Safe Haskell | Trustworthy |
---|
Exports basic HTTP client functions inside the DC
Monad.
Computations are allowed to communicate over HTTP as long as they can
read and write to a labeled origin. An origin is associated with two
labels. When writing, the origin has a label of the form
< {["scheme://authority"]}, True >
, where scheme
is
either 'http' or 'https', and authority
is the domain name or IP
address used in the request and port number of the connection. In
other words, the secrecy component contains the origin information,
while the integrity component is the same as that of public data.
When reading, the origin has a label of the form
< True, {["scheme://authority"]} >
.
This means that LIO
(specifically, DC
) computations can export
data if the current label is not higher than that of the labeled
origin, and read data that is no more trustworthy than that of the
origin. Practically, this means that untrusted computation can export
data so long as the they have not observed any data more sensitive
than the label of the target domain. Reading (which also occurs on
every request/write) further raises the current label to the join of
the current label and origin.
For example, suppose some piece of data, myLoc
, has the label:
aliceLocL = newDC ("alice" ./\. "http://maps.googleapis.com:80") (<>)
created as:
myLoc <- labelP alicePriv aliceLocL "3101 24th Street, San Francisco, CA"
Then, untrusted code (with initial label set to public) running on behalf of "alice" , may perform the following operation:
let mapBase = "http://maps.googleapis.com/maps/api/geocode/json?sensor=false" aliceLoc <- urlEncode <$> (unlabelP alicePriv myLoc) resp <- simpleGetHttp $ mapBase ++ "&address=" ++ aliceLoc
In this case the unlabelP
will raise the current label to the label:
< {["http://maps.googleapis.com:80"]}, True >
by exercising "alice"s privilges. Directly, the simpleHttp
will be permitted. However, if
let mapBase = "http://maps.evilalternatives.org/geocode/json?sensor=false"
an exception will be thrown since the current label does not flow to
the label of mapBase
.
- data HttpRespDC = HttpRespDC {
- respStatusDC :: !HttpStatus
- respHeadersDC :: ![(S, S)]
- respBodyDC :: DC (Onum L DC ())
- simpleHttp :: HttpReq () -> L -> DC HttpRespDC
- simpleHttpP :: DCPrivTCB -> HttpReq () -> L -> DC HttpRespDC
- simpleGetHttp :: String -> DC HttpRespDC
- simpleGetHttpP :: DCPrivTCB -> String -> DC HttpRespDC
- simpleHeadHttp :: String -> DC HttpRespDC
- simpleHeadHttpP :: DCPrivTCB -> String -> DC HttpRespDC
- extractBody :: HttpRespDC -> DC L
- multiHttp :: (HttpReq (), L) -> DCHttpResponseHandler -> DC ()
- type DCHttpResponseHandler = HttpRespDC -> Iter L DC (Maybe (HttpReq (), L))
- headRequest :: String -> HttpReq ()
- getRequest :: String -> HttpReq ()
- postRequest :: String -> String -> L -> HttpReq ()
Simple interface
data HttpRespDC Source
A HTTP response, containing the status, headers, and parsed body.
HttpRespDC | |
|
:: HttpReq () | Request header |
-> L | Request body |
-> DC HttpRespDC |
Perform a simple HTTP request, given the the request header, body and SSL context, if any. Note that that request must have the scheme, host fields set.
:: DCPrivTCB | Privilege |
-> HttpReq () | Request header |
-> L | Request body |
-> DC HttpRespDC |
Same as simpleHttp
, but uses privileges.
simpleGetHttp :: String -> DC HttpRespDCSource
Simple HTTP GET request.
simpleHeadHttp :: String -> DC HttpRespDCSource
Simple HTTP HEAD request.
extractBody :: HttpRespDC -> DC LSource
Extract body from response
Advanced interface
:: (HttpReq (), L) | Initial request |
-> DCHttpResponseHandler | Request handler |
-> DC () |
An HTTP client that reuses a connection to perform multiple
requests. Note that a wguard
is only performed at the connection
establishment.
type DCHttpResponseHandler = HttpRespDC -> Iter L DC (Maybe (HttpReq (), L))Source
An HTTP response handler in the DC
monad.
Basic requests
headRequest :: String -> HttpReq ()
Create a simple HEAD request.
The url
must be an absoluteURI
.
getRequest :: String -> HttpReq ()
Create a simple GET request.
The url
must be an absoluteURI
.
Given a URL, Content-Type, and message body, perform a simple POST request. Note: message body must be properly encoded (e.g., URL-encoded if the Content-Type is "application/x-www-form-urlencoded").