windsock: apply shell escaping where needed

shotover · Sep 13, 2023 · 4c21311 · 4c21311
1 parent c58e10b
commit 4c21311
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/shotover-proxy/Cargo.toml b/shotover-proxy/Cargo.toml
@@ -8,6 +8,7 @@ license = "Apache-2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+shell-quote = "0.3.0"
 shotover = { path = "../shotover" }
 
 [dev-dependencies]

diff --git a/shotover-proxy/benches/windsock/aws/mod.rs b/shotover-proxy/benches/windsock/aws/mod.rs
@@ -186,7 +186,8 @@ sudo docker system prune -af"#,
  // start container
  let mut env_args = String::new();
  for (key, value) in envs {
- // TODO: shell escape key and value
+ let key = String::from_utf8(shell_quote::bash::escape(key)).unwrap();
+ let value = String::from_utf8(shell_quote::bash::escape(value)).unwrap();
  env_args.push_str(&format!(" -e \"{key}={value}\""))
  }
  let output = self

diff --git a/windsock-cloud-docker/Cargo.toml b/windsock-cloud-docker/Cargo.toml
@@ -7,4 +7,5 @@ license = "Apache-2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+shell-quote = "0.3.0"
 subprocess.workspace = true
diff --git a/windsock-cloud-docker/src/main.rs b/windsock-cloud-docker/src/main.rs
@@ -6,7 +6,14 @@ use subprocess::{Exec, Redirection};
 fn main() {
  let mut args = std::env::args();
  args.next(); // skip binary name
- let args: Vec<String> = args.collect();
+ let args: Vec<String> = args
+ .map(|x| {
+ format!(
+ "'{}'",
+ String::from_utf8(shell_quote::bash::escape(x)).unwrap()
+ )
+ })
+ .collect();
  let args = args.join(" ");
 
  // ensure container is setup