darcs-2.5.2: a distributed, interactive, smart revision control system




checkPaths :: Patchy p => [DarcsFlag] -> FL p -> IO ()Source

A convenience function to call from all darcs command functions before applying any patches. It checks for malicious paths in patches, and prints an error message and fails if it finds one.

maliciousPatches :: Patchy p => [Sealed2 p] -> [Sealed2 p]Source

Filter out patches that contains some malicious file path

isMaliciousPath :: String -> BoolSource

What is a malicious path?

A spoofed path is a malicious path.

  1. Darcs only creates explicitly relative paths (beginning with "./"), so any not explicitly relative path is surely spoofed.
  2. Darcs normalizes paths so they never contain "/../", so paths with "/../" are surely spoofed.

A path to a darcs repository's meta data can modify "trusted" patches or change safety defaults in that repository, so we check for paths containing "/_darcs/" which is the entry to darcs meta data.

To do?

  • How about get repositories?
  • Would it be worth adding a --semi-safe-paths option for allowing changes to certain preference files (_darcs/prefs/) in sub repositories'?

isMaliciousSubPath :: String -> BoolSource

Warning : this is less rigorous than isMaliciousPath but it's to allow for subpath representations that don't start with ./