Re: Feature Request: Custom delimeter for single quotes

Path	csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From	Eli Schwartz <eschwartz@archlinux.org>
Newsgroups	gnu.bash.bug
Subject	Re: Feature Request: Custom delimeter for single quotes
Date	Fri, 1 Nov 2019 16:43:05 -0400
Lines	127
Approved	bug-bash@gnu.org
Message-ID	<mailman.266.1572641006.13325.bug-bash@gnu.org> (permalink)
References	<CAOnw=2J6fse6U=6zofMW7pORp0yTere_DYYSKGS6hf5xK2PuQA@mail.gmail.com> <13ecc4db-2b5e-95dd-2445-78191b9c01dd@iki.fi> <CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com> <fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org>
NNTP-Posting-Host	lists.gnu.org
Mime-Version	1.0
Content-Type	multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="YDawfSw5Yrm3qalaA1sCBHJZKflFya1EM"
X-Trace	usenet.stanford.edu 1572641007 23442 209.51.188.17 (1 Nov 2019 20:43:27 GMT)
X-Complaints-To	action@cs.stanford.edu
To	bug-bash@gnu.org
Envelope-to	bug-bash@gnu.org
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1572640989; bh=+2/5fSzEJKF3P5OnHasOZNUNFQ/2fgp1aljnBjISaOA=; h=Subject:To:References:From:Date:In-Reply-To; b=aEf4ZrKLja6QEBUmbEswmI8VRUUtm7UEd0wufeBx1PhFqUm3O4Bh/J5IYv+7PhkJ3 u5O+MSLF3LrQrm7OrKxJ0EnAiYbsi4ivclEZ5wsfEOytVjZgSZ/11+zzzkk+VVDH0b fWengq4YHULBb5Axnu4hXGRea2Dof6NIRACTd06n2nQ3OMnAuwwr5B5+CBqk2bgRMB 5cDBIJXEMj1YnW9HmYCyECA5d8/hkgXL19I2LXuomW8B/NTJY7AmqoZx691hH1aXWU Es3B7L60wf9zQb8SxKvjt0TIEqyigDhsQcjuilWcbh5bfyY0i8fpNBeV/trBWucaFJ rwBc39kGKGr8SfG2DJNz92y5PSZ1HCzs6go4AdvduRhRSL3lgOdF8zSL8w/siVFkl8 NNm13RYL5pbZzFsGX8CHoblUSmnMAQJqyOy9nj9+vPeI5lNptbS5QQfLyAbWe0ijYJ O/QVUNgXIFs81ikEDT1BT5KJ4AgPznszNWkU7GcTijKXV7k/QlQxPbiTml1mJq9J2j pSiz6byMpa+8qX02nnWr8/0sACX4xoTdfXrsk2dLLXKZAlazWbZKUJBfQHkJV+FDQU 6uY3rjBsoqp/TqMyywIarB81evzZVvgv14x8JEG+nGV5eEZ4uXHmjjQvQUVF7NZWiZ vfSkzjJkqpr7Ms/KNToDmRJQ=
X-Clacks-Overhead	GNU Terry Pratchett
User-Agent	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0
In-Reply-To	<CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com>
X-detected-operating-system	by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy]
X-Received-From	88.198.91.70
X-BeenThere	bug-bash@gnu.org
X-Mailman-Version	2.1.23
Precedence	list
List-Id	Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe	<https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive	<https://lists.gnu.org/archive/html/bug-bash>
List-Post	<mailto:bug-bash@gnu.org>
List-Help	<mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe	<https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Mailman-Original-Message-ID	<fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org>
X-Mailman-Original-References	<CAOnw=2J6fse6U=6zofMW7pORp0yTere_DYYSKGS6hf5xK2PuQA@mail.gmail.com> <13ecc4db-2b5e-95dd-2445-78191b9c01dd@iki.fi> <CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com>
Xref	csiph.com gnu.bash.bug:15553

Show key headers only | View raw

[Multipart message — attachments visible in raw view] - view raw

On 11/1/19 3:57 PM, Patrick Blesi wrote:
> The actual use case is taking a command from a Ruby script:
> 
> https://github.com/braintree/runbook/blob/4a0f0770a8a2a7be135cf13ee435d981b5975a06/lib/runbook/helpers/tmux_helper.rb#L23
> 
> `tmux send-keys -t #{target} #{_pager_escape_sequence} '#{command}' C-m`
> 
> The user specifies the command they want to run as a Ruby string and it
> gets interpolated into the above string and then executed (The backticks in
> Ruby invoke the command in a subprocess and return the output as a string,
> #{} is string interpolation). As you can see, if the user-specified command
> has a single quote, it will break this command unless escaped.

I don't know about ruby.

I know that in, say, python, the subprocess module can take an array
with a command executable and its arguments, and execute it using the
exec() family of functions.

You can optionally request that the subprocess module do its execution
via a shell, just like system() does, but it's generally not exactly
recommended.

Have you considered rewriting your ruby program to not use vulnerable
methods of executing subprocesses? Given that ruby is, presumably, a
powerful programming language, I don't understand why you would want to
write a program that now uses *two* programming languages:

- ruby
- /bin/sh

when you could do all your work in ruby.

If you absolutely require using shell syntax in your subprocess for
inexplicable reasons, you can use the shell syntax embedded within this
pseudocode, which would be executed using the exec() family of functions:

{'sh', '-c', 'do_things "$1"', '_', 'argv_containing_user_input'}

given sh is being passed an argument without introducing a shell, and
that argument is assigned to the shell variable $1, that argument can be
defined and passed to exec() containing anything which ruby wants to put
there.

Safely.

> I think doing something like this should serve my needs:
> 
>   `
>   command=$(cat <<'MAGIC_WORD'
>   #{command}
>   MAGIC_WORD
>   )
>   tmux send-keys -t #{target} #{_pager_escape_sequence} "$command" C-m
>   `
> So that no single quote escaping is required. The non-valid input for the
> command would be MAGIC_WORD. Do you know if this command is POSIX
> compliant/supported by a large number of shells? Is is supported by the
> bourne shell?

Is what command POSIX compliant?

- The one you're proposing be added, right now, to bash and bash alone?
- tmux?
- cat with quoted delimiter tokens?

-- 
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread

Thread

Re: Feature Request: Custom delimeter for single quotes Eli Schwartz <eschwartz@archlinux.org> - 2019-11-01 16:43 -0400

csiph-web