Page MenuHomePhabricator

Implement escaping logic for Windows Command Prompt and Bash in PhutilCommandString
AbandonedPublic

Authored by hach-que on Sep 25 2014, 1:19 AM.
Tags
None
Referenced Files
F14150994: D10555.diff
Wed, Dec 4, 6:50 PM
F14148891: D10555.diff
Wed, Dec 4, 11:46 AM
Unknown Object (File)
Fri, Nov 29, 5:35 PM
Unknown Object (File)
Tue, Nov 26, 2:09 PM
Unknown Object (File)
Sat, Nov 23, 5:46 AM
Unknown Object (File)
Fri, Nov 22, 6:16 AM
Unknown Object (File)
Mon, Nov 18, 6:18 AM
Unknown Object (File)
Wed, Nov 13, 9:05 PM

Details

Reviewers
epriestley
Group Reviewers
Blessed Reviewers
Maniphest Tasks
T2015: Implement Drydock
Summary

Ref T2015. This adds support for explicitly escaping commands for the Windows Command Prompt or Bash in PhutilCommandString.

Test Plan

Tested as part of a diff (not yet submitted) to support different shells in Harbormaster / Drydock.

Diff Detail

Repository
rPHU libphutil
Branch
alternate-shell
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 2633
Build 2637: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

hach-que retitled this revision from to Implement escaping logic for Windows Command Prompt and Bash in PhutilCommandString.
hach-que updated this object.
hach-que edited the test plan for this revision. (Show Details)
hach-que added a reviewer: epriestley.
epriestley edited edge metadata.

The windows case is obviously broken. I'd like to stop introducing any more broken Windows escaping.

The bash case looks broken and unsafe for, offhand, string containing backslashes.

It's not clear to me why the bash escaping needs to differ from escapeshellarg(). I would expect this to be correct for bash, as it is routinely used to escape things in bash.

This revision now requires changes to proceed.Aug 8 2015, 6:23 PM

The windows case is obviously broken. I'd like to stop introducing any more broken Windows escaping.

This should replace any other Windows escaping code (for example, with this, the hacks for mkdir in host leasing just get replaced with this).

The bash case looks broken and unsafe for, offhand, string containing backslashes.

Backslashes don't do anything for single quoted strings in Bash. Since we encapsulate the whole string in single quotes, and then move individual single quote characters into their own quote context, it should prevent any backslash escaping. For example:

\' TEST

becomes

'\'"'"' TEST'

which under Bash shows:

june-linux-laptop:~> echo '\'"'"' TEST'
\' TEST

It's not clear to me why the bash escaping needs to differ from escapeshellarg(). I would expect this to be correct for bash, as it is routinely used to escape things in bash.

escapeshellarg has different behaviour on Windows (it attempts to escape for CMD, not for Bash).