Thu Oct 08 22:17:38+0200 2020
a7f79b1
Make distinct types for files and strings As the documentation suggests, the argument may either be a file or a string. If the "file" type is a filename, there is no way to distinguish them, except at the exact time of running the function, if there happens to be a file with the given name. This is harmful, because a malicious document containing the file name of a sensitive file could leak the contents of the sensitive file. If we use a port instead of a file name, it's better because we can't get a port by accident.
turtle/tordf.scm
| 517 | 517 | ||
| 518 | 518 | (define (turtle->rdf str-or-file base) | |
| 519 | 519 | (define str | |
| 520 | - | (cond | |
| 521 | - | ((file-exists? str-or-file) (call-with-input-file str-or-file get-string-all)) | |
| 522 | - | ((string? str-or-file) str-or-file))) | |
| 523 | - | ||
| 520 | + | (cond ((port? str-or-file) (get-string-all str-or-file)) | |
| 521 | + | ((string? str-or-file) str-or-file))) | |
| 524 | 522 | (let ((parse-tree (parse-turtle str))) | |
| 525 | 523 | (tordf parse-tree base))) |