Sophie

Sophie

distrib > Fedora > 18 > i386 > by-pkgid > db7a4a658d190b3e658423135710c498 > files > 1019

ghc-darcs-devel-2.8.3-1.fc18.i686.rpm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- Generated by HsColour, http://code.haskell.org/~malcolm/hscolour/ -->
<title>src/Darcs/CommandsAux.hs</title>
<link type='text/css' rel='stylesheet' href='hscolour.css' />
</head>
<body>
<pre><a name="line-1"></a><span class='hs-comment'>-- Copyright (C) 2006 Tommy Pettersson &lt;ptp@lysator.liu.se&gt;</span>
<a name="line-2"></a><span class='hs-comment'>--</span>
<a name="line-3"></a><span class='hs-comment'>-- This program is free software; you can redistribute it and/or modify</span>
<a name="line-4"></a><span class='hs-comment'>-- it under the terms of the GNU General Public License as published by</span>
<a name="line-5"></a><span class='hs-comment'>-- the Free Software Foundation; either version 2, or (at your option)</span>
<a name="line-6"></a><span class='hs-comment'>-- any later version.</span>
<a name="line-7"></a><span class='hs-comment'>--</span>
<a name="line-8"></a><span class='hs-comment'>-- This program is distributed in the hope that it will be useful,</span>
<a name="line-9"></a><span class='hs-comment'>-- but WITHOUT ANY WARRANTY; without even the implied warranty of</span>
<a name="line-10"></a><span class='hs-comment'>-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the</span>
<a name="line-11"></a><span class='hs-comment'>-- GNU General Public License for more details.</span>
<a name="line-12"></a><span class='hs-comment'>--</span>
<a name="line-13"></a><span class='hs-comment'>-- You should have received a copy of the GNU General Public License</span>
<a name="line-14"></a><span class='hs-comment'>-- along with this program; see the file COPYING.  If not, write to</span>
<a name="line-15"></a><span class='hs-comment'>-- the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,</span>
<a name="line-16"></a><span class='hs-comment'>-- Boston, MA 02110-1301, USA.</span>
<a name="line-17"></a>
<a name="line-18"></a><span class='hs-comment'>{-# LANGUAGE CPP #-}</span>
<a name="line-19"></a>
<a name="line-20"></a><span class='hs-cpp'>#include "gadts.h"</span>
<a name="line-21"></a>
<a name="line-22"></a><span class='hs-keyword'>module</span> <span class='hs-conid'>Darcs</span><span class='hs-varop'>.</span><span class='hs-conid'>CommandsAux</span> <span class='hs-layout'>(</span> <span class='hs-varid'>checkPaths</span><span class='hs-layout'>,</span> <span class='hs-varid'>maliciousPatches</span><span class='hs-layout'>,</span> <span class='hs-varid'>hasMaliciousPath</span><span class='hs-layout'>,</span>
<a name="line-23"></a>                           <span class='hs-varid'>isMaliciousPath</span><span class='hs-layout'>,</span> <span class='hs-varid'>isMaliciousSubPath</span><span class='hs-layout'>,</span>
<a name="line-24"></a>                        <span class='hs-layout'>)</span> <span class='hs-keyword'>where</span>
<a name="line-25"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Darcs</span><span class='hs-varop'>.</span><span class='hs-conid'>Flags</span> <span class='hs-layout'>(</span> <span class='hs-conid'>DarcsFlag</span><span class='hs-layout'>(</span> <span class='hs-conid'>RestrictPaths</span><span class='hs-layout'>,</span> <span class='hs-conid'>DontRestrictPaths</span> <span class='hs-layout'>)</span> <span class='hs-layout'>)</span>
<a name="line-26"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Darcs</span><span class='hs-varop'>.</span><span class='hs-conid'>Patch</span> <span class='hs-layout'>(</span> <span class='hs-conid'>Patchy</span><span class='hs-layout'>,</span> <span class='hs-varid'>listTouchedFiles</span> <span class='hs-layout'>)</span>
<a name="line-27"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Darcs</span><span class='hs-varop'>.</span><span class='hs-conid'>Witnesses</span><span class='hs-varop'>.</span><span class='hs-conid'>Ordered</span> <span class='hs-layout'>(</span> <span class='hs-conid'>FL</span><span class='hs-layout'>,</span> <span class='hs-varid'>mapFL</span> <span class='hs-layout'>)</span>
<a name="line-28"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Darcs</span><span class='hs-varop'>.</span><span class='hs-conid'>Witnesses</span><span class='hs-varop'>.</span><span class='hs-conid'>Sealed</span> <span class='hs-layout'>(</span> <span class='hs-conid'>Sealed2</span><span class='hs-layout'>(</span><span class='hs-keyglyph'>..</span><span class='hs-layout'>)</span><span class='hs-layout'>,</span> <span class='hs-varid'>unseal2</span> <span class='hs-layout'>)</span>
<a name="line-29"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Darcs</span><span class='hs-varop'>.</span><span class='hs-conid'>Global</span> <span class='hs-layout'>(</span> <span class='hs-varid'>darcsdir</span> <span class='hs-layout'>)</span>
<a name="line-30"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>List</span> <span class='hs-layout'>(</span> <span class='hs-varid'>intersect</span> <span class='hs-layout'>)</span>
<a name="line-31"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>System</span><span class='hs-varop'>.</span><span class='hs-conid'>FilePath</span> <span class='hs-layout'>(</span> <span class='hs-varid'>splitDirectories</span><span class='hs-layout'>,</span> <span class='hs-varid'>isRelative</span> <span class='hs-layout'>)</span>
<a name="line-32"></a>
<a name="line-33"></a><span class='hs-comment'>-- * File paths</span>
<a name="line-34"></a><span class='hs-comment'>{-
<a name="line-35"></a>  Darcs will operate on files and directories with the invoking user's
<a name="line-36"></a>  privileges. The paths for these files and directories are stored in
<a name="line-37"></a>  patches, which darcs receives in various ways. Even though darcs will not
<a name="line-38"></a>  create patches with "unexpected" file paths, there are no such guarantees
<a name="line-39"></a>  for received patches. A spoofed patch could inflict changes on any file
<a name="line-40"></a>  or directory which the invoking user is privileged to modify.
<a name="line-41"></a>
<a name="line-42"></a>  There is no one single "apply" function that can check paths, so each
<a name="line-43"></a>  command is responsible for not applying patches without first checking
<a name="line-44"></a>  them with one of these function when appropriate.
<a name="line-45"></a>-}</span>
<a name="line-46"></a>
<a name="line-47"></a><a name="checkPaths"></a><span class='hs-comment'>{- |
<a name="line-48"></a>  A convenience function to call from all darcs command functions before
<a name="line-49"></a>  applying any patches. It checks for malicious paths in patches, and
<a name="line-50"></a>  prints an error message and fails if it finds one.
<a name="line-51"></a>-}</span>
<a name="line-52"></a><span class='hs-definition'>checkPaths</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Patchy</span> <span class='hs-varid'>p</span> <span class='hs-keyglyph'>=&gt;</span> <span class='hs-keyglyph'>[</span><span class='hs-conid'>DarcsFlag</span><span class='hs-keyglyph'>]</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>FL</span> <span class='hs-varid'>p</span> <span class='hs-conid'>C</span><span class='hs-layout'>(</span><span class='hs-varid'>x</span> <span class='hs-varid'>y</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>IO</span> <span class='hs-conid'>()</span>
<a name="line-53"></a><span class='hs-definition'>checkPaths</span> <span class='hs-varid'>opts</span> <span class='hs-varid'>patches</span>
<a name="line-54"></a>  <span class='hs-keyglyph'>=</span> <span class='hs-keyword'>if</span> <span class='hs-varid'>check_is_on</span>  <span class='hs-varop'>&amp;&amp;</span> <span class='hs-varid'>or</span> <span class='hs-layout'>(</span><span class='hs-varid'>mapFL</span> <span class='hs-varid'>hasMaliciousPath</span> <span class='hs-varid'>patches</span><span class='hs-layout'>)</span>
<a name="line-55"></a>      <span class='hs-keyword'>then</span> <span class='hs-varid'>fail</span> <span class='hs-varop'>$</span> <span class='hs-varid'>unlines</span> <span class='hs-varop'>$</span> <span class='hs-keyglyph'>[</span><span class='hs-str'>"Malicious path in patch:"</span><span class='hs-keyglyph'>]</span> <span class='hs-varop'>++</span>
<a name="line-56"></a>                            <span class='hs-layout'>(</span><span class='hs-varid'>map</span> <span class='hs-layout'>(</span><span class='hs-keyglyph'>\</span><span class='hs-varid'>s</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-str'>"    "</span> <span class='hs-varop'>++</span> <span class='hs-varid'>s</span><span class='hs-layout'>)</span> <span class='hs-varop'>$</span> <span class='hs-varid'>concat</span> <span class='hs-varop'>$</span> <span class='hs-varid'>mapFL</span> <span class='hs-varid'>maliciousPaths</span> <span class='hs-varid'>patches</span><span class='hs-layout'>)</span> <span class='hs-varop'>++</span>
<a name="line-57"></a>                            <span class='hs-keyglyph'>[</span><span class='hs-str'>""</span><span class='hs-layout'>,</span> <span class='hs-str'>"If you are sure this is ok then you can run again with the --dont-restrict-paths option."</span><span class='hs-keyglyph'>]</span>
<a name="line-58"></a>           <span class='hs-comment'>-- TODO: print patch(es)</span>
<a name="line-59"></a>           <span class='hs-comment'>-- NOTE: should use safe Doc printer, this can be evil chars</span>
<a name="line-60"></a>      <span class='hs-keyword'>else</span> <span class='hs-varid'>return</span> <span class='hs-conid'>()</span>
<a name="line-61"></a> <span class='hs-keyword'>where</span>
<a name="line-62"></a>    <span class='hs-varid'>check_is_on</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>DontRestrictPaths</span> <span class='hs-varop'>`notElem`</span> <span class='hs-varid'>opts</span>  <span class='hs-varop'>||</span>
<a name="line-63"></a>                  <span class='hs-conid'>RestrictPaths</span>        <span class='hs-varop'>`elem`</span> <span class='hs-varid'>opts</span>
<a name="line-64"></a>
<a name="line-65"></a><a name="maliciousPatches"></a><span class='hs-comment'>-- | Filter out patches that contains some malicious file path</span>
<a name="line-66"></a><span class='hs-definition'>maliciousPatches</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Patchy</span> <span class='hs-varid'>p</span> <span class='hs-keyglyph'>=&gt;</span> <span class='hs-keyglyph'>[</span><span class='hs-conid'>Sealed2</span> <span class='hs-varid'>p</span><span class='hs-keyglyph'>]</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-keyglyph'>[</span><span class='hs-conid'>Sealed2</span> <span class='hs-varid'>p</span><span class='hs-keyglyph'>]</span>
<a name="line-67"></a><span class='hs-definition'>maliciousPatches</span> <span class='hs-varid'>to_check</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>filter</span> <span class='hs-layout'>(</span><span class='hs-varid'>unseal2</span> <span class='hs-varid'>hasMaliciousPath</span><span class='hs-layout'>)</span> <span class='hs-varid'>to_check</span>
<a name="line-68"></a>
<a name="line-69"></a><a name="hasMaliciousPath"></a><span class='hs-definition'>hasMaliciousPath</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Patchy</span> <span class='hs-varid'>p</span> <span class='hs-keyglyph'>=&gt;</span> <span class='hs-varid'>p</span> <span class='hs-conid'>C</span><span class='hs-layout'>(</span><span class='hs-varid'>x</span> <span class='hs-varid'>y</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Bool</span>
<a name="line-70"></a><span class='hs-definition'>hasMaliciousPath</span> <span class='hs-varid'>patch</span> <span class='hs-keyglyph'>=</span>
<a name="line-71"></a>    <span class='hs-keyword'>case</span> <span class='hs-varid'>maliciousPaths</span> <span class='hs-varid'>patch</span> <span class='hs-keyword'>of</span>
<a name="line-72"></a>      <span class='hs-conid'>[]</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>False</span>
<a name="line-73"></a>      <span class='hs-keyword'>_</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>True</span>
<a name="line-74"></a>
<a name="line-75"></a><a name="maliciousPaths"></a><span class='hs-definition'>maliciousPaths</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Patchy</span> <span class='hs-varid'>p</span> <span class='hs-keyglyph'>=&gt;</span> <span class='hs-varid'>p</span> <span class='hs-conid'>C</span><span class='hs-layout'>(</span><span class='hs-varid'>x</span> <span class='hs-varid'>y</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-keyglyph'>[</span><span class='hs-conid'>String</span><span class='hs-keyglyph'>]</span>
<a name="line-76"></a><span class='hs-definition'>maliciousPaths</span> <span class='hs-varid'>patch</span> <span class='hs-keyglyph'>=</span>
<a name="line-77"></a>  <span class='hs-keyword'>let</span> <span class='hs-varid'>paths</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>listTouchedFiles</span> <span class='hs-varid'>patch</span> <span class='hs-keyword'>in</span>
<a name="line-78"></a>    <span class='hs-varid'>filter</span> <span class='hs-varid'>isMaliciousPath</span> <span class='hs-varid'>paths</span>
<a name="line-79"></a>
<a name="line-80"></a><a name="isMaliciousPath"></a><span class='hs-comment'>{-|
<a name="line-81"></a>  What is a malicious path?
<a name="line-82"></a>
<a name="line-83"></a>  A spoofed path is a malicious path.
<a name="line-84"></a>
<a name="line-85"></a>  1. Darcs only creates explicitly relative paths (beginning with @\".\/\"@),
<a name="line-86"></a>     so any not explicitly relative path is surely spoofed.
<a name="line-87"></a>
<a name="line-88"></a>  2. Darcs normalizes paths so they never contain @\"\/..\/\"@, so paths with
<a name="line-89"></a>     @\"\/..\/\"@ are surely spoofed.
<a name="line-90"></a>
<a name="line-91"></a>  A path to a darcs repository's meta data can modify \"trusted\" patches or
<a name="line-92"></a>  change safety defaults in that repository, so we check for paths
<a name="line-93"></a>  containing @\"\/_darcs\/\"@ which is the entry to darcs meta data.
<a name="line-94"></a>
<a name="line-95"></a>  To do?
<a name="line-96"></a>
<a name="line-97"></a>  * How about get repositories?
<a name="line-98"></a>
<a name="line-99"></a>  * Would it be worth adding a --semi-safe-paths option for allowing
<a name="line-100"></a>    changes to certain preference files (_darcs\/prefs\/) in sub
<a name="line-101"></a>    repositories'?
<a name="line-102"></a>-}</span>
<a name="line-103"></a><span class='hs-definition'>isMaliciousPath</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>String</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Bool</span>
<a name="line-104"></a><span class='hs-definition'>isMaliciousPath</span> <span class='hs-varid'>fp</span> <span class='hs-keyglyph'>=</span>
<a name="line-105"></a>    <span class='hs-varid'>not</span> <span class='hs-layout'>(</span><span class='hs-varid'>isExplicitlyRelative</span> <span class='hs-varid'>fp</span><span class='hs-layout'>)</span> <span class='hs-varop'>||</span> <span class='hs-varid'>isGenerallyMalicious</span> <span class='hs-varid'>fp</span>
<a name="line-106"></a>
<a name="line-107"></a><a name="isMaliciousSubPath"></a><span class='hs-comment'>-- | Warning : this is less rigorous than isMaliciousPath</span>
<a name="line-108"></a><span class='hs-comment'>--   but it's to allow for subpath representations that</span>
<a name="line-109"></a><span class='hs-comment'>--   don't start with ./</span>
<a name="line-110"></a><span class='hs-definition'>isMaliciousSubPath</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>String</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Bool</span>
<a name="line-111"></a><span class='hs-definition'>isMaliciousSubPath</span> <span class='hs-varid'>fp</span> <span class='hs-keyglyph'>=</span>
<a name="line-112"></a>    <span class='hs-varid'>not</span> <span class='hs-layout'>(</span><span class='hs-varid'>isRelative</span> <span class='hs-varid'>fp</span><span class='hs-layout'>)</span> <span class='hs-varop'>||</span> <span class='hs-varid'>isGenerallyMalicious</span> <span class='hs-varid'>fp</span>
<a name="line-113"></a>
<a name="line-114"></a><a name="isGenerallyMalicious"></a><span class='hs-definition'>isGenerallyMalicious</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>String</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Bool</span>
<a name="line-115"></a><span class='hs-definition'>isGenerallyMalicious</span> <span class='hs-varid'>fp</span> <span class='hs-keyglyph'>=</span>
<a name="line-116"></a>    <span class='hs-varid'>splitDirectories</span> <span class='hs-varid'>fp</span> <span class='hs-varop'>`contains_any`</span> <span class='hs-keyglyph'>[</span> <span class='hs-str'>".."</span><span class='hs-layout'>,</span> <span class='hs-varid'>darcsdir</span> <span class='hs-keyglyph'>]</span>
<a name="line-117"></a> <span class='hs-keyword'>where</span>
<a name="line-118"></a>    <span class='hs-varid'>contains_any</span> <span class='hs-varid'>a</span> <span class='hs-varid'>b</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>not</span> <span class='hs-varop'>.</span> <span class='hs-varid'>null</span> <span class='hs-varop'>$</span> <span class='hs-varid'>intersect</span> <span class='hs-varid'>a</span> <span class='hs-varid'>b</span>
<a name="line-119"></a>
<a name="line-120"></a><a name="isExplicitlyRelative"></a><span class='hs-definition'>isExplicitlyRelative</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>String</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Bool</span>
<a name="line-121"></a><span class='hs-definition'>isExplicitlyRelative</span> <span class='hs-layout'>(</span><span class='hs-chr'>'.'</span><span class='hs-conop'>:</span><span class='hs-chr'>'/'</span><span class='hs-conop'>:</span><span class='hs-keyword'>_</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>True</span>  <span class='hs-comment'>-- begins with "./"</span>
<a name="line-122"></a><span class='hs-definition'>isExplicitlyRelative</span> <span class='hs-keyword'>_</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>False</span>
</pre></body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional