|Michał phoe Herda f4552dfef6 minor fixes||3 years ago|
|.gitignore||4 years ago|
|LICENSE||4 years ago|
|README.md||3 years ago|
|package.lisp||3 years ago|
|safe-read.asd||3 years ago|
|safe-read.lisp||3 years ago|
|test.lisp||3 years ago|
The goal of this project is to create a wrapper around standard Lisp reader to make it able to read input from untrusted sources, such as internet sockets.
Example usage - creating a client-server communication protocol that is based on S-expressions. Using bare READ on both server and client allows the malicious client/server to execute any code on any other networked clients/servers.
As of now, this repository includes variant of READ secure against internbombing, excessive input and macro characters.
(symbol1 symbol2 ... symbol9999999999).
#.(let (memleak) (loop (setf memleak (cons memleak memleak))))along with more subtle ones that are not listed here.
&optional (stream *standard-input*) →
S-EXPRESSION- the read S-expression or NIL if reading was impossible.
ERROR-STATUS- one of
:INCOMPLETE-INPUT :MALFORMED-INPUT :INPUT-SIZE-EXCEEDEDor NIL in case of success.
:INPUT-SIZE-EXCEEDEDas its second value.
make it possible to signal conditions instead of relying on the second return value.
make it possible to read multiple expressions without newlines