Open fhars opened 4 months ago
Yep, looks like we are missing a shlex.quote()
, we should probably place this in the USBStorageDriver
to ensure that passed in folders are properly escaped.
Not just the directories:
touch 'fnord; touch I_Was_Here_Too'; labgrid-client -c test-config/remote.yaml -p mp write-files -t '/; touch I_Was_Here' 'fnord; touch I_Was_Here_Too'; ls -l ~/I_Was*
I meant that both arguments to write_files
need to be quoted, regardless of them being files or commands.
Hm, I do wonder who ends up interpreting the commands, AFAICS we always use Popen
with shell=False
(the default).
Edit: It is indeed the expansion done by SSH.
From ssh(1):
If supplied, the arguments will be appended to the command, separated by spaces, before it is sent to the server to be executed.
Yep, please open a PR if you find the time.
Somewhere along the way from
write_files
throughProcessWrapper
,subprocess.Popen
,ssh
to the finalcp
command, there seems to be a shell (I suspect ssh) that expands file names, so things fail if filenames contain spaces. Or other interesting things: