-
Notifications
You must be signed in to change notification settings - Fork 29k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Debugger environment variables not escaped in Bash #61056
Comments
Hey there, I have opened PR #61409 as a fix for this issue. I ended up just wrapping all of the args in single-quotes. This fixes the particular issue I am having. Now when I launch the debugger, it looks something like this: test.py from os import environ
print(environ.get('PASSWORD')) .env
launching test.py
Works fine. One thing I am wondering though is if allowing special characters to be evaluated is an intended use of the TerminalLauncher? Might someone want to pass an arg like |
The TerminalLauncher does not properly escape arguments for the Bash shell. This change wraps all arguments in single-quotes, and escapes the single quote. This means that bash special characters in arguments will not be evaluated.
Bump |
/duplicate #61902 |
Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for existing issues here. See also our issue reporting guidelines. Happy Coding! |
So, I am having the same issue described in #50302 except with the bash shell.
The issue is here: https://github.com/Microsoft/vscode/blob/release/1.28/src/vs/workbench/parts/debug/node/terminals.ts#L407
Args are wrapped in double-quotes, but only the double-quote is escaped. This means that bash characters such as
!
|
$
${}
$()
still do their "special" behavior. I think these args should be wrapped in single-quotes instead.Steps to Reproduce:
PASSWORD=some!password
Does this issue occur when all extensions are disabled?: Probably not, but per #50302, the extension developer calls a VSCode API to do this.
If maintainers agree with my solution (wrapping args in single-quotes instead of double-quotes) then I can create a PR for this.
The text was updated successfully, but these errors were encountered: