Escape all shell arguments uniformly

This commit is contained in:
zimbatm 2016-06-12 18:11:37 +01:00
parent 852e9c3096
commit 28fa4a2f03
9 changed files with 20 additions and 19 deletions

View File

@ -213,7 +213,16 @@ rec {
escapeShellArg "so([<>])me" escapeShellArg "so([<>])me"
=> "so\\(\\[\\<\\>\\]\\)me" => "so\\(\\[\\<\\>\\]\\)me"
*/ */
escapeShellArg = lib.escape (stringToCharacters "\\ ';$`()|<>\t*[]"); escapeShellArg = arg:
lib.escape (stringToCharacters "\\ ';$`()|<>\t*[]") (toString arg);
/* Escape all arguments to be passed to the Bourne shell.
Example:
escapeShellArgs ["one" "two three"]
=> "one two\\ three"
*/
escapeShellArgs = concatMapStringsSep " " escapeShellArg;
/* Obsolete - use replaceStrings instead. */ /* Obsolete - use replaceStrings instead. */
replaceChars = builtins.replaceStrings or ( replaceChars = builtins.replaceStrings or (

View File

@ -187,7 +187,7 @@ in
script = '' script = ''
cd '${cpath}' cd '${cpath}'
set +e set +e
simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline} simp_le ${escapeShellArgs cmdline}
EXITCODE=$? EXITCODE=$?
set -e set -e
echo "$EXITCODE" > /tmp/lastExitCode echo "$EXITCODE" > /tmp/lastExitCode

View File

@ -101,7 +101,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.opendkim}/bin/opendkim ${concatMapStringsSep " " escapeShellArg args}"; ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";

View File

@ -152,8 +152,6 @@ let
}; };
}; };
mkShellStr = val: "'${replaceStrings ["'"] ["'\\''"] val}'";
certtool = "${pkgs.gnutls.bin}/bin/certtool"; certtool = "${pkgs.gnutls.bin}/bin/certtool";
nixos-taskserver = pkgs.buildPythonPackage { nixos-taskserver = pkgs.buildPythonPackage {

View File

@ -13,7 +13,7 @@ let
ectl = ''${cfg.package}/bin/ejabberdctl ${if cfg.configFile == null then "" else "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"''; ectl = ''${cfg.package}/bin/ejabberdctl ${if cfg.configFile == null then "" else "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"'';
dumps = lib.concatMapStringsSep " " lib.escapeShellArg cfg.loadDumps; dumps = lib.escapeShellArgs cfg.loadDumps;
in { in {

View File

@ -71,8 +71,6 @@ let
}; };
}; };
shellEscape = x: "'${replaceChars ["'"] [("'\\'" + "'")] x}'";
loopForever = "while :; do ${coreutils}/bin/sleep 1; done"; loopForever = "while :; do ${coreutils}/bin/sleep 1; done";
initScript = writeScript "init.sh" ('' initScript = writeScript "init.sh" (''
@ -132,7 +130,7 @@ let
-o StrictHostKeyChecking=no \ -o StrictHostKeyChecking=no \
-i /ssh.key \ -i /ssh.key \
-l Administrator \ -l Administrator \
192.168.0.1 -- ${shellEscape command} 192.168.0.1 -- ${lib.escapeShellArg command}
'') + optionalString (suspendTo != null) '' '') + optionalString (suspendTo != null) ''
${coreutils}/bin/touch /xchg/suspend_now ${coreutils}/bin/touch /xchg/suspend_now
${loopForever} ${loopForever}

View File

@ -16,8 +16,6 @@
}@args: }@args:
let let
shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
importedGemset = import gemset; importedGemset = import gemset;
filteredGemset = (lib.filterAttrs (name: attrs: filteredGemset = (lib.filterAttrs (name: attrs:
if (builtins.hasAttr "groups" attrs) if (builtins.hasAttr "groups" attrs)
@ -58,8 +56,8 @@ let
"${confFiles}/Gemfile" \ "${confFiles}/Gemfile" \
"$out/${ruby.gemPath}" \ "$out/${ruby.gemPath}" \
"${bundler}/${ruby.gemPath}" \ "${bundler}/${ruby.gemPath}" \
${shellEscape (toString envPaths)} \ ${lib.escapeShellArg envPaths} \
${shellEscape (toString groups)} ${lib.escapeShellArg groups}
'' + lib.optionalString (postBuild != null) postBuild; '' + lib.optionalString (postBuild != null) postBuild;
passthru = rec { passthru = rec {
inherit ruby bundler meta gems; inherit ruby bundler meta gems;

View File

@ -18,8 +18,8 @@
# Normal gem packages can be used outside of bundler; a binstub is created in # Normal gem packages can be used outside of bundler; a binstub is created in
# $out/bin. # $out/bin.
{ lib, ruby, bundler, fetchurl, fetchgit, makeWrapper, git, { lib, fetchurl, fetchgit, makeWrapper, git, darwin
buildRubyGem, darwin , ruby, bundler
} @ defs: } @ defs:
lib.makeOverridable ( lib.makeOverridable (
@ -53,7 +53,6 @@ lib.makeOverridable (
, ...} @ attrs: , ...} @ attrs:
let let
shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
src = attrs.src or ( src = attrs.src or (
if type == "gem" then if type == "gem" then
fetchurl { fetchurl {
@ -165,7 +164,7 @@ stdenv.mkDerivation (attrs // {
${src} \ ${src} \
${attrs.rev} \ ${attrs.rev} \
${version} \ ${version} \
${shellEscape (toString buildFlags)} ${lib.escapeShellArgs buildFlags}
''} ''}
${lib.optionalString (type == "gem") '' ${lib.optionalString (type == "gem") ''

View File

@ -37,7 +37,6 @@
# that point into the user's profile. # that point into the user's profile.
let let
shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
installer = writeScript "xquartz-install" '' installer = writeScript "xquartz-install" ''
NIX_LINK=$HOME/.nix-profile NIX_LINK=$HOME/.nix-profile
@ -138,7 +137,7 @@ in stdenv.mkDerivation {
defaultStartX="$out/bin/startx -- $out/bin/Xquartz" defaultStartX="$out/bin/startx -- $out/bin/Xquartz"
ruby ${./patch_plist.rb} \ ruby ${./patch_plist.rb} \
${shellEscape (builtins.toXML { ${lib.escapeShellArg (builtins.toXML {
XQUARTZ_DEFAULT_CLIENT = "${xterm}/bin/xterm"; XQUARTZ_DEFAULT_CLIENT = "${xterm}/bin/xterm";
XQUARTZ_DEFAULT_SHELL = "${shell}"; XQUARTZ_DEFAULT_SHELL = "${shell}";
XQUARTZ_DEFAULT_STARTX = "@STARTX@"; XQUARTZ_DEFAULT_STARTX = "@STARTX@";