-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post libraries do no quote file paths #14742
Comments
I think the ideal solution for this would be to update the cmd_exec API to take an array of arguments like most sane execution APIs and then process it appropriately based on the session information. something like:
This would make it easier for the caller so they don't have to worry about encoding for the platform. Right now, it looks like The |
Your approach suggested above makes sense, but I foresee a few pitfalls:
We use all of these in a few instances and usually for a good reason. There's also a dumb issue with some old shells due to command tokenisation (
FWIW;
But that resulted in a lot of bugs and inconsistency (in part due to supporting both
I don't care about Windows and thus have no opinion. |
I would think that if you wanted to use piping, redirection and chaining you'd need to explicitly invoke a subshell. That's how most APIs I've worked with tend to function. Something like |
Hi! This issue has been left open with no activity for a while now. We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. |
A large number of methods within the *nix post libraries (probably Windows too) do not make use of quotes for file paths.
This can result in modules breaking, modules failing to cleanup artifacts correctly, and potentially result in unintended behavior such as modifying or deleting files on the target system.
Currently, the approach is to use single quotes
'
which largely mitigates this issue. However, this approach has been applied inconsistently and still has issues. In particular, paths which contain'
will cause the functionality to break.To do:
(or useRex::FileUtils.clean_path
if viable)This likely affects a large number of modules too - not only the libraries. None the less, the libraries are the best place to start.
The text was updated successfully, but these errors were encountered: