[BUG] _strip_ansi_codes() leaves DCS/PM/APC escape sequence payload bytes in output

[GingerGraham]

Description

_strip_ansi_codes() uses a multi-pass sed approach to remove ANSI/escape sequences.
The current passes handle CSI sequences (\e[...) and OSC sequences (\e]...) completely,
but only remove the two-byte introducer for Device Control String (DCS: \eP), Privacy
Message (PM: \e^), and Application Program Command (APC: \e_) sequences. The payload
data and ST terminator (\e\\) that follow each opener are left intact in the output.

Steps to Reproduce

1. Source logging.sh
2. Call _strip_ansi_codes() with a string containing a DCS, PM, or APC sequence
3. Observe that the payload survives stripping

source logging.sh
init_logger --no-color

# DCS sequence: ESC P <payload> ESC \
dcs=$'\ePsixel-data-here\e\\'
result=$(_strip_ansi_codes "$dcs")
echo "DCS result: '$result'"
# Expected: ''
# Actual:   'sixel-data-here' + trailing ESC + backslash

# PM sequence: ESC ^ <payload> ESC \
pm=$'\e^metadata\e\\'
result=$(_strip_ansi_codes "$pm")
echo "PM result: '$result'"
# Expected: ''
# Actual:   'metadata' + trailing ESC + backslash

Expected Behavior

All bytes belonging to a DCS, PM, or APC sequence — including the opener, payload, and
ST terminator (\e\\) — should be stripped, producing an empty string for a pure-sequence
input.

Actual Behavior

After step 3 removes the two-byte \eP / \e^ / \e_ introducer, the payload and the
\e\\ ST terminator survive and appear in the sanitised output.

Environment

• Bash Version: any (sed behaviour is consistent)
• Shell: bash
• OS: any
• bash-logger Version: 2.4.0
• Installation Method: sourced directly

Logger Configuration

• Output Targets: console (file output is unaffected as terminals don't interpret
  raw log files; journal output strips ANSI separately)
• Relevant setting: LOG_UNSAFE_ALLOW_ANSI_CODES=false (the default)

Additional Context

The existing step 2 logic for OSC sequences provides the exact pattern to follow. A
set of additional passes using the same approach applied to DCS, PM, and APC introducers
would complete the coverage:

# After current step2b, before existing step3:

# Remove DCS sequences (\eP...payload...\e\\)
local step2c
step2c=$(printf '%s' "$step2b" | sed "s|${esc}P[^${esc}]*${esc}\\\\||g")

# Remove PM sequences (\e^...payload...\e\\)
local step2d
step2d=$(printf '%s' "$step2c" | sed "s|${esc}\\^[^${esc}]*${esc}\\\\||g")

# Remove APC sequences (\e_...payload...\e\\)
local step2e
step2e=$(printf '%s' "$step2d" | sed "s|${esc}_[^${esc}]*${esc}\\\\||g")

# Rename: existing step3 takes step2e as input
local step3
step3=$(printf '%s' "$step2e" | sed 's/\x1b[^[]//g')

New regression tests should be added to tests/test_ansi_injection.sh covering DCS,
PM, and APC payload stripping.

Minimal Example (if applicable)

source logging.sh
init_logger --no-color --log /dev/null

# All three should produce empty output after stripping:
for seq in $'\ePdata\e\\' $'\e^data\e\\' $'\e_data\e\\'; do
    result=$(_strip_ansi_codes "$seq")
    [[ -z "$result" ]] && echo "PASS" || echo "FAIL: '$result' not fully stripped"
done

[GingerGraham]

Plan: Fix DCS/PM/APC escape sequence stripping (Issue #105)

Summary

_strip_ansi_codes() in logging.sh only removes the 2-byte introducer for DCS (\eP),
PM (\e^), and APC (\e_) sequences. Their payload and the ST terminator (\e\) survive.
Fix by adding three new sed passes (step2c/2d/2e) after the existing step2b, mirroring the
pattern already used for OSC ST-terminated sequences. Add three regression tests to
tests/test_ansi_injection.sh.

Steps

Phase 1: Fix _strip_ansi_codes() in logging.sh

1. Read logging.sh lines 990–1010 (around step2b and step3) to confirm exact surrounding code
2. Insert three new sed passes between step2b and step3:
   • step2c: Remove DCS sequences (${esc}P[^${esc}]*${esc}\\)
   • step2d: Remove PM sequences (${esc}\^[^${esc}]*${esc}\\)
   • step2e: Remove APC sequences (${esc}_[^${esc}]*${esc}\\)
3. Update the step3 command to use $step2e as its input (instead of $step2b)
4. Update the comment block above step3 to describe this new coverage

Phase 2: Add tests to tests/test_ansi_injection.sh

5. Add four new test functions before the # Run all tests block:
   • test_dcs_sequences_stripped: ESC P + payload + ST → empty
   • test_pm_sequences_stripped: ESC ^ + payload + ST → empty
   • test_apc_sequences_stripped: ESC _ + payload + ST → empty
   • test_mixed_dcs_pm_apc_stripped: all three together, interleaved with normal text
6. Register each new test function in the "Run all tests" section at the bottom of the file

Relevant files

• logging.sh lines 962–1010 — _strip_ansi_codes(): add step2c/2d/2e sed passes, update step3 input
• tests/test_ansi_injection.sh — add 4 new test functions, register them at bottom

Verification

1. Run tests/run_tests.sh — all existing + new tests must pass
2. Manually run the minimal repro from issue [BUG] _strip_ansi_codes() leaves DCS/PM/APC escape sequence payload bytes in output #105:

   source logging.sh; init_logger --no-color
   for seq in $'\ePdata\e\\' $'\e^data\e\\' $'\e_data\e\\'; do
       result=$(_strip_ansi_codes "$seq")
       [[ -z "$result" ]] && echo "PASS" || echo "FAIL: '$result'"
   done

3. Confirm no public API changes (no changes outside internal _strip_ansi_codes() function)
4. Run ShellCheck on logging.sh: shellcheck --severity=warning --external-sources logging.sh

Decisions

• No public API changes needed — the fix is entirely within the internal _strip_ansi_codes() function
• Match existing OSC ST-terminated pattern ([^${esc}]*) for consistency; payloads with embedded ESC characters may not be fully stripped but this mirrors existing OSC behaviour (step2b limitation)
• Follow existing test pattern in test_ansi_injection.sh: direct calls to _strip_ansi_codes() + if/else + pass_test/fail_test (no log files needed since we're testing the internal function)
• Use $TEST_DIR (not $TEST_TMP_DIR) for any temporary files per current test guidelines

[GingerGraham]

Released with v2.5.0