spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extract argumentization for cmd and add proper escaping

Browse Source
This commit is contained in:
David Heinemeier Hansson
2023-03-09 10:54:53 +01:00
parent 5a3ea24c6b
commit c8badea6dd
4 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/mrsk/commands/base.rb
View File

@@ -1,6 +1,6 @@
module Mrsk::Commands module Mrsk::Commands
class Base class Base
delegate :redact, to: Mrsk::Utils delegate :redact, :argumentize_for_cmd, to: Mrsk::Utils
MAX_LOG_SIZE = "10m" MAX_LOG_SIZE = "10m"

6
lib/mrsk/commands/traefik.rb
View File

@@ -53,7 +53,11 @@ class Mrsk::Commands::Traefik < Mrsk::Commands::Base
private private
def cmd_args def cmd_args
(config.raw_config.dig(:traefik, "args") || { }).collect { |(key, value)| [ "--#{key}", value ] }.flatten if args = config.raw_config.dig(:traefik, "args")
argumentize_for_cmd args
else
[]
end
end end
def host_port def host_port

12
lib/mrsk/utils.rb
View File

@@ -5,7 +5,7 @@ module Mrsk::Utils
def argumentize(argument, attributes, redacted: false) def argumentize(argument, attributes, redacted: false)
Array(attributes).flat_map do |key, value| Array(attributes).flat_map do |key, value|
if value.present? if value.present?
escaped_pair = [ key, value.to_s.dump.gsub(/`/, '\\\\`') ].join("=") escaped_pair = [ key, escape_shell_value(value) ].join("=")
[ argument, redacted ? redact(escaped_pair) : escaped_pair ] [ argument, redacted ? redact(escaped_pair) : escaped_pair ]
else else
[ argument, key ] [ argument, key ]
@@ -23,8 +23,18 @@ module Mrsk::Utils
end end
end end
# Returns a list of shell-dashed arguments to be used to start a command.
def argumentize_for_cmd(args)
args.collect { |(key, value)| [ "--#{key}", escape_shell_value(value) ] }.flatten
end
# Copied from SSHKit::Backend::Abstract#redact to be available inside Commands classes # Copied from SSHKit::Backend::Abstract#redact to be available inside Commands classes
def redact(arg) # Used in execute_command to hide redact() args a user passes in def redact(arg) # Used in execute_command to hide redact() args a user passes in
arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc
end end
# Escape a value to make it safe for shell use.
def escape_shell_value(value)
value.to_s.dump.gsub(/`/, '\\\\`')
end
end end

4
test/commands/traefik_test.rb
View File

@@ -10,12 +10,12 @@ class CommandsTraefikTest < ActiveSupport::TestCase
test "run" do test "run" do
assert_equal \ assert_equal \
"docker run --name traefik --detach --restart unless-stopped --log-opt max-size=10m --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock traefik --providers.docker --log.level=DEBUG --accesslog.format json --metrics.prometheus.buckets 0.1,0.3,1.2,5.0", "docker run --name traefik --detach --restart unless-stopped --log-opt max-size=10m --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock traefik --providers.docker --log.level=DEBUG --accesslog.format \"json\" --metrics.prometheus.buckets \"0.1,0.3,1.2,5.0\"",
new_command.run.join(" ") new_command.run.join(" ")
@config[:traefik]["host_port"] = "8080" @config[:traefik]["host_port"] = "8080"
assert_equal \ assert_equal \
"docker run --name traefik --detach --restart unless-stopped --log-opt max-size=10m --publish 8080:80 --volume /var/run/docker.sock:/var/run/docker.sock traefik --providers.docker --log.level=DEBUG --accesslog.format json --metrics.prometheus.buckets 0.1,0.3,1.2,5.0", "docker run --name traefik --detach --restart unless-stopped --log-opt max-size=10m --publish 8080:80 --volume /var/run/docker.sock:/var/run/docker.sock traefik --providers.docker --log.level=DEBUG --accesslog.format \"json\" --metrics.prometheus.buckets \"0.1,0.3,1.2,5.0\"",
new_command.run.join(" ") new_command.run.join(" ")
end end