Extract argumentization for cmd and add proper escaping

lib/mrsk/commands/base.rb

@@ -1,6 +1,6 @@
 module Mrsk::Commands
   class Base
-    delegate :redact, to: Mrsk::Utils
+    delegate :redact, :argumentize_for_cmd, to: Mrsk::Utils
 
     MAX_LOG_SIZE = "10m"
 

lib/mrsk/commands/traefik.rb

@@ -53,7 +53,11 @@ class Mrsk::Commands::Traefik < Mrsk::Commands::Base
 
   private
     def cmd_args
-      (config.raw_config.dig(:traefik, "args") || { }).collect { |(key, value)| [ "--#{key}", value ] }.flatten
+      if args = config.raw_config.dig(:traefik, "args")
+        argumentize_for_cmd args
+      else
+        []
+      end
     end
 
     def host_port

lib/mrsk/utils.rb

@@ -5,7 +5,7 @@ module Mrsk::Utils
   def argumentize(argument, attributes, redacted: false)
     Array(attributes).flat_map do |key, value|
       if value.present?
-        escaped_pair = [ key, value.to_s.dump.gsub(/`/, '\\\\`') ].join("=")
+        escaped_pair = [ key, escape_shell_value(value) ].join("=")
         [ argument, redacted ? redact(escaped_pair) : escaped_pair ]
       else
         [ argument, key ]
@@ -23,8 +23,18 @@ module Mrsk::Utils
     end
   end
 
+  # Returns a list of shell-dashed arguments to be used to start a command.
+  def argumentize_for_cmd(args)
+    args.collect { |(key, value)| [ "--#{key}", escape_shell_value(value) ] }.flatten
+  end
+
   # Copied from SSHKit::Backend::Abstract#redact to be available inside Commands classes
   def redact(arg) # Used in execute_command to hide redact() args a user passes in
     arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc
   end
+
+  # Escape a value to make it safe for shell use.
+  def escape_shell_value(value)
+    value.to_s.dump.gsub(/`/, '\\\\`')
+  end
 end