[darcs-devel] darcs patch: add function for finding all file names
... (and 4 more)
ptp at lysator.liu.se
ptp at lysator.liu.se
Fri Nov 10 14:00:19 PST 2006
I was implementing an option to turn off the malicious file path
check, for (if nothing else) backward compatibility with older
versions (or more exactly, how they are sometimes used). Then I
discovered that the check is not working properly, and that a
proper way of doing the check is not so easy to implement.
The main problem with the old way is the apply function in
PatchApply is not the only "entry point" to applying patches.
There doesn't seem to be a clean interface for patch applying
functions at all. A better way would of course be to put the
check in the writing functions, but I'm not so familiar with
that code. I couldn't spot a structure that showed which
functions to do the check in. But I remember something from when
this problem was discussed the first time about doing it in the
Slurpy. Any ideas? Another possibility is to do it in PatchRead,
but the opts argument is not (yet) propagated to those
functions, and the discussed state monad would be a much nicer
way to do that.
So I invented another solution, which turned out to be maybe not
so great after all. I wrote functions for testing a bunch of
patches, and intended to call them from all appropriate darcs
commands on patches before applying them. The last part was not
so easy. The problem is that really _all_ read patches need to
be checked, including pending and unrevert, and much of that
reading and applying goes on in deep function calls.
But anyway, this submission is a sort of minimal but much more
appropriate malicious path check. It unfortunately only checks
remote patches fetched with Apply or Pull, but it does check
them reliably. I would like to also check Get, or at least
Check. I tried with Check, but it made darcs silent for a too
long time, so some kind of progression feedback is needed. It
also needs a better way to inform the user what went wrong,
instead of the cryptic fail message "Malicious path".
But most of all, this is on/off-toggable, so that those who need
to turn the check off can upgrade, and therefore I'd want it to
go into the upcoming stable release. And I have time for darcs
hacking now, so please demand improvements. :-)
Thu Nov 9 15:41:44 CET 2006 Tommy Pettersson <ptp at lysator.liu.se>
* add function for finding all file names in a patch
Fri Nov 10 14:23:38 CET 2006 Tommy Pettersson <ptp at lysator.liu.se>
* add new malicious file path check system
Adds a new module DarcsCommandsAux for auxiliary functionality common to
more than one darcs command.
Fri Nov 10 21:55:11 CET 2006 Tommy Pettersson <ptp at lysator.liu.se>
* fix latex markup error
Fri Nov 10 22:17:02 CET 2006 Tommy Pettersson <ptp at lysator.liu.se>
* use new malicious file path check in pull and apply (issue177)
Fri Nov 10 22:17:57 CET 2006 Tommy Pettersson <ptp at lysator.liu.se>
* remove old malicious_filename check (issue177)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 14617 bytes
Desc: A darcs patch for your repository!
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20061110/45c7fb65/attachment.bin
More information about the darcs-devel
mailing list