Quotes were needed (but were also insufficient) before 2d126776. After that commit, they actually break those fix commands, causing quotes to be part of arguments seen by the executed commands. As shell is no longer used when executing fix commands, quotes are not consumed by the shell.
Note that none of the plugins that have quotes in fix_cmd also set self.fixable=True, hence commands are not executed by sealert. Quotes need to be removed when affected plugins are marked as fixable.
Multiple plugins contain
fix_cmdthat include quotes, for example:Quotes were needed (but were also insufficient) before 2d126776. After that commit, they actually break those fix commands, causing quotes to be part of arguments seen by the executed commands. As shell is no longer used when executing fix commands, quotes are not consumed by the shell.
Note that none of the plugins that have quotes in
fix_cmdalso setself.fixable=True, hence commands are not executed bysealert. Quotes need to be removed when affected plugins are marked as fixable.