From 01e6f9745b5b85237f97eaaf3a3b2e673a0bf333 Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Sun, 18 Sep 2022 15:39:43 +0300
Subject: [PATCH 1/7] Enable translation of maps into directory trees

---
 dhall/src/Dhall/DirectoryTree.hs | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index 4f152a7a4..8bf0c37d0 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -31,7 +31,7 @@ import qualified System.FilePath             as FilePath
 
     * Records are translated into directories
 
-    * @Map@s are also translated into directories
+    * @Map@s are translated into directory trees
 
     * @Text@ values or fields are translated into files
 
@@ -124,13 +124,20 @@ toDirectoryTree path expression = case expression of
         empty
 
     process key value = do
-        if Text.isInfixOf (Text.pack [ FilePath.pathSeparator ]) key
-            then die
-            else return ()
+        (dirPath, fileName) <- case reverse keyPathSegments of
+            h : t ->
+                return
+                  ( Foldable.foldl' (</>) path (reverse t)
+                  , h )
+            _ ->
+                die
 
-        Directory.createDirectoryIfMissing False path
+        Directory.createDirectoryIfMissing True dirPath
 
-        toDirectoryTree (path </> Text.unpack key) value
+        toDirectoryTree (dirPath </> fileName) value
+      where
+        keyPathSegments =
+            fmap Text.unpack $ Text.splitOn "/" key
 
     die = Exception.throwIO FilesystemError{..}
       where

From 42ccf58f14d69d507c53a2b68eef8c59b7d2d4cf Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Sun, 18 Sep 2022 15:44:49 +0300
Subject: [PATCH 2/7] Remove redundant import

---
 dhall/src/Dhall/DirectoryTree.hs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index 8bf0c37d0..6198bbbfa 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -25,7 +25,6 @@ import qualified Dhall.Pretty
 import qualified Dhall.Util                  as Util
 import qualified Prettyprinter.Render.String as Pretty
 import qualified System.Directory            as Directory
-import qualified System.FilePath             as FilePath
 
 {-| Attempt to transform a Dhall record into a directory tree where:
 

From d055379adae0ce46ad7c6bac107e9ef8fc15833f Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Mon, 19 Sep 2022 16:39:53 +0300
Subject: [PATCH 3/7] Add safety checks for paths

---
 dhall/src/Dhall/DirectoryTree.hs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index 6198bbbfa..f7d03e011 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -35,6 +35,10 @@ import qualified System.Directory            as Directory
     * @Text@ values or fields are translated into files
 
     * @Optional@ values are omitted if @None@
+    
+    In @Map@s, the keys specify paths relative to the work dir.
+    Only forward slashes (@/@) must be used as directory separators.
+    They will be automatically transformed on Windows.
 
     For example, the following Dhall record:
 
@@ -123,6 +127,19 @@ toDirectoryTree path expression = case expression of
         empty
 
     process key value = do
+        -- Fail if path is absolute, which is a security risk.
+        case keyPathSegments of
+            "" : _ ->
+                die
+            _ ->
+                return ()
+
+        -- Fail if path contains attempts to go to container directory,
+        -- which is a security risk.
+        if elem ".." keyPathSegments
+          then die
+          else return ()
+
         (dirPath, fileName) <- case reverse keyPathSegments of
             h : t ->
                 return

From 5c5d149c16286c5b5aaad7884c4a8f280197fbd3 Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Tue, 20 Sep 2022 10:20:39 +0300
Subject: [PATCH 4/7] Conform to project's formatting

---
 dhall/src/Dhall/DirectoryTree.hs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index f7d03e011..4995f7b2c 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -137,14 +137,14 @@ toDirectoryTree path expression = case expression of
         -- Fail if path contains attempts to go to container directory,
         -- which is a security risk.
         if elem ".." keyPathSegments
-          then die
-          else return ()
+            then die
+            else return ()
 
         (dirPath, fileName) <- case reverse keyPathSegments of
             h : t ->
                 return
-                  ( Foldable.foldl' (</>) path (reverse t)
-                  , h )
+                    ( Foldable.foldl' (</>) path (reverse t)
+                    , h )
             _ ->
                 die
 

From 840bcd3100cd831c684f4c8809d90d92ba529b04 Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Tue, 20 Sep 2022 10:22:23 +0300
Subject: [PATCH 5/7] Add detection of Windows absolute paths

---
 dhall/src/Dhall/DirectoryTree.hs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index 4995f7b2c..185eb4d3b 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -131,6 +131,9 @@ toDirectoryTree path expression = case expression of
         case keyPathSegments of
             "" : _ ->
                 die
+            -- Detect Windows absolute paths like "C:".
+            [_ , ':'] : _ ->
+                die
             _ ->
                 return ()
 

From 39bf0bd64c4d0af5c34d650711acd45eb94d06b0 Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Tue, 20 Sep 2022 10:24:24 +0300
Subject: [PATCH 6/7] Extend the docs

---
 dhall/src/Dhall/DirectoryTree.hs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index 185eb4d3b..bd61dcd75 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -39,6 +39,8 @@ import qualified System.Directory            as Directory
     In @Map@s, the keys specify paths relative to the work dir.
     Only forward slashes (@/@) must be used as directory separators.
     They will be automatically transformed on Windows.
+    Absolute paths (starting with @/@) and parent directory segments (@..@)
+    are prohibited for security concerns.
 
     For example, the following Dhall record:
 

From 29247420872e5d4f34d805b780a37f9ee736410b Mon Sep 17 00:00:00 2001
From: Nikita Volkov <nikita.y.volkov@mail.ru>
Date: Wed, 5 Oct 2022 14:56:42 +0300
Subject: [PATCH 7/7] Restore the accidentally deleted docs

---
 dhall/src/Dhall/DirectoryTree.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dhall/src/Dhall/DirectoryTree.hs b/dhall/src/Dhall/DirectoryTree.hs
index 22a3f9e46..a49a95f61 100644
--- a/dhall/src/Dhall/DirectoryTree.hs
+++ b/dhall/src/Dhall/DirectoryTree.hs
@@ -172,7 +172,7 @@ import qualified System.PosixCompat.User     as Posix
     that cannot be converted as-is.
 -}
 toDirectoryTree
-    :: Bool
+    :: Bool -- ^ Whether to allow path separators in file names or not
     -> FilePath
     -> Expr Void Void
     -> IO ()