Extract argumentization for cmd and add proper escaping

2023-03-09 10:54:53 +01:00
parent 5a3ea24c6b
commit c8badea6dd
4 changed files with 19 additions and 5 deletions
--- a/lib/mrsk/utils.rb
+++ b/lib/mrsk/utils.rb
@@ -5,7 +5,7 @@ module Mrsk::Utils
  def argumentize(argument, attributes, redacted: false)
    Array(attributes).flat_map do |key, value|
      if value.present?
-        escaped_pair = [ key, value.to_s.dump.gsub(/`/, '\\\\`') ].join("=")
+        escaped_pair = [ key, escape_shell_value(value) ].join("=")
        [ argument, redacted ? redact(escaped_pair) : escaped_pair ]
      else
        [ argument, key ]
@@ -23,8 +23,18 @@ module Mrsk::Utils
    end
  end

+  # Returns a list of shell-dashed arguments to be used to start a command.
+  def argumentize_for_cmd(args)
+    args.collect { |(key, value)| [ "--#{key}", escape_shell_value(value) ] }.flatten
+  end
+
  # Copied from SSHKit::Backend::Abstract#redact to be available inside Commands classes
  def redact(arg) # Used in execute_command to hide redact() args a user passes in
    arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc
  end
+
+  # Escape a value to make it safe for shell use.
+  def escape_shell_value(value)
+    value.to_s.dump.gsub(/`/, '\\\\`')
+  end
 end