Escape arbitrary strings for safe use as command line arguments.
This package provides the shellescape.Quote()
function that returns a
shell-escaped copy of a string. This functionality could be helpful
in those cases where it is known that the output of a Go program will
be appended to/used in the context of shell programs' command line arguments.
This work was inspired by the Python original package shellescape.
The following snippet shows a typical unsafe idiom:
package main
import (
"fmt"
"os"
)
func main() {
fmt.Printf("ls -l %s\n", os.Args[1])
}
Especially when creating pipeline of commands which might end up being executed by a shell interpreter, it is particularly unsafe to not escape arguments.
shellescape.Quote()
comes in handy and to safely escape strings:
package main
import (
"fmt"
"os"
"al.essio.dev/pkg/shellescape"
)
func main() {
fmt.Printf("ls -l %s\n", shellescape.Quote(os.Args[1]))
}
escargs reads lines from the standard input and prints shell-escaped versions. Unlinke xargs, blank lines on the standard input are not discarded.