Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PaymentServer/Main.hs uses Data.Text.IO.readFile which is unsafe with respect to locale configuration #74

Open
exarkun opened this issue Oct 30, 2020 · 0 comments
Open

PaymentServer/Main.hs uses Data.Text.IO.readFile which is unsafe with respect to locale configuration #74

exarkun opened this issue Oct 30, 2020 · 0 comments

Comments

@exarkun
Copy link
Collaborator

exarkun commented Oct 30, 2020

From https://www.snoyman.com/blog/2020/10/haskell-bad-parts-1:

Locale sensitive file encoding and decoding laughs in our face. When you use Data.Text.IO.readFile, it plays a mind reading game of trying to deduce from clues you don’t care about which character encoding to use. These days, on the vast majority of systems used by native English speakers, this turns out to be UTF-8. So using readFile and writeFile typically “just works.” Using functions from Data.Text.IO looks safe, and can easily get hidden in a large PR or a library dependency.

IOW readFile decodes bytes using an encoding selected based on locale inference (from env vars like LANG and such).

Our use of readFile is just for reading a key file which I guess should always be ASCII but it looks like this may still break if the locale env vars are unset.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@exarkun