diff --git a/lib/kamal/commands/registry.rb b/lib/kamal/commands/registry.rb index eb02acad..e13c90ac 100644 --- a/lib/kamal/commands/registry.rb +++ b/lib/kamal/commands/registry.rb @@ -2,7 +2,10 @@ class Kamal::Commands::Registry < Kamal::Commands::Base delegate :registry, to: :config def login - docker :login, registry["server"], "-u", sensitive(lookup("username")), "-p", sensitive(lookup("password")) + docker :login, + registry["server"], + "-u", sensitive(Kamal::Utils.escape_shell_value(lookup("username"))), + "-p", sensitive(Kamal::Utils.escape_shell_value(lookup("password"))) end def logout diff --git a/test/commands/registry_test.rb b/test/commands/registry_test.rb index 83b73a7b..c25d7585 100755 --- a/test/commands/registry_test.rb +++ b/test/commands/registry_test.rb @@ -15,7 +15,7 @@ class CommandsRegistryTest < ActiveSupport::TestCase test "registry login" do assert_equal \ - "docker login hub.docker.com -u dhh -p secret", + "docker login hub.docker.com -u \"dhh\" -p \"secret\"", @registry.login.join(" ") end @@ -24,7 +24,18 @@ class CommandsRegistryTest < ActiveSupport::TestCase @config[:registry]["password"] = [ "KAMAL_REGISTRY_PASSWORD" ] assert_equal \ - "docker login hub.docker.com -u dhh -p more-secret", + "docker login hub.docker.com -u \"dhh\" -p \"more-secret\"", + @registry.login.join(" ") + ensure + ENV.delete("KAMAL_REGISTRY_PASSWORD") + end + + test "registry login escape password" do + ENV["KAMAL_REGISTRY_PASSWORD"] = "more-secret'\"" + @config[:registry]["password"] = [ "KAMAL_REGISTRY_PASSWORD" ] + + assert_equal \ + "docker login hub.docker.com -u \"dhh\" -p \"more-secret'\\\"\"", @registry.login.join(" ") ensure ENV.delete("KAMAL_REGISTRY_PASSWORD") @@ -35,7 +46,7 @@ class CommandsRegistryTest < ActiveSupport::TestCase @config[:registry]["username"] = [ "KAMAL_REGISTRY_USERNAME" ] assert_equal \ - "docker login hub.docker.com -u also-secret -p secret", + "docker login hub.docker.com -u \"also-secret\" -p \"secret\"", @registry.login.join(" ") ensure ENV.delete("KAMAL_REGISTRY_USERNAME")