Path rewriting in scripts needs to do smart escaping

[epruesse]

Current Behavior

Path rewriting when installing files into environments does not consider escaping rules particular to the language in question.

E.g. using an @ in the name for an environment (as is commonly done by Galaxy) breaks installed perl scripts using simple " to encapsulate strings.

Steps to Reproduce

$ conda env create -n trinity@2.8.4 -c bioconda -c conda-forge trinity=2.8.4
$ conda activate trinity@2.8.4
$ Trinity
Possible unintended interpolation of @2 in string at [...]/envs/trinity@2.8.4/bin/Trinity line 46.

The line in question says

my $TRIMMOMATIC = "/opt/anaconda1anaconda2anaconda3/share/trimmomatic/trimmomatic.jar";

Expected Behavior

This is complex. For object files, \0 terminates the string robustly because you can't have that in a filename. For text files, this option does not exist. Depending on the way the string constant is written in each particular language, different escaping has to be applied.

The alternative, forbidding ' " \ @ { } [ ] ( ) from environment names and paths is also problematic. People do this.

So conda would have to

• determine the script language
• determine the type of string constant
• apply escaping as required

Examples:

• Replacing "/opt/anaconda" with envs/some$stupid[$name] in a bash script neds to be escaped as envs/some\$stupid[\$name].
• Replacing '/opt/anaconda' with the same value would have to remain unescaped.
• Replacing "/opt/anaconda" with envs/who's stupid idea was this? in a bash script needs to remain unescaped.
• Replacing '/opt/anaconda' with the same value requires escaping as envs/who'\''s stupid idea was this?.

Bash has ' ' and " ". Perl has ' ', " ", q{}, qq{}, q[], qq[], q() and qq[]. Python has ' ', ''' ''', " ", """ """, r' ', r" ", etc (plus uandb` - ugh). I'm sure R and Lua have their own ways as well.

Because paths can contain all of the separator characters, there is no way to write a script robust to any valid path. Instead, applications have installers that handle the escaping, but those cannot account for the location being moved later on. It appears that there is no way but to have language aware escaping in conda. Detecting the type of escaping necessary could be done in conda-build, with an extension to the meta-data file noting the escape rules that must be applied.

[github-actions]

Hi there, thank you for your contribution!

This issue has been automatically marked as stale because it has not had recent activity. It will be closed automatically if no further activity occurs.

If you would like this issue to remain open please:

1. Verify that you can still reproduce the issue at hand
2. Comment that the issue is still reproducible and include:
   - What OS and version you reproduced the issue on
   - What steps you followed to reproduce the issue

NOTE: If this issue was closed prematurely, please leave a comment.

Thanks!

[bernt-matthias]

Still reproducible on Linux (Ubuntu).