From 294a7771d0e412efb27f2664f730b7755aeff731 Mon Sep 17 00:00:00 2001 From: Mikolaj Konarski Date: Wed, 29 Dec 2021 18:10:29 +0100 Subject: [PATCH 1/4] Update hackage-security.cabal to the newest version revised on Hackage --- hackage-security/hackage-security.cabal | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/hackage-security/hackage-security.cabal b/hackage-security/hackage-security.cabal index 9f73ffe3..82764b11 100644 --- a/hackage-security/hackage-security.cabal +++ b/hackage-security/hackage-security.cabal @@ -110,13 +110,13 @@ library Hackage.Security.Util.TypedEmbedded Prelude -- We support ghc 7.4 (bundled with Cabal 1.14) and up - build-depends: base >= 4.5 && < 4.15, + build-depends: base >= 4.5 && < 4.17, base16-bytestring >= 0.1.1 && < 1.1, base64-bytestring >= 1.0 && < 1.3, bytestring >= 0.9 && < 0.12, Cabal >= 1.14 && < 1.26 || >= 2.0 && < 2.6 - || >= 3.0 && < 3.4, + || >= 3.0 && < 3.8, containers >= 0.4 && < 0.7, ed25519 >= 0.0 && < 0.1, filepath >= 1.2 && < 1.5, @@ -127,7 +127,7 @@ library -- functionality, 0.5.0 changes type of serialise tar >= 0.5 && < 0.6, template-haskell >= 2.7 && < 2.17, - time >= 1.2 && < 1.10, + time >= 1.2 && < 1.11, transformers >= 0.3 && < 0.6, zlib >= 0.5 && < 0.7, -- whatever versions are bundled with ghc: @@ -252,21 +252,17 @@ test-suite TestSuite Cabal, containers, bytestring, + network-uri, tar, time, zlib - if flag(use-network-uri) - build-depends: network-uri - else - build-depends: network - -- dependencies exclusive to test-suite - build-depends: tasty == 1.2.*, + build-depends: tasty == 1.2.* || == 1.3.*, tasty-hunit == 0.10.*, tasty-quickcheck == 0.10.*, - QuickCheck >= 2.11 && <2.14, - aeson == 1.4.*, + QuickCheck >= 2.11 && <2.15, + aeson == 1.4.* || == 1.5.*, vector == 0.12.*, unordered-containers >=0.2.8.0 && <0.3, temporary >= 1.2 && < 1.4 From 4ed46e961a5d07e4d5393d514cc103940c9716e4 Mon Sep 17 00:00:00 2001 From: Mikolaj Konarski Date: Wed, 5 Jan 2022 01:14:09 +0100 Subject: [PATCH 2/4] Also permit newer time package versions --- hackage-security/hackage-security.cabal | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hackage-security/hackage-security.cabal b/hackage-security/hackage-security.cabal index 82764b11..57045a5f 100644 --- a/hackage-security/hackage-security.cabal +++ b/hackage-security/hackage-security.cabal @@ -127,7 +127,7 @@ library -- functionality, 0.5.0 changes type of serialise tar >= 0.5 && < 0.6, template-haskell >= 2.7 && < 2.17, - time >= 1.2 && < 1.11, + time >= 1.2 && < 1.13, transformers >= 0.3 && < 0.6, zlib >= 0.5 && < 0.7, -- whatever versions are bundled with ghc: From 65650b36c9e2c3f2b379bf7cba0d53644400e31d Mon Sep 17 00:00:00 2001 From: Mikolaj Konarski Date: Wed, 12 Jan 2022 23:46:00 +0100 Subject: [PATCH 3/4] Also bump the dep of template-haskell, catching up with @Bodigrim's revision --- hackage-security/hackage-security.cabal | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hackage-security/hackage-security.cabal b/hackage-security/hackage-security.cabal index 57045a5f..0e4da48e 100644 --- a/hackage-security/hackage-security.cabal +++ b/hackage-security/hackage-security.cabal @@ -1,6 +1,7 @@ cabal-version: 1.12 name: hackage-security version: 0.6.0.1 +x-revision: 9 synopsis: Hackage security library description: The hackage security library provides both server and @@ -126,7 +127,7 @@ library -- 0.4.2 introduces TarIndex, 0.4.4 introduces more -- functionality, 0.5.0 changes type of serialise tar >= 0.5 && < 0.6, - template-haskell >= 2.7 && < 2.17, + template-haskell >= 2.7 && < 2.19, time >= 1.2 && < 1.13, transformers >= 0.3 && < 0.6, zlib >= 0.5 && < 0.7, From 51643021c3a6a513b1c71751c7128107aed3d643 Mon Sep 17 00:00:00 2001 From: Mikolaj Konarski Date: Wed, 12 Jan 2022 23:43:22 +0100 Subject: [PATCH 4/4] Fix tests, based on the patch by @ezzieyguywuf in #247 and advice from @Bodigrim --- hackage-security/hackage-security.cabal | 1 + hackage-security/tests/TestSuite/JSON.hs | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hackage-security/hackage-security.cabal b/hackage-security/hackage-security.cabal index 0e4da48e..36296220 100644 --- a/hackage-security/hackage-security.cabal +++ b/hackage-security/hackage-security.cabal @@ -255,6 +255,7 @@ test-suite TestSuite bytestring, network-uri, tar, + text, time, zlib diff --git a/hackage-security/tests/TestSuite/JSON.hs b/hackage-security/tests/TestSuite/JSON.hs index 5ea2c7fc..39e93e23 100644 --- a/hackage-security/tests/TestSuite/JSON.hs +++ b/hackage-security/tests/TestSuite/JSON.hs @@ -23,6 +23,9 @@ import Data.String (fromString) import qualified Data.Vector as V import qualified Data.HashMap.Strict as HM +-- text +import qualified Data.Text as Text + prop_aeson_canonical, prop_roundtrip_canonical, prop_roundtrip_pretty, prop_canonical_pretty :: JSValue -> Bool @@ -48,6 +51,9 @@ canonicalise (JSArray vs) = JSArray [ canonicalise v | v <- vs] canonicalise (JSObject vs) = JSObject [ (k, canonicalise v) | (k,v) <- sortBy (compare `on` fst) vs ] +sanitizeString :: String -> String +sanitizeString s = Text.unpack (Text.replace (Text.pack "\\") (Text.pack "\\\\") (Text.pack (show s))) + instance Arbitrary JSValue where arbitrary = sized $ \sz -> @@ -55,9 +61,9 @@ instance Arbitrary JSValue where [ (1, pure JSNull) , (1, JSBool <$> arbitrary) , (2, JSNum <$> arbitrary) - , (2, JSString . getASCIIString <$> arbitrary) + , (2, JSString . sanitizeString . getASCIIString <$> arbitrary) , (3, JSArray <$> resize (sz `div` 2) arbitrary) - , (3, JSObject . mapFirst getASCIIString . noDupFields <$> resize (sz `div` 2) arbitrary) + , (3, JSObject . mapFirst (sanitizeString . getASCIIString) . noDupFields <$> resize (sz `div` 2) arbitrary) ] where noDupFields = nubBy (\(x,_) (y,_) -> x==y)