From 3e059e26605946ad6501e756ff4b852a3147deaf Mon Sep 17 00:00:00 2001
From: gilch <gilch@users.noreply.github.com>
Date: Sun, 28 May 2023 18:11:29 -0600
Subject: [PATCH] Use a mock sentinel for MARK instead of a gensym

Gensyms just resolve to strings, and shouldn't be used literally anywhere they might collide with adversarial input, which commonly come in the form of unsanitized strings. User input could theoretically change where a MARK is, altering behavior.

sentinels normally shouldn't be used outside of tests, but the standalone property limits my options. At run time a simple `object()` would do, but unpickling the same object() created at read time twice wouldn't preserve equality in this case. A sentinel can do that.

I've used getattr to create a sentinel with a non-identifier string, which are almost never used, so this is unlikely to interfere with tests. For good measure, I prepended `hissp.` to the `]` as a namespace.
---
 src/hissp/macros.lissp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/hissp/macros.lissp b/src/hissp/macros.lissp
index 82869540..9b41cbd4 100644
--- a/src/hissp/macros.lissp
+++ b/src/hissp/macros.lissp
@@ -2039,9 +2039,9 @@ except ModuleNotFoundError:pass"
   ``@`` ROLL (default depth 2)
      Pops (at depth) and pushes.
   ``]`` MARK (default depth 0)
-     Inserts a sentinel gensym for PACK (at depth).
+     Inserts a sentinel object for PACK (at depth).
   ``[`` PACK
-     Pops to the first sentinel and pushes as tuple.
+     Pops to the first MARK and pushes as tuple.
      With depth, looks tuple up on the next element.
   ``*`` SPLAT
      Pops (at depth) and pushes elements.
@@ -2244,12 +2244,14 @@ except ModuleNotFoundError:pass"
                      .#"&" `(.append ,'$#stack (,'XY#.#"X[-1-Y]" ,'$#stack ,(depth Y)))
                      .#"@" `(.append ,'$#stack (.pop ,'$#stack ,(op#sub -2 (depth Y))))
                      .#"[" `(.append ,'$#stack
-                                     (-<>> (tuple (iter ,'$#stack.pop ','$#\]))
+                                     (-<>> (tuple (iter ,'$#stack.pop
+                                                        (getattr unittest.mock..sentinel
+                                                                 "hissp.]")))
                                            ,@(when Y `(op#itemgetter
                                                        (:<> (,'$#stack.pop))))))
                      .#"]" `(.insert ,'$#stack
                                      (op#sub (len ,'$#stack) ,(depth Y))
-                                     ','$#\])
+                                     (getattr unittest.mock..sentinel "hissp.]"))
                      .#"*" `(.extend ,'$#stack
                                      (reversed (tuple (.pop ,'$#stack
                                                             ,(op#sub -1 (depth Y))))))