openssh-rust / openssh

Scriptable SSH through OpenSSH in Rust
Apache License 2.0
232 stars 37 forks source link

shell-escape is being over zealous. #123

Closed Hraesvel closed 1 year ago

Hraesvel commented 1 year ago

Was trying to do a curl and notice that the args would fail. turns out the shell-escape is adding a few more single/double quotes.

try something like this and review the data structure. I think you need to use a different crate as shell-escape hasn't been updated in years.


let cmd = dbg!(session.command("curl")
.arg("-H 'Auth'")
.arg("some_host_ip)
.arg(-o 'stuff.txt')
)
.output()
.await()
.unwrap();
Hraesvel commented 1 year ago

workaround for this is to create one arg for the flag and one for the content.

.arg("-H")
.arg("Auth: ....")
NobodyXu commented 1 year ago

workaround for this is to create one arg for the flag and one for the content.

.arg("-H")
.arg("Auth: ....")

That is the intended way, every argument has to pass separately.

It is the same as std::process or tokio::process, every argument has to be passed separately. You can use args([...]) which can pass an array or a slice to simplify this.

NobodyXu commented 1 year ago

turns out the shell-escape is adding a few more single/double quotes.

Because you pass that as a simple argument, so shell-escape will escape every ' in them in order to pass it as a single argument and not be reinterpreted as multiple argument.

NobodyXu commented 1 year ago
curl -H 'Auth' some_host_ip -o 'stuff.txt'

This command contains the following arguments:

When you passed this to bash, it will split them based the syntax: everything quoted will be treated as a single argument, everything else will be split based on ascii whitespace.

Hraesvel commented 1 year ago

Thanks for the response. that's good to know, I'll update my automation code to split up cmds into tokens.

NobodyXu commented 1 year ago

@Hraesvel You can try shlex which does splitting in the same manner as POSIX shell

Hraesvel commented 1 year ago

@NobodyXu Ha I wish I saw this, just spent the last hour or so creating a Nom parser to handle complex curl cmd strings. This crate will likely do a better job than my quick write up.

NobodyXu commented 1 year ago

I will close this issue then