spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Shellescape all interpolated strings in commands

Browse Source
This commit is contained in:
André Laszlo
2024-12-06 17:43:41 +01:00
parent eb82b4a753
commit 8103d68688
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/kamal/secrets/adapters/gcp_secret_manager.rb
View File

@@ -40,7 +40,7 @@ class Kamal::Secrets::Adapters::GcpSecretManager < Kamal::Secrets::Adapters::Bas
def fetch_secret(project, secret_name, secret_version, user, service_account) def fetch_secret(project, secret_name, secret_version, user, service_account)
secret = run_command( secret = run_command(
"secrets versions access #{secret_version} --secret=#{secret_name.shellescape}", "secrets versions access #{secret_version.shellescape} --secret=#{secret_name.shellescape}",
project: project, project: project,
user: user, user: user,
service_account: service_account service_account: service_account
@@ -79,9 +79,9 @@ class Kamal::Secrets::Adapters::GcpSecretManager < Kamal::Secrets::Adapters::Bas
def run_command(command, project: "default", user: "default", service_account: nil) def run_command(command, project: "default", user: "default", service_account: nil)
full_command = [ "gcloud", command ] full_command = [ "gcloud", command ]
full_command << "--project=#{project}" unless project == "default" full_command << "--project=#{project.shellescape}" unless project == "default"
full_command << "--account=#{user}" unless user == "default" full_command << "--account=#{user.shellescape}" unless user == "default"
full_command << "--impersonate-service-account=#{service_account}" if service_account full_command << "--impersonate-service-account=#{service_account.shellescape}" if service_account
full_command << "--format=json" full_command << "--format=json"
full_command = full_command.join(" ") full_command = full_command.join(" ")