Is anyone else bothered by the fact that the grammar requires backtracking?
Specifically, because a domain-spec can include forward slashes, and because
some of the terms allow cidr masks after a domain-spec, you have to support
backtracking.
Frankly I'm not sure I want to bother supporting this. I use Ragel to parse
the policies, which is a pure regular langage parser generator. I could use
Ragel's scanner feature, or just hack the support, but as a general rule I
don't like backtracking grammars for untrusted input.
Perhaps it would have been wise to have included a %-encoded forward-slash,
as was done for spaces.
Anybody open to such an amendment?
My asynchronous spf.c library passes 90% of the 2009.10 OpenSPF test suite
(I can't yet simulate timeouts to pass the TempError tests). Many, many
thanks to those who put in the time and effort to write those test
specifications.
I gratuitously wrote an RFC 1035 master file parser and composer in C (w/
Ragel), and am of course parsing the YAML tests from C (w/ libyaml). So if
anybody was waiting for the ability to generate zone files from the test
suite, it's all but done--rfc4408-tests.c in my regress/ directory already
spits out the zones files, the code would just need to be tweaked to output
them in a more useful manner than as part of the debug output for failed
tests.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com
Specifically, because a domain-spec can include forward slashes, and because
some of the terms allow cidr masks after a domain-spec, you have to support
backtracking.
Frankly I'm not sure I want to bother supporting this. I use Ragel to parse
the policies, which is a pure regular langage parser generator. I could use
Ragel's scanner feature, or just hack the support, but as a general rule I
don't like backtracking grammars for untrusted input.
Perhaps it would have been wise to have included a %-encoded forward-slash,
as was done for spaces.
Anybody open to such an amendment?
My asynchronous spf.c library passes 90% of the 2009.10 OpenSPF test suite
(I can't yet simulate timeouts to pass the TempError tests). Many, many
thanks to those who put in the time and effort to write those test
specifications.
I gratuitously wrote an RFC 1035 master file parser and composer in C (w/
Ragel), and am of course parsing the YAML tests from C (w/ libyaml). So if
anybody was waiting for the ability to generate zone files from the test
suite, it's all but done--rfc4408-tests.c in my regress/ directory already
spits out the zones files, the code would just need to be tweaked to output
them in a more useful manner than as part of the debug output for failed
tests.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com