Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115060
Return-Path: <larry@garfieldtech.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27031 invoked from network); 23 Jun 2021 13:19:04 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 23 Jun 2021 13:19:04 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id F18D41804CC
	for <internals@lists.php.net>; Wed, 23 Jun 2021 06:37:34 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <larry@garfieldtech.com>
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 23 Jun 2021 06:37:34 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailout.west.internal (Postfix) with ESMTP id 66FF91430
	for <internals@lists.php.net>; Wed, 23 Jun 2021 09:37:32 -0400 (EDT)
Received: from imap43 ([10.202.2.93])
  by compute1.internal (MEProxy); Wed, 23 Jun 2021 09:37:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=ZSNyI4
	SvbFsPBry/g0hVfAgK2yoEK0X1S1nFicY+ZQY=; b=ngd73Pgm4MjH8MVtlakB1p
	jcmaeSci6vQJkOSVZMj/d4+eAV8l8DrOdN751k4cAsynDoHL25I3Ph3rHjP8sMM4
	ZQLITK8NFE+9sMhwRVqj5WYZgkBW2lNlpAsSXNXcKaKPknXTKG+nBXV8tt6kVP6q
	ZNX75rtWQZ8KficpI/u4kGd0NGcpAZKWj4GxIZb/BrIjta/X7925Ld3KVrIqfjr9
	8XP157ojurYKEZ3j8BBCLARJQnjMZ9T8LVEXNT3J8bLxfevsd2bZlFOXFyglXYUb
	5ECjv/vWb1dcOYvU84IT7K9hiY/YsG8Cld1iO9jcNk1/Rwc6+Yx9o8k0Ad6Yus0Q
	==
X-ME-Sender: <xms:GznTYMY2RRMjffSf1_3m8iWCLqPJJYQC3clR8KqOJGIrB6Rb5a7atQ>
    <xme:GznTYHZSLN6u4urcu62WTnEamGsDZwnR0OUk1OfYzmx5f64y08OoePepMe-dmDHRh
    tZ7zX78U1Nq-Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfeegfedgieejucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdfnrghr
    rhihucfirghrfhhivghlugdfuceolhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrdgtoh
    hmqeenucggtffrrghtthgvrhhnpeeglefgkeduiedvvdetffeujefftdfhjeeiveehgfff
    keduveektddvledvvdfffeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmh
    grihhlfhhrohhmpehlrghrrhihsehgrghrfhhivghlughtvggthhdrtghomh
X-ME-Proxy: <xmx:GznTYG94HbvrBcWc5pJzt0H3RRYjYXrGmZCTOQY9onSDmXA-v1gY5A>
    <xmx:GznTYGpt97Kwg_WNS6bl8Vq76eGqC4FUiwpps-l8jzkSTa6_2RYNGw>
    <xmx:GznTYHqWooVAZNne1lcgDVLmcLgyFW8d7qWt2mV2s5ZGStymDgLRlg>
    <xmx:HDnTYM5EbdOX-CLUDiZZal4eZoscLWdRCU5mO5j9jjvNEh_hsY1IvQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id BC9F1AC0072; Wed, 23 Jun 2021 09:37:31 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-530-gd0c265785f-fm-20210616.002-gd0c26578
Mime-Version: 1.0
Message-ID: <03f7955c-69a8-4841-9245-449d7851e207@www.fastmail.com>
In-Reply-To: 
 <CAEMvS4GRaqMBPn7ocBX-XU3jzrtpe+9uGfYpG10qc_iKZY80UA@mail.gmail.com>
References: 
 <CAFv4g+Gv1qQ2Gtx2Qwo0Dx2Cb_gOXJ=rm7rVy+Jo89PmD-3jnA@mail.gmail.com>
 <CAEMvS4GRaqMBPn7ocBX-XU3jzrtpe+9uGfYpG10qc_iKZY80UA@mail.gmail.com>
Date: Wed, 23 Jun 2021 08:37:11 -0500
To: "php internals" <internals@lists.php.net>
Content-Type: text/plain
Subject: Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted
From: larry@garfieldtech.com ("Larry Garfield")

On Wed, Jun 23, 2021, at 8:05 AM, Hossein Baghayi wrote:
> Hello,
> What about `is_vulnerable`? Its behaviour would be the inverse of
> is_literal.
> I mean we don't have to avoid the other side of the coin.

That has the same core problem as is_trusted.  It's making a claim about the probable security status of a value, which I promise you, you will not get right 100% of the time.  is_literal, is asserting only that the value came from the source code originally, not from user input.  That is something you can assert one way or another and be guaranteed correct.  What the *implications* are for what you can then do with it are an entirely separate, and highly squishy and use-case-specific, question.

I'm still very torn on is_literal; I fear that the people who would benefit from it are the very people that don't use the tools that would leverage it (DBALs et al), and so the net benefit will be small, but misuse of it will make DBALs weaker and less able to handle the highly-dynamic cases that I am used to working with.  I may be convinced of is_literal if the major DBAL authors back it, but I'm still not sure.

I am definitely -1 on is_trusted or any other claim of fit-for-purpose, rather than a claim of origin.  That's guaranteed to be incorrect often enough that it makes things worse rather than better.

--Larry Garfield