Comments (6)
ocharles
commented on September 27, 2024
There is a natural question about what this means for HTTP imports - that is, what does it mean to be "relative" to a HTTP import. One solution is to simply prohibit it, the other option is to build a path relative to the HTTP URL. It could be argued that a relative import from a HTTP import is unsafe though anyway, as it has the ability to import things from the local fs, which could be used to accidentally expose potential secrets.
from dhall-lang.
Gabriella439
commented on September 27, 2024
@ocharles: Note that the example works if you instead do:
$ dhall <<< './a/b`The only reason it failed was because you fed ./a/b through standard input so Dhall doesn't know what where standard input is coming from, so Dhall assumed it was relative to the current directory by default.
Also, Dhall does handle paths relative to HTTP imports. For example, if you import http://example.com/foo/bar and then that imports ./baz then the relative import will resolve to http://example.com/foo/baz
HTTP imports cannot import things from the local filesystem (of either the server or client). For example, if the http://example.com/foo/baz import tried to import an absolute path like /baz then the import would fail with a ReferentiallyOpaque exception. Same thing for environment variables: remote imports cannot reference environment variables. More generally, there is a check that anything remote cannot import anything local. See:
dhall-lang/dhall-haskell#162 (comment)
from dhall-lang.
Gabriella439
commented on September 27, 2024
This is also why I want to finish standardizing the semantics because the last thing to standardize is the import semantics, which includes details like this
from dhall-lang.
ocharles
commented on September 27, 2024
Ohhhh, that makes sense. I was surprised when I saw an imported file import
another file, then it did what I wanted. This all sounds sane to me, think
this can be closed.
On 14 Jan 2018 3:41 pm, "Gabriel Gonzalez" <[email protected]> wrote:
@ocharles <https://github.com/ocharles>: Note that the example works if you
instead do:
$ dhall <<< './a/b`
The only reason it failed was because you fed ./a/b through standard input
so Dhall doesn't know what where standard input is coming from, so Dhall
assumed it was relative to the current directory by default.
Also, Dhall does handle paths relative to HTTP imports. For example, if you
import http://example.com/foo/bar and then that imports ./baz then the
relative import will resolve to http://example.com/foo/baz
HTTP imports cannot import things from the local filesystem (of either the
server or client). For example, if the http://example.com/foo/baz import
tried to import an absolute path like /baz then the import would fail with
a ReferentiallyOpaque exception. Same thing for environment variables:
remote imports cannot reference environment variables. More generally,
there is a check that anything remote cannot import anything local. See:
https://github.com/dhall-lang/dhall-haskell/blob/
0257e860466249f027bf1266c458239184e613d0/src/Dhall/Import.hs#L203-L228
https://github.com/dhall-lang/dhall-haskell/blob/
0257e860466249f027bf1266c458239184e613d0/src/Dhall/Import.hs#L786-L795
dhall-lang/dhall-haskell#162 (comment)
<dhall-lang/dhall-haskell#162 (comment)>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#68 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABRjqV2gvSGUfWlv7kFLK6rG1fsyuXCks5tKiA6gaJpZM4RdnMG>
.
from dhall-lang.
Gabriella439
commented on September 27, 2024
You're welcome! :)
from dhall-lang.
Profpatsch
commented on September 27, 2024
That was the reason I added dhall-lang/dhall-haskell#190.
It’s a bit confusing that stdin doesn’t have a file context (all the while dhall doesn’t allow for a filename as import). Right now I don’t have a strong opinion yet on whether a --file flag or similar should exist, but playing further with evaluating dhall expressions in nix builds might change that.
Also awesome trick with dhall <<< './a/b', didn’t think of that.
from dhall-lang.
Related Issues (20)
- ABNF grammar should list "as Bytes" import mode
- Should the ABNF grammar disallow shebangs inside expressions? HOT 1
- eta-reducing to merge HOT 4
- Builtins operators reference: Missing record projection HOT 2
- ABNF grammar should explicitly disallow keywords as identifiers? HOT 2
- ABNF grammar should include a mandatory whitespace after `import-hashed`? HOT 1
- Improvements and fixes in the standard documentation HOT 3
- Is this an incorrect test file: `dhall-lang/tests/import/success/unit/ImportRelativeToHomeB.dhall`? HOT 2
- Link to non existing tweet
- A minimalistic proposal for do-notation
- Thoughts on introducing a minimum amount of type inference in Dhall HOT 1
- Introduce Bytes/length and Text/length as built-ins? HOT 3
- Is there a security hole: malicious sha256-protected cached content? HOT 1
- Eta-equivalence in `assert`? HOT 13
- A type level equivalent of the `with` keyword HOT 11
- Convert assertions to Leibniz equality types HOT 3
- A minimalistic proposal for adding row and column polymorphism to Dhall HOT 2
- A proposal for a "lightweight Dhall implementations" standard
- Year, Month, and Date extraction from a Date HOT 6
- Parsing errors location not helpful
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dhall-lang.