Work on this exercise locally
This web app is a reference guide — you can read instructions, browse starter code, and view tests here. To actually complete the exercise, you need to work in your local development environment.
git clone https://github.com/weihaoqu/program-analysis-bootcamp-studentfailwith "TODO" with your implementation.dune runtest modules/module5-security-analysis/exercises/security-configSecurity Config
4. Exercise 2: Security Config (17 tests)
Goal: Define a security configuration with sources, sinks, sanitizers, and lookup/mutation helpers.
Time: ~20 minutes
File to edit: exercises/security-config/starter/config.ml
Dependencies: shared_ast
The configuration types
These record types are pre-defined:
type source = { source_name: string; source_description: string }
type sink = { sink_name: string; sink_param_index: int;
sink_vuln_type: string; sink_description: string }
type sanitizer = { sanitizer_name: string; sanitizer_cleans: string list;
sanitizer_description: string }
type security_config = { sources: source list; sinks: sink list;
sanitizers: sanitizer list }
What to implement (in order)
| # | Function | Hint |
|---|---|---|
| 1 | empty_config | All three lists empty |
| 2 | default_web_config | Build the full config with 5 sources, 5 sinks, 5 sanitizers (see table below) |
| 3 | is_source config name | List.exists checking source_name |
| 4 | find_sink config name | List.find_opt checking sink_name |
| 5 | find_sanitizer config name | List.find_opt checking sanitizer_name |
| 6 | sink_checks_param sink idx | Compare sink.sink_param_index to idx |
| 7 | sanitizer_cleans san vuln_type | List.mem vuln_type san.sanitizer_cleans |
| 8 | add_source config source | Prepend to config.sources |
| 9 | add_sink config sink | Prepend to config.sinks |
| 10 | add_sanitizer config san | Prepend to config.sanitizers |
The default web config
| Sources | Sinks (param 0) | Sanitizers |
|---|---|---|
get_param | exec_query (sql-injection) | escape_sql (cleans: sql-injection) |
read_cookie | send_response (xss) | html_encode (cleans: xss) |
read_input | exec_cmd (command-injection) | shell_escape (cleans: command-injection) |
read_file | open_file (path-traversal) | validate_path (cleans: path-traversal) |
get_header | redirect (open-redirect) | validate_url (cleans: open-redirect) |
All sinks check parameter index 0. Each sanitizer cleans exactly one vulnerability type.
Run tests
dune runtest modules/module5-security-analysis/exercises/security-config/
Starter output (before any implementation):
Fatal error: exception Failure("TODO: return empty config")
The test framework calls empty_config first. Once you implement it and
default_web_config, the lookup tests will start running. Build up the config
step by step.
Hint: The tests check exact string values for sink_vuln_type (e.g.
"sql-injection", not "SQLi"). Match the strings in the table above exactly.
Starter Files
Test Files
Work on this exercise locally
This web app is a reference guide — you can read instructions, browse starter code, and view tests here. To actually complete the exercise, you need to work in your local development environment.
git clone https://github.com/weihaoqu/program-analysis-bootcamp-studentfailwith "TODO" with your implementation.dune runtest modules/module5-security-analysis/exercises/security-configSecurity Config
4. Exercise 2: Security Config (17 tests)
Goal: Define a security configuration with sources, sinks, sanitizers, and lookup/mutation helpers.
Time: ~20 minutes
File to edit: exercises/security-config/starter/config.ml
Dependencies: shared_ast
The configuration types
These record types are pre-defined:
type source = { source_name: string; source_description: string }
type sink = { sink_name: string; sink_param_index: int;
sink_vuln_type: string; sink_description: string }
type sanitizer = { sanitizer_name: string; sanitizer_cleans: string list;
sanitizer_description: string }
type security_config = { sources: source list; sinks: sink list;
sanitizers: sanitizer list }
What to implement (in order)
| # | Function | Hint |
|---|---|---|
| 1 | empty_config | All three lists empty |
| 2 | default_web_config | Build the full config with 5 sources, 5 sinks, 5 sanitizers (see table below) |
| 3 | is_source config name | List.exists checking source_name |
| 4 | find_sink config name | List.find_opt checking sink_name |
| 5 | find_sanitizer config name | List.find_opt checking sanitizer_name |
| 6 | sink_checks_param sink idx | Compare sink.sink_param_index to idx |
| 7 | sanitizer_cleans san vuln_type | List.mem vuln_type san.sanitizer_cleans |
| 8 | add_source config source | Prepend to config.sources |
| 9 | add_sink config sink | Prepend to config.sinks |
| 10 | add_sanitizer config san | Prepend to config.sanitizers |
The default web config
| Sources | Sinks (param 0) | Sanitizers |
|---|---|---|
get_param | exec_query (sql-injection) | escape_sql (cleans: sql-injection) |
read_cookie | send_response (xss) | html_encode (cleans: xss) |
read_input | exec_cmd (command-injection) | shell_escape (cleans: command-injection) |
read_file | open_file (path-traversal) | validate_path (cleans: path-traversal) |
get_header | redirect (open-redirect) | validate_url (cleans: open-redirect) |
All sinks check parameter index 0. Each sanitizer cleans exactly one vulnerability type.
Run tests
dune runtest modules/module5-security-analysis/exercises/security-config/
Starter output (before any implementation):
Fatal error: exception Failure("TODO: return empty config")
The test framework calls empty_config first. Once you implement it and
default_web_config, the lookup tests will start running. Build up the config
step by step.
Hint: The tests check exact string values for sink_vuln_type (e.g.
"sql-injection", not "SQLi"). Match the strings in the table above exactly.