spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(escape): Escape double quotes and all other characters reliably

Browse Source
This commit is contained in:
Paul Gabriel
2023-02-20 16:49:47 +01:00
parent 25e8b91569
commit f81ba12aa5
3 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/mrsk/configuration/role.rb
View File

@@ -58,7 +58,7 @@ class Mrsk::Configuration::Role
def traefik_labels def traefik_labels
if running_traefik? if running_traefik?
{ {
"traefik.http.routers.#{config.service}.rule" => 'PathPrefix(\`/\`)', "traefik.http.routers.#{config.service}.rule" => "PathPrefix(`/`)",
"traefik.http.services.#{config.service}.loadbalancer.healthcheck.path" => config.healthcheck["path"], "traefik.http.services.#{config.service}.loadbalancer.healthcheck.path" => config.healthcheck["path"],
"traefik.http.services.#{config.service}.loadbalancer.healthcheck.interval" => "1s", "traefik.http.services.#{config.service}.loadbalancer.healthcheck.interval" => "1s",
"traefik.http.middlewares.#{config.service}.retry.attempts" => "3", "traefik.http.middlewares.#{config.service}.retry.attempts" => "3",

6
lib/mrsk/utils.rb
View File

@@ -5,7 +5,7 @@ module Mrsk::Utils
def argumentize(argument, attributes, redacted: false) def argumentize(argument, attributes, redacted: false)
Array(attributes).flat_map do |k, v| Array(attributes).flat_map do |k, v|
if v.present? if v.present?
[ argument, redacted ? redact("#{k}=\"#{v}\"") : "#{k}=\"#{v}\"" ] [ argument, redacted ? redact("#{k}=#{escape_bash_string v.to_s}") : "#{k}=#{escape_bash_string v.to_s}" ]
else else
[ argument, k ] [ argument, k ]
end end
@@ -26,4 +26,8 @@ module Mrsk::Utils
def redact(arg) # Used in execute_command to hide redact() args a user passes in def redact(arg) # Used in execute_command to hide redact() args a user passes in
arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc
end end
def escape_bash_string(string)
string.dump.gsub(/`/, '\\\\`')
end
end end

4
test/configuration/role_test.rb
View File

@@ -95,9 +95,9 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
} }
ENV["REDIS_PASSWORD"] = "secret456" ENV["REDIS_PASSWORD"] = "secret456"
ENV["DB_PASSWORD"] = "secret123" ENV["DB_PASSWORD"] = "secret&\"123"
assert_equal ["-e", "REDIS_PASSWORD=\"secret456\"", "-e", "DB_PASSWORD=\"secret123\"", "-e", "REDIS_URL=\"redis://a/b\"", "-e", "WEB_CONCURRENCY=\"4\""], @config_with_roles.role(:workers).env_args assert_equal ["-e", "REDIS_PASSWORD=\"secret456\"", "-e", "DB_PASSWORD=\"secret&\\\"123\"", "-e", "REDIS_URL=\"redis://a/b\"", "-e", "WEB_CONCURRENCY=\"4\""], @config_with_roles.role(:workers).env_args
ensure ensure
ENV["REDIS_PASSWORD"] = nil ENV["REDIS_PASSWORD"] = nil
ENV["DB_PASSWORD"] = nil ENV["DB_PASSWORD"] = nil