@@ -51,29 +51,36 @@ module Codec.Archive.Tar (
5151
5252 -- * Notes
5353 -- ** Compressed tar archives
54- -- | Tar files are commonly used in conjunction with gzip compression, as in
55- -- \" @.tar.gz@\" or \" @.tar.bz2@\" files. This module does not directly
54+ -- | Tar files are commonly used in conjunction with compression, as in
55+ -- @.tar.gz@ or @.tar.bz2@ files. This module does not directly
5656 -- handle compressed tar files however they can be handled easily by
5757 -- composing functions from this module and the modules
58- -- @Codec.Compression.GZip@ or @Codec.Compression.BZip@
59- -- (see @zlib@ or @bzlib@ packages).
58+ -- [@Codec.Compression.GZip@](https://hackage.haskell.org/package/zlib/docs/Codec-Compression-Zlib.html)
59+ -- or
60+ -- [@Codec.Compression.BZip@](https://hackage.haskell.org/package/bzlib-0.5.0.5/docs/Codec-Compression-BZip.html).
6061 --
61- -- Creating a compressed \" @.tar.gz@\" file is just a minor variation on the
62+ -- Creating a compressed @.tar.gz@ file is just a minor variation on the
6263 -- 'create' function, but where throw compression into the pipeline:
6364 --
64- -- > BS.writeFile tar . GZip.compress . Tar.write =<< Tar.pack base dir
65+ -- > import qualified Data.ByteString.Lazy as BL
66+ -- > import qualified Codec.Compression.GZip as GZip
67+ -- >
68+ -- > BL.writeFile tar . GZip.compress . Tar.write =<< Tar.pack base dir
6569 --
66- -- Similarly, extracting a compressed \" @.tar.gz@\" is just a minor variation
70+ -- Similarly, extracting a compressed @.tar.gz@ is just a minor variation
6771 -- on the 'extract' function where we use decompression in the pipeline:
6872 --
69- -- > Tar.unpack dir . Tar.read . GZip.decompress =<< BS.readFile tar
73+ -- > import qualified Data.ByteString.Lazy as BL
74+ -- > import qualified Codec.Compression.Zlib as GZip
75+ -- >
76+ -- > Tar.unpack dir . Tar.read . GZip.decompress =<< BL.readFile tar
7077 --
7178
7279 -- ** Security
7380 -- | This is pretty important. A maliciously constructed tar archives could
7481 -- contain entries that specify bad file names. It could specify absolute
75- -- file names like \" @\/etc\/passwd@\" or relative files outside of the
76- -- archive like \" ..\/..\/..\/something\" . This security problem is commonly
82+ -- file names like @\/etc\/passwd@ or relative files outside of the
83+ -- archive like @ ..\/..\/..\/something@ . This security problem is commonly
7784 -- called a \"directory traversal vulnerability\". Historically, such
7885 -- vulnerabilities have been common in packages handling tar archives.
7986 --
@@ -87,8 +94,13 @@ module Codec.Archive.Tar (
8794 -- 'extract' function does not check for these however if you want to do
8895 -- that you can use the 'checkTarbomb' function like so:
8996 --
90- -- > Tar.unpack dir . Tar.checkTarbomb expectedDir
91- -- > . Tar.read =<< BS.readFile tar
97+ -- > import Control.Exception (SomeException(..))
98+ -- > import Control.Applicative ((<|>))
99+ -- > import qualified Data.ByteString.Lazy as BL
100+ -- >
101+ -- > Tar.unpackAndCheck (\x -> SomeException <$> checkEntryTarbomb expectedDir x
102+ -- > <|> SomeException <$> checkEntrySecurity x) dir .
103+ -- > Tar.read =<< BL.readFile tar
92104 --
93105 -- In this case extraction will fail if any file is outside of @expectedDir@.
94106
@@ -163,8 +175,9 @@ import Codec.Archive.Tar.Index (hSeekEndEntryOffset)
163175
164176import Codec.Archive.Tar.Check
165177
166- import Control.Exception (Exception , throw , catch )
167- import qualified Data.ByteString.Lazy as BS
178+ import Control.Applicative ((<|>) )
179+ import Control.Exception (Exception , throw , catch , SomeException (.. ))
180+ import qualified Data.ByteString.Lazy as BL
168181import System.IO (withFile , IOMode (.. ))
169182import Prelude hiding (read )
170183
@@ -181,7 +194,9 @@ import Prelude hiding (read)
181194-- This is a high level \"all in one\" operation. Since you may need variations
182195-- on this function it is instructive to see how it is written. It is just:
183196--
184- -- > BS.writeFile tar . Tar.write =<< Tar.pack base paths
197+ -- > import qualified Data.ByteString.Lazy as BL
198+ -- >
199+ -- > BL.writeFile tar . Tar.write =<< Tar.pack base paths
185200--
186201-- Notes:
187202--
@@ -203,7 +218,7 @@ create :: FilePath -- ^ Path of the \".tar\" file to write.
203218 -> FilePath -- ^ Base directory
204219 -> [FilePath -- ^ Files and directories to archive, relative to base dir
205220 -> IO ()
206- create tar base paths = BS .writeFile tar . write =<< pack base paths
221+ create tar base paths = BL .writeFile tar . write =<< pack base paths
207222
208223-- | Extract all the files contained in a @\".tar\"@ file.
209224--
@@ -217,7 +232,9 @@ create tar base paths = BS.writeFile tar . write =<< pack base paths
217232-- This is a high level \"all in one\" operation. Since you may need variations
218233-- on this function it is instructive to see how it is written. It is just:
219234--
220- -- > Tar.unpack dir . Tar.read =<< BS.readFile tar
235+ -- > import qualified Data.ByteString.Lazy as BL
236+ -- >
237+ -- > Tar.unpack dir . Tar.read =<< BL.readFile tar
221238--
222239-- Notes:
223240--
@@ -236,7 +253,7 @@ create tar base paths = BS.writeFile tar . write =<< pack base paths
236253extract :: FilePath -- ^ Destination directory
237254 -> FilePath -- ^ Tarball
238255 -> IO ()
239- extract dir tar = unpack dir . read =<< BS .readFile tar
256+ extract dir tar = unpack dir . read =<< BL .readFile tar
240257
241258-- | Append new entries to a @\".tar\"@ file from a directory of files.
242259--
@@ -251,4 +268,4 @@ append :: FilePath -- ^ Path of the \".tar\" file to write.
251268append tar base paths =
252269 withFile tar ReadWriteMode $ \ hnd -> do
253270 _ <- hSeekEndEntryOffset hnd Nothing
254- BS .. write =<< pack base paths
271+ BL .. write =<< pack base paths
0 commit comments