> - Automatically scanning for insecure configurations (eg. OpenSCAP)
Since the language can't access the outside world, the worst it can do is use unbounded space or time. Just verify that it halts in a couple ms.
> - Parsing the configuration in other programs.
You don't parse, you embed an interpreter and execute.
> - Modifying the configuration programmatically (cf. Puppet et al)
Code generation isn't that hard.
> - Automatically scanning for insecure configurations (eg. OpenSCAP)
Since the language can't access the outside world, the worst it can do is use unbounded space or time. Just verify that it halts in a couple ms.
> - Parsing the configuration in other programs.
You don't parse, you embed an interpreter and execute.
> - Modifying the configuration programmatically (cf. Puppet et al)
Code generation isn't that hard.