package ppx_netblob
Install
Dune Dependency
Authors
Maintainers
Sources
sha256=a7eefbd071366a6281d42aa92b156b9d5a2d7360e513b8c9051f43e9b4f49a4d
md5=322693a0a634e8077e0a3befe4313f43
README.md.html
ppx_netblob
OCaml ppx to include a binary blob from a URL as a string. Writing [%netblob "url"]
will replace the string with the result of sending an HTTP GET request to url
at compile time. This allows the inclusion of arbitary, possibly compressed, data, without the need to respect OCaml's lexical conventions. It should be noted that ppx_netblob
will interpret HTTP 301 responses, following the URL given in the response's Location
header, which is a possible security vulnerability (and emitting a warning). I would advise against using this in production code, since I haven't done a huge amount of research into how well cohttp
supports HTTPS, so I'm not sure if this is subject to security downgrading attacks.
To build
Requires OCaml 4.02 or above.
Run make
in the top directory. Then run make
in the examples
directory. Now run the quine
executable.
To install
Run make install
in the top directory once make
has been run.
To use
The basic (ill-advised) usage of ppx_netblob
involves loading a network resource into a string at compile-time, e.g.
let () =
print_endline [%netblob "https://goo.gl/nTD9Oc"]
is transformed into:
let () =
print_endline "Hello, World!"
It should be noted that this sort of usage presents a smorgasbord of potential problems for both security and basic usability, although superficial precautions have been taken to minimize such problems. For instance, compiling the example above would produce the following warning:
WARNING: received response code 301 MOVED PERMANENTLY to "https://gist.githubusercontent.com/chrismamo1/ca3210b8f503ecc3ec5b154ff39fb2b3/raw/0fb8245d996f93a0df1e20f94e7df6403c094f62/hello_world.txt" when requesting resource "https://goo.gl/nTD9Oc", this is probably a security vulnerability.
The more useful feature of ppx_netblob
involves building custom HTTP request functions at compile time, e.g.
open Lwt
let () =
let get_message = [%netblob { runtime = "https://goo.gl/nTD9Oc" }] in
Lwt_main.run (
get_message ()
>>= fun s ->
Lwt_io.printl s)
in this example, [%netblob { runtime = "https://goo.gl/nTD9Oc" }]
is expanded into a decently performant function which handles a few problematic cases. This feature is very incomplete, however, and users of this tool (when and if they start to exist) should not expect it to retain a consistent interface over the next few months.
TODO
Allow constraints to be placed on which parameters will be accepted when using the runtime netblob ppx, e.g.
[%netblob { runtime = "https://github.com/search" ; parameters = ["utf8"; "q"]}
Allow the user to place more security constraints when fetching a string at compile time