Safety levels are used to represent the level of security a variable has within the security analysis.

The set of safety levels is finite and has a partial order by <=. The order is reflexive, transitive and antisymetric.

The levels are not given a number, but a name. This allows for further extension in the future. Safety levels that are ranked higher are safer.

Name(s) Explenation
safe Safe/Unknown (default value for variables), upper bound
integer-type, null-type, object-type, array-type, float-type Specific types
string-from-list, matched-string String is matched to a certain value.
formatted-string, encoded-string String is formatted in a special way (e.g. dates, hashed)
escaped-html, escaped-shell, escaped-slashes String has no un-escaped character sequences
raw-input Raw input that is not to be trusted
unsafe Lower bound

-- EricBouwers - 29 Dec 2006

Revision: r1.1 - 29 Dec 2006 - 16:56 - EricBouwers
Copyright © 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback