nushell/crates/nu-command/src
Braulio Valdivielso Martínez 1794ad51bd
Sanitize arguments to external commands a bit better (#4157)
* fix #4140

We are passing commands into a shell underneath but we were not
escaping arguments correctly. This new version of the code also takes
into consideration the ";" and "&" characters, which have special
meaning in shells.

We would probably benefit from a more robust way to join arguments to
shell programs. Python's stdlib has shlex.join, and perhaps we can
take that implementation as a reference.

* clean up escaping of posix shell args

I believe the right place to do escaping of arguments was in the
spawn_sh_command function. Note that this change prevents things like:

^echo "$(ls)"

from executing the ls command. Instead, this will just print

$(ls)

The regex has been taken from the python stdlib implementation of shlex.quote

* fix non-literal parameters and single quotes

* address clippy's comments

* fixup! address clippy's comments

* test that subshell commands are sanitized properly
2021-11-29 09:46:42 -06:00
..
classified Sanitize arguments to external commands a bit better (#4157) 2021-11-29 09:46:42 -06:00
commands Correct spelling (#4152) 2021-11-25 11:11:20 -06:00
examples Add general refactorings (#3996) 2021-09-10 10:44:22 +12:00
utils Fix #3582 (#3583) 2021-06-09 18:07:54 +12:00
args.rs Begin directory contrib docs and split commands (#3650) 2021-06-19 12:06:44 +12:00
default_context.rs Add 'detect columns' command (#4127) 2021-11-16 11:29:54 +13:00
examples.rs Flexibility updating table's cells. (#4027) 2021-09-19 15:37:54 -05:00
lib.rs Begin directory contrib docs and split commands (#3650) 2021-06-19 12:06:44 +12:00
prelude.rs Fix issue in external subexpression paths (#3642) 2021-06-18 07:59:58 +12:00
utils.rs Fix #3582 (#3583) 2021-06-09 18:07:54 +12:00