[Hackage] #194: add sanity checking to version numbers

Hackage trac at galois.com
Tue Jan 22 14:10:21 EST 2008


#194: add sanity checking to version numbers
----------------------------+-----------------------------------------------
  Reporter:  duncan         |        Owner:                     
      Type:  defect         |       Status:  new                
  Priority:  normal         |    Milestone:                     
 Component:  Cabal library  |      Version:  1.2.3.0            
  Severity:  normal         |   Resolution:                     
  Keywords:                 |   Difficulty:  very easy (<1 hour)
Ghcversion:  6.8.1          |     Platform:  Linux              
----------------------------+-----------------------------------------------
Comment (by duncan):

 Turns out that there are zero packages in hackage with this kind of dodgy
 version number. So instead of warning we could just make it a parse error
 without much worry about breaking old packages. That'd be a good deal
 simpler.

 I tested with a little script `foo.hs`:
 {{{
 import Distribution.Version
 import Data.Char

 main = do
   ls <- return . lines =<< getContents
   print [ l
         | l <- ls
         , let l' = dropWhile isSpace l
         , show (readVersion l') == l' ]
 }}}
 and
 {{{
 $ tar -xf 00-index.tar
 $ ls */*/*.cabal | wc -l
 697
 $ grep -ilh '^version:' */*/*.cabal | cut -d: -f 2 > versions
 $ wc -l versions
 697
 $ ./foo < vers
 []
 }}}

 So we could make the version parser stricter. Something like this untested
 code:

 {{{
 parseVersion = do branch <- sepBy1 digits (char '.')
                   tags   <- many (char '-' >> munch1 isAlphaNum)
                   return Version{versionBranch=branch, versionTags=tags}
   where
 -    digits   = liftM read $ munch1 isDigit
 +    digits   = do leading <- satisfy isDigit
 +                  if leading == '0'
 +                    then return 0
 +                    else do remaining <- munch isDigit
 +                            return (read (leading : remaining))
 }}}

 ie only allow numbers

-- 
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/194#comment:1>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects


More information about the cabal-devel mailing list