From b132840385bd09bc34082cc0e8a9f231deca3dd1 Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Sun, 13 Jun 2021 22:34:53 +0000 Subject: [PATCH] shell-quote is full of bugs -_- seriously, how did this happen?? this is the one kind of library you'd assume couldn't possibly have bugs, because it's so obviously critical for the thing to be thoroughly tested. and it's not even complicated functionality to implement... --- backend/lsp-repl.js | 4 ++-- backend/sandbox.js | 13 +++---------- backend/util.js | 5 ++++- package.json | 1 - yarn.lock | 5 ----- 5 files changed, 9 insertions(+), 19 deletions(-) diff --git a/backend/lsp-repl.js b/backend/lsp-repl.js index b136110..ed91211 100644 --- a/backend/lsp-repl.js +++ b/backend/lsp-repl.js @@ -2,10 +2,10 @@ import child_process from "child_process"; import process from "process"; import readline from "historic-readline"; -import { quote } from "shell-quote"; import rpc from "vscode-jsonrpc"; import { langsPromise } from "./langs.js"; +import { quote } from "./util.js"; const args = process.argv.slice(2); @@ -32,7 +32,7 @@ if (args.length === 1 && langs[args[0]] && langs[args[0]].lsp) { cmdline = args; } -console.error(quote(cmdline)); +console.error(cmdline.map(quote).join(" ")); const proc = child_process.spawn(cmdline[0], cmdline.slice(1)); proc.stderr.on("data", (data) => process.stderr.write(data)); diff --git a/backend/sandbox.js b/backend/sandbox.js index 19fb2fd..4f8e470 100644 --- a/backend/sandbox.js +++ b/backend/sandbox.js @@ -3,7 +3,6 @@ import { promises as fs } from "fs"; import process from "process"; import pty from "node-pty"; -import { quote } from "shell-quote"; import { readLangConfig } from "../lib/yaml.js"; import { @@ -13,6 +12,7 @@ import { privilegedPty, privilegedSession, privilegedWait, + quote, run, } from "./util.js"; @@ -39,19 +39,12 @@ async function main() { name: "xterm-color", }); await run(privilegedWait({ uuid }), log); - console.log( - bash( - `env L='${lang}' LANG_CONFIG=${quote([ - JSON.stringify(langConfig), - ])} bash --rcfile <(cat <<< ${quote([sandboxScript])})` - )[2] - ); const args = privilegedPty( { uuid }, bash( - `env L='${lang}' LANG_CONFIG=${quote([ + `env L='${lang}' LANG_CONFIG=${quote( JSON.stringify(langConfig), - ])} bash --rcfile <(cat <<< ${quote([sandboxScript])})` + )} bash --rcfile <(cat <<< ${quote(sandboxScript)})` ) ); const proc = spawn(args[0], args.slice(1), { diff --git a/backend/util.js b/backend/util.js index c2f5504..5a205a2 100644 --- a/backend/util.js +++ b/backend/util.js @@ -2,9 +2,12 @@ import { spawn, spawnSync } from "child_process"; import os from "os"; import process from "process"; -import { quote } from "shell-quote"; import { v4 as getUUIDOrig } from "uuid"; +export function quote(str) { + return "'" + str.replace(/'/g, `'"'"'`) + "'"; +} + export const rijuSystemPrivileged = "system/out/riju-system-privileged"; export function getUUID() { diff --git a/package.json b/package.json index 95ed64d..fd543cf 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,6 @@ "parse-passwd": "^1.0.0", "prettier": "^2.3.1", "regenerator-runtime": "^0.13.7", - "shell-quote": "^1.7.2", "strip-ansi": "^6.0.0", "style-loader": "^2.0.0", "uuid": "^8.3.2", diff --git a/yarn.lock b/yarn.lock index 08766f3..5e40894 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3939,11 +3939,6 @@ shebang-regex@^3.0.0: resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172" integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== -shell-quote@^1.7.2: - version "1.7.2" - resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.7.2.tgz#67a7d02c76c9da24f99d20808fcaded0e0e04be2" - integrity sha512-mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg== - signal-exit@^3.0.3: version "3.0.3" resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.3.tgz#a1410c2edd8f077b08b4e253c8eacfcaf057461c"