Avoid Wrapping Script Code In Quotes #134
Conversation
hostilefork
force-pushed
the
exec-quote-fix
branch
from
e1fadba
to
a9f1dcc
Compare
The exec() command only runs a program with literal argument strings.
It does not know how to do things like expanding environment variables,
or piping/redirection. Hence the way to get "shell intelligence"
is to use exec() to run the `sh` process with the command line string
as a parameter.
But the method being used to do this was:
exec.exec(`sh -c \\"${script}"`)
This has problems, because wrapping the script in quotes creates
issues when the script itself contains quotes. Escaping the string
correctly is a non-trivial problem, which also would create "noise"
in the debug output which would add confusion.
http://mywiki.wooledge.org/BashFAQ/050
The easiest way to work around this here is to use the array form of
exec() to pass exactly two parameters to `sh`. No manipulation of the
script string is needed with this approach:
exec.exec("sh", ["-c", script])
There are more cases in the project of `sh -c` usage which should also
be changed, and likely abstracted (shellExec()?) But this small patch
just fixes the most important case for the user-provided script.
---
Additionally, this removes the escaped backslash (`\\`) from the
start of the executed command. That was presumably to suppress the
use of aliases:
https://unix.stackexchange.com/questions/524254/why-are-backslashes-included-in-this-shell-script
But because this is invoking a non-interactive shell session, aliases
would not apply. Hence the extra backslash shouldn't be needed.
hostilefork
force-pushed
the
exec-quote-fix
branch
from
a9f1dcc
to
5694553
Compare
|
@ychescale9 I notice that GitHub implements the custom This could offer benefits of wrapping long lines with backslash, handling Is there a reason not to do this here? You get the feature of erroring out on any line with Where Offering the option of specifying a |
|
@hostilefork Thanks for the input. I haven't looked into better backslash support, but if you can come up with something without breaking change feel free to send a PR:) Thanks again for the contributions! |
The exec() command only runs a program with literal argument strings.
It does not know how to do things like expanding environment variables,
or piping/redirection. Hence the way to get "shell intelligence"
is to use exec() to run the
shprocess with the command line stringas a parameter.
But the method being used to do this was:
This has problems, because wrapping the script in quotes creates
issues when the script itself contains quotes. Escaping the string
correctly is a non-trivial problem, which also would create "noise"
in the debug output which would add confusion.
http://mywiki.wooledge.org/BashFAQ/050
The easiest way to work around this here is to use the array form of
exec() to pass exactly two parameters to
sh. No manipulation of thescript string is needed with this approach:
There are more cases in the project of
sh -cusage which should alsobe changed, and likely abstracted (shellExec()?) But this small patch
just fixes the most important case for the user-provided script.
Additionally, this removes the escaped backslash (
\\) from thestart of the executed command. That was presumably to suppress the
use of aliases:
https://unix.stackexchange.com/questions/524254/why-are-backslashes-included-in-this-shell-script
But because this is invoking a non-interactive shell session, aliases
would not apply. Hence the extra backslash shouldn't be needed.