The 2nd half of proper CSRF protection related to environment variables

author: Adam Chlipala <adam@chlipala.net> 2015-02-12 15:09:26 -0500
committer: Adam Chlipala <adam@chlipala.net> 2015-02-12 15:09:26 -0500
commit: 1ea383a0e73f63d142d3539d984c9e2f4b7f0076 (patch)
tree: 596746366c6cc096adda95bb8ba55907ef3230f7 /src/cjr_print.sml
parent: db08876a6942aea26ef0d798a0951fc559e2c624 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/cjr_print.sml b/src/cjr_print.sml
index 0867f001..b3b12fe8 100644
--- a/src/cjr_print.sml
+++ b/src/cjr_print.sml
@@ -3260,6 +3260,16 @@ fun p_file env (ds, ps) =
                                                               string "))"]))
                          NONE cookies
 
+        val cookieCode = foldl (fn (evar, acc) =>
+                                   SOME (case acc of
+                                             NONE => string ("uw_unnull(uw_Basis_getenv(ctx, \""
+                                                             ^ Prim.toCString evar ^ "\"))")
+                                           | SOME acc => box [string ("uw_Basis_strcat(ctx, uw_unnull(uw_Basis_getenv(ctx, \""
+                                                                      ^ Prim.toCString evar ^ "\")), uw_Basis_strcat(ctx, \"/\", "),
+                                                              acc,
+                                                              string "))"]))
+                         cookieCode (SideCheck.readEnvVars ())
+
         fun makeChecker (name, rules : Settings.rule list) =
             box [string "static int ",
                  string name,
author	Adam Chlipala <adam@chlipala.net>	2015-02-12 15:09:26 -0500
committer	Adam Chlipala <adam@chlipala.net>	2015-02-12 15:09:26 -0500
commit	1ea383a0e73f63d142d3539d984c9e2f4b7f0076 (patch)
tree	596746366c6cc096adda95bb8ba55907ef3230f7 /src/cjr_print.sml
parent	db08876a6942aea26ef0d798a0951fc559e2c624 (diff)