-
-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid handling of parameter values starting with double quotes ("
), e.g. --order-by='"quoted" value'
#891
Comments
"
), e.g. --meta-description='"quoted" value'
"
), e.g. --order-by='"quoted" value'
Unfortunately, this is out of our hands. We are just parsing the David Deley has a nice resource keeping track of all the nuisances. I'm gonna go ahead and close this because as you can tell from David's doc there are just so many possible combinations of behaviors there really isn't anyway we'd be able to rework this in a logical way so we'll continue relying on the OS and framework's behaviors. |
@phil-scott-78 Thank you for your response, but I still think, that it IS a problem in On POSIX you can either use double quotes or single quotes ( It would be a HUGE problem in // Program.cs, dotnet 6
Console.WriteLine("== Environment.CommandLine ==");
Console.WriteLine(Environment.CommandLine);
Console.WriteLine("");
Console.WriteLine("== Environment.GetCommandLineArgs() ==");
foreach(var a in Environment.GetCommandLineArgs()){
Console.WriteLine(a);
}
Console.WriteLine("");
Console.WriteLine("== args ==");
foreach(var b in args){
Console.WriteLine(b);
}
return 0; Output: ./dist/cli-tester test --order-by '"quoted" value' input.mp3
== Environment.CommandLine ==
/home/sandreas/projects/tone/cli-tester/dist/cli-tester.dll test --order-by "\"quoted\" value" input.mp3
== Environment.GetCommandLineArgs() ==
/home/sandreas/projects/tone/cli-tester/dist/cli-tester.dll
test
--order-by
"quoted" value
input.mp3
== args ==
test
--order-by
"quoted" value
input.mp3 Side note: If you don't really compile and run the binary, but try with the debugger / IDE, it might reorganize the command arguments you are running and break the args string WITHIN the IDE - this happened to me in == Environment.CommandLine ==
/home/sandreas/projects/tone/cli-tester/bin/Debug/net6.0/cli-tester.dll test --order-by 'quoted value' input.mp3
== Environment.GetCommandLineArgs() ==
/home/sandreas/projects/tone/cli-tester/bin/Debug/net6.0/cli-tester.dll
test
--order-by
'quoted
value'
input.mp3
== args ==
test
--order-by
'quoted
value'
input.mp3 So looking at the
Could you please verify my results from above with a real compiled program on a |
Information
Describe the bug
Parameter values cannot start with double quotes (
"
), they are either replaced or handled completely wrong. Additionally, parameter values are TRIMMED (remove leading spaces), so adding a space to workaround this is not possible.The following example even cuts off the parameter value and treats everything after the space as EXTRA argument, in the following case
value
is handled as positional argument and not part of--order-by
:This may be a security flaw under specific circumstances.
More examples of invalid handling:
The following examples work like expected, if not starting with double quotes or single quotes are used
To Reproduce
Expected behavior
) CAN be a valid part of a parameter value and should not be replaced or parsed out in any way.
I would expect double quotes (
"
) and spaces (The text was updated successfully, but these errors were encountered: