[Hackage] #194: add sanity checking to version numbers
Hackage
trac at galois.com
Tue Jan 22 14:10:21 EST 2008
#194: add sanity checking to version numbers
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Cabal library | Version: 1.2.3.0
Severity: normal | Resolution:
Keywords: | Difficulty: very easy (<1 hour)
Ghcversion: 6.8.1 | Platform: Linux
----------------------------+-----------------------------------------------
Comment (by duncan):
Turns out that there are zero packages in hackage with this kind of dodgy
version number. So instead of warning we could just make it a parse error
without much worry about breaking old packages. That'd be a good deal
simpler.
I tested with a little script `foo.hs`:
{{{
import Distribution.Version
import Data.Char
main = do
ls <- return . lines =<< getContents
print [ l
| l <- ls
, let l' = dropWhile isSpace l
, show (readVersion l') == l' ]
}}}
and
{{{
$ tar -xf 00-index.tar
$ ls */*/*.cabal | wc -l
697
$ grep -ilh '^version:' */*/*.cabal | cut -d: -f 2 > versions
$ wc -l versions
697
$ ./foo < vers
[]
}}}
So we could make the version parser stricter. Something like this untested
code:
{{{
parseVersion = do branch <- sepBy1 digits (char '.')
tags <- many (char '-' >> munch1 isAlphaNum)
return Version{versionBranch=branch, versionTags=tags}
where
- digits = liftM read $ munch1 isDigit
+ digits = do leading <- satisfy isDigit
+ if leading == '0'
+ then return 0
+ else do remaining <- munch isDigit
+ return (read (leading : remaining))
}}}
ie only allow numbers
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/194#comment:1>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list