[Nix-commits] [NixOS/nixpkgs] df4750: lib: Make escapeShellArg more robust

[zimbatm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: df475092e92b9dab9642c48f2216d49027a457a1
      
https://github.com/NixOS/nixpkgs/commit/df475092e92b9dab9642c48f2216d49027a457a1
  Author: aszlig <asz...@redmoonstudios.org>
  Date:   2016-06-20 (Mon, 20 Jun 2016)

  Changed paths:
    M lib/strings.nix

  Log Message:
  -----------
  lib: Make escapeShellArg more robust

Quoting various characters that the shell *may* interpret specially is a
very fragile thing to do.

I've used something more robust all over the place in various Nix
expression I've written just because I didn't trust escapeShellArg.

Here is a proof of concept showing that I was indeed right in
distrusting escapeShellArg:

with import <nixpkgs> {};

let
  payload = runCommand "payload" {} ''
    # \x00 is not allowed for Nix strings, so let's begin at 1
    for i in $(seq 1 255); do
      echo -en "\\x$(printf %02x $i)"
    done > "$out"
  '';

  escapers = with lib; {
    current = escapeShellArg;
    better = arg: let
      backslashEscapes = stringToCharacters "\"\\ ';$`()|<>\r\t*[]&!~#";
      search = backslashEscapes ++ [ "\n" ];
      replace = map (c: "\\${c}") backslashEscapes ++ [ "'\n'" ];
    in replaceStrings search replace (toString arg);
    best = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
  };

  testWith = escaper: let
    escaped = escaper (builtins.readFile payload);
  in runCommand "test" {} ''
    if ! r="$(bash -c ${escapers.best "echo -nE ${escaped}"} 2> /dev/null)"
    then
      echo bash eval error > "$out"
      exit 0
    fi
    if echo -n "$r" | cmp -s "${payload}"; then
      echo success > "$out"
    else
      echo failed > "$out"
    fi
  '';

in runCommand "results" {} ''
  echo "Test results:"
  ${lib.concatStrings (lib.mapAttrsToList (name: impl: ''
    echo "  ${name}: $(< "${testWith impl}")"
  '') escapers)}
  exit 1
''

The resulting output is the following:

Test results:
  best: success
  better: success
  current: bash eval error

I did the "better" implementation just to illustrate that the method of
quoting only "harmful" characters results in madness in terms of
implementation and performance.

Signed-off-by: aszlig <asz...@redmoonstudios.org>
Cc: @edolstra, @zimbatm


  Commit: bc6b93511f21f9943b1c9a9b872717d507ab9070
      
https://github.com/NixOS/nixpkgs/commit/bc6b93511f21f9943b1c9a9b872717d507ab9070
  Author: zimbatm <zimb...@zimbatm.com>
  Date:   2016-06-21 (Tue, 21 Jun 2016)

  Changed paths:
    M lib/strings.nix

  Log Message:
  -----------
  Merge pull request #16377 from aszlig/improve-escape-shell-arg

lib: Make escapeShellArg more robust


Compare: https://github.com/NixOS/nixpkgs/compare/6536804848f3...bc6b93511f21
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits