Using static typing to protect against code injection attacks

Static typing in programming languages can be easily used to make such attacks difficult or even impossible. For a successful SQL injection attack our application needs to handle strings: Attacker gives us a malicious string which we then somewhere in depths of our application use to construct a SQL query.

How to make things harder for an attacker? We can “stop using” strings. Or strictly speaking, isolate the string management and let the type system and compiler help us to verify the program is correct.

Now to go forward we need a validator for usernames. The validator function below is kept as simple as possible for clarity. Here we only validate that the given username is of right length and only contain the characters our specification requires:

And now we need a way to construct an Username:

Here I only implement the new()method for the Username and leave building other utility methods as an exercise for the reader.

So far it has been easy. Things don’t get much more complicated, but require some effort.

Every single place were a username gets input into the application (be it from user’s input, or from database, or from RPC call, etc.) we have to construct a Username. And every single function where username is used should take a Username instead of a String as an argument. This ensures that our application only uses validated usernames everywhere.

A good compiler helps with this step. When function’s type signature is updated, the compiler will give errors from places where the function is called with wrong arguments. Rust has been a prime example for really helpful error messages and inspired other compiler projects to follow

This method also works with other types also! This not only helps protecting against code injection attacks, but help keep things where they belong. For example your use case might have different id numbers: UserId, CustomerId, ProductId. Compiler will help you keep your ID numbers in order if every different ID is also a different type. Or if geographic coordinates are thing to care about: Longitude and Latitude. Valid longitudes are between -180° and +180° and latitudes between -90° and +90°.

Related posts:

URL parameters are a fundamental aspect of React Router and a fundamental aspect of building web applications. In this post, we’ll break down the “URL Parameters” example on the React Router…

I solemnly swear to tell you the truth, the whole truth and nothing but the truth. How many of you can say your actively trying to find the truth? Probably not many. This was me once. I swore to…

Berlari bersamanya memang menyenangkan. Tapi semakin aku berlari mengejar dia, semakin habis udara yang kumiliki untuk bernapas. Aku menikmati hidupku yang penuh kabut hingga hari ini. Jalan yang…