darcs-2.9.1: a distributed, interactive, smart revision control system

Safe HaskellSafe-Infered





data FileName

FileName is an abstract type intended to facilitate the input and output of unicode filenames.


Eq FileName 
Ord FileName 
Show FileName 
MonadProgress RestrictedApply 
MonadProgress FilePathMonad 
FilePathLike FileName 
FilePathOrURL FileName 
ApplyMonad RestrictedApply Tree 
ApplyMonad FilePathMonad Tree 

fp2fn :: FilePath -> FileName

fn2fp :: FileName -> FilePath

fn2ps :: FileName -> ByteString

ps2fn :: ByteString -> FileName

niceps2fn :: ByteString -> FileName

fn2niceps :: FileName -> ByteString

encodeWhite :: FilePath -> String

encodeWhite translates whitespace in filenames to a darcs-specific format (numerical representation according to ord surrounded by backslashes). Note that backslashes are also escaped since they are used in the encoding.

 encodeWhite "hello there" == "hello\32\there"
 encodeWhite "hello\there" == "hello\92\there"

decodeWhite :: String -> FilePath

decodeWhite interprets the Darcs-specific "encoded" filenames produced by encodeWhite

 decodeWhite "hello\32\there"  == "hello there"
 decodeWhite "hello\92\there"  == "hello\there"
 decodeWhite "hello\there"   == error "malformed filename"

breakup :: String -> [String]

Split a file path at the slashes


makeAbsolute :: AbsolutePath -> FilePath -> AbsolutePath

Take an absolute path and a string representing a (possibly relative) path and combine them into an absolute path. If the second argument is already absolute, then the first argument gets ignored. This function also takes care that the result is converted to Posix convention and normalized. Also, parent directories ("..") at the front of the string argument get canceled out against trailing directory parts of the absolute path argument.

Regarding the last point, someone more familiar with how these functions are used should verify that this is indeed necessary or at least useful.

ioAbsolute :: FilePath -> IO AbsolutePath

Interpret a possibly relative path wrt the current working directory.

rootDirectory :: AbsolutePath

The root directory as an absolute path.


data AbsolutePathOrStd

This is for situations where a string (e.g. a command line argument) may take the value "-" to mean stdin or stdout (which one depends on context) instead of a normal file path.

useAbsoluteOrStd :: (AbsolutePath -> a) -> a -> AbsolutePathOrStd -> a

Execute either the first or the second argument action, depending on whether the given path is an AbsolutePath or stdin/stdout.



data SubPath

Paths which are relative to the local darcs repository and normalized. Note: These are understood not to have the dot in front.

makeSubPathOf :: AbsolutePath -> AbsolutePath -> Maybe SubPath

Make the second path relative to the first, if possible

simpleSubPath :: FilePath -> Maybe SubPath


class FilePathOrURL a => FilePathLike a where


toFilePath :: a -> FilePath

Check for malicious paths

isMaliciousPath :: String -> Bool

What is a malicious path?

A spoofed path is a malicious path.

  1. Darcs only creates explicitly relative paths (beginning with "./"), so any not explicitly relative path is surely spoofed.
  2. Darcs normalizes paths so they never contain "/../", so paths with "/../" are surely spoofed.

A path to a darcs repository's meta data can modify "trusted" patches or change safety defaults in that repository, so we check for paths containing "/_darcs/" which is the entry to darcs meta data.

To do?

  • How about get repositories?
  • Would it be worth adding a --semi-safe-paths option for allowing changes to certain preference files (_darcs/prefs/) in sub repositories'?

isMaliciousSubPath :: String -> Bool

Warning : this is less rigorous than isMaliciousPath but it's to allow for subpath representations that don't start with ./