare adam@2116: end adam@2116: adam@2116: structure SS = BinarySetFn(SK) adam@2116: adam@2116: val envVars = ref SS.empty adam@2116: adam@1595: fun check ds = adam@2116: let adam@2116: val alreadyWarned = ref false adam@2116: in adam@2116: envVars := SS.empty; adam@2116: MonoUtil.File.appLoc (fn (e, loc) => adam@2116: let adam@2116: fun error (k as (k1, k2)) = adam@2116: if Settings.isClientOnly k then adam@2116: let adam@2116: val k2 = case k1 of adam@2116: "Basis" => adam@2116: (case k2 of adam@2116: "get_client_source" => "get" adam@2116: | _ => k2) adam@2116: | _ => k2 adam@2116: in adam@2116: E.errorAt loc ("Server-side code uses client-side-only identifier \"" ^ k1 ^ "." ^ k2 ^ "\"") adam@2116: end adam@2116: else adam@2116: () adam@2116: in adam@2116: case e of adam@2116: EFfi k => error k adam@2116: | EFfiApp ("Basis", "getenv", [(e, _)]) => adam@2116: (case #1 e of adam@2116: EPrim (Prim.String (_, s)) => adam@2116: envVars := SS.add (!envVars, s) adam@2116: | _ => if !alreadyWarned then adam@2116: () adam@2116: else adam@2116: (alreadyWarned := true; adam@2116: TextIO.output (TextIO.stdErr, "WARNING: " ^ ErrorMsg.spanToString loc ^ ": reading from an environment variable not determined at compile time, which can confuse CSRF protection"))) adam@2116: | EFfiApp (k1, k2, _) => error (k1, k2) adam@2116: | _ => () adam@2116: end) ds; adam@2116: ds adam@2116: end adam@2116: adam@2116: fun readEnvVars () = SS.listItems (!envVars) adam@1595: adam@1595: end