search

rundeck / rundeck

Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts
http://rundeck.org
Apache License 2.0
5.51k stars 915 forks source link

Issue with option escaping in commands on 4.0.1 #7698

Closed fishikles closed 2 years ago

fishikles commented 2 years ago

Describe the bug

I have updated my test RunDeck server from 3.2.8 to 4.0.1 and I've see a bug with argument escaping.
This can be reproduced with the attached job.
When run with value set to * on 3.2.8 the job succeeded and "command /data/notarealdir/*" was output 
However on 4.0.1 the job fails with "echo: No match."

My Rundeck detail

Rundeck version: 3.2.8 and 4.0.1
install type: rpm
OS Name/version: RHEL 7.7
DB Type/version: mysql

To Reproduce

Load the job attached below and run with value set to * on 3.2.8 and 4.0.1

Expected behaviour

I would have expected the ${options.value} in the command to be escaped in 4.0.1 as it was in 3.2.8
- defaultTab: nodes
  description: ''
  executionEnabled: true
  loglevel: INFO
  name: test
  nodeFilterEditable: false
  nodefilters:
    dispatch:
      excludePrecedence: true
      keepgoing: false
      rankOrder: ascending
      successOnEmptyNodeFilter: false
      threadcount: '1'
    filter: ''
  nodesSelectedByDefault: true
  options:
  - name: value
  plugins:
    ExecutionLifecycle: null
  scheduleEnabled: true
  sequence:
    commands:
    - exec: echo command /data/notarealdir/${option.value}
    keepgoing: false
    strategy: node-first
MegaDrive68k commented 2 years ago

Hi @fishikles

I tested your job definition with the following results:

3.2.8:

Screen Shot 2022-05-10 at 13 28 00

4.0.1:

Screen Shot 2022-05-10 at 13 26 24

4.2.0:

Screen Shot 2022-05-10 at 13 29 49

Also tested with real commands.

Maybe I missed something in the job def?

Regards!

fishikles commented 2 years ago

Hi @MegaDrive68k,

It needs to be run on a remote node not locally. See below: image

I'm not sure why the job was run locally when you imported it, I have it setup to run remotely (I have no node filter set and am overriding it when triggering the job): image image

I've tested running it locally and it works as expected: image

(In my setup lo1-uops-ecat-7 is the local host and upgrade@lo1-uops-ecat-7 is another account setup as a remote node.)

Thanks, Charles

fishikles commented 2 years ago

Hi @MegaDrive68k ,

Have you been able to reproduce this issue? Any idea how we can resolve it, as it is holding up out migration to v4

Thanks, Charles

smaddock commented 2 years ago

We are running into this as well. It looks like it may be similar to #7338 ... we cannot successfully quote or escape option arguments.

Rundeck 4.2.1 Remote execution argsquoted = true

What the output should be:

+ OPTION_A=test
+ OPTION_B='Acme Test Co.'
+ OPTION_C=e0547fc1-650e-b7fb-b542-152a103210ea

No quoting:

Execution preview: $ sudo "scriptfile ${option.a} ${option.b} ${option.c}"

+ OPTION_A=test
+ OPTION_B=Acme
/tmp/9-20286-software-dispatch-script.tmp.sh: line 7: $3: unbound variable

Unescaped single-quoting:

Execution preview: $ sudo "scriptfile '${option.a}' '${option.b}' '${option.c}'"

+ OPTION_A=test
+ OPTION_B=Acme
/tmp/10-20287-software-dispatch-script.tmp.sh: line 7: $3: unbound variable

Unescaped double-quoting:

Execution preview: $ sudo "scriptfile "${option.a}" "${option.b}" "${option.c}""

+ OPTION_A=test
+ OPTION_B=Acme
/tmp/11-20288-software-dispatch-script.tmp.sh: line 7: $3: unbound variable

Escaped double-quoting:

Execution preview: $ sudo "scriptfile \"${option.a}\" \"${option.b}\" \"${option.c}\""

+ OPTION_A='"test"'
+ OPTION_B='"Acme'
+ OPTION_C=Test

Double-escaped double-quoting:

Execution preview: $ sudo "scriptfile "\""${option.a}"\"" "\""${option.b}"\"" "\""${option.c}"\"""

+ OPTION_A='"test "acme'
+ OPTION_B=Test
+ OPTION_C='Co. "e0547fc1-650e-b7fb-b542-152a103210ea\'

Obviously the execution preview is not accurate, and there's some sort of sanitation happening.

smaddock commented 2 years ago

Okay we got it to work with triple quotes:

Execution preview: $ sudo "scriptfile """${option.a}""" """${option.b}""" """${option.c}""""

+ OPTION_A=test
+ OPTION_B='Acme Test Co.'
+ OPTION_C=e0547fc1-650e-b7fb-b542-152a103210ea

This only seems necessary for options that contain spaces. But good grief.

MegaDrive68k commented 2 years ago

Hi @MegaDrive68k ,

Have you been able to reproduce this issue? Any idea how we can resolve it, as it is holding up out migration to v4

Thanks, Charles

I tried on remote nodes too. Still working normally. Do you see the same behavior from a fresh 4.2.X test env?

fishikles commented 2 years ago

Hi @MegaDrive68k,

I've run a quick test on 4.2.1 using docker and the stub executors/nodes (as I haven't had time to setup ssh yet)

I noticed that the quoting on the command output by the stub executor has changes between versions: (this was run on the local node and a stub node) V4.2.1: image

V3.2.8 image

Looks like this is the root of the issue. in V3.2.8 the * and ajasent test is quoted in single quotes, in v4.2.1 it is not.

Node setup is: image

If you really need me to setup ssh access from my docker images to a test node so I don't have to use the stubs I can but it will take some time.

Thanks, Charles

fishikles commented 2 years ago

Hi @MegaDrive68k,

Have you had any luck investigating this issue?

Regards, Charles

fishikles commented 2 years ago

I've figued the issue.

see #7187 To fix you need to add the following to your framework.properties file: rundeck.feature.quoting.backwardCompatible=true