Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From: Patrick Blesi <patrick.blesi@gmail.com>
Newsgroups: gnu.bash.bug
Subject: Re: Feature Request: Custom delimeter for single quotes
Date: Sat, 2 Nov 2019 11:27:31 -0500
Lines: 108
Approved: bug-bash@gnu.org
Message-ID: <mailman.429.1572712074.13325.bug-bash@gnu.org>
References: <CAOnw=2J6fse6U=6zofMW7pORp0yTere_DYYSKGS6hf5xK2PuQA@mail.gmail.com> <13ecc4db-2b5e-95dd-2445-78191b9c01dd@iki.fi> <CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com> <fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org> <CAOnw=2JXTMic2sW5QWRrBiBDh83kEAMVBjX2X-Qwo5jLAWh_ww@mail.gmail.com>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: usenet.stanford.edu 1572712075 29132 209.51.188.17 (2 Nov 2019 16:27:55 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bug-bash@gnu.org, schwab@linux-m68k.org
To: Eli Schwartz <eschwartz@archlinux.org>
Envelope-to: bug-bash@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a3iN7mhGKO9xTzfmjLWM2tCuYJ1VRjOjZ4FcI9d0AsE=; b=oxS81aEfSuC/dbMp8D5bzJy8OreqtdEejmJZo1IXGMeXVByM0qaw5XCfRP5R72kYRm Q4kW2NTlNsu7aFPe3JXuv5fGHZzbiksodZ3eEa5Yc5lqVz8hv1W1YcmSHYOYnzB9Kyrz v7O89cW6wc7dgFEnNMZOWoNwccJjnUU7935SKOAeWzlKemPYhz9H3GLZ9ICO4fFIk24W Pp4x052Iigh3Zi/xklTFX6LG2Q4/7yPTwVk+rbr/w74fQVL+u7dAVE9cSBqTl17yaIXd t6CwzhNosbJTCElA2o0KXsl6Hjjfy0v9aoV/K1ekk8UjjjeL7yRSpcS8fKmvAdH+K+gb Pksg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a3iN7mhGKO9xTzfmjLWM2tCuYJ1VRjOjZ4FcI9d0AsE=; b=Sb+cqCVBGzUbB5UYslDcqPhBTRw6YdhIg5mqoDmn7fWLnDzmE/6Y+kHgTZV/w1rw4o i920W+PM7fDhTxx5OSJ3kBJZSbHtmYA18sm7+d5g829drW9BEvD3cUDNFXjnIZB0vxZz dceyEVk2RUfNkjtMadu8r3nuDDLK6ZRpj4/krp6gG2pc6+ODsHxso3NxKo40TR6HFajX ULtW4OaN5qtekNlOd71b1vmkzfZgZa+mpJO8U0TX80y7RA19VMiMFbajSr8fL3wzkzNk hmbrWo/G8skcYSm4+UUBbHl2wJ2JSKBj9NgLdMFyHnyFVWfhsOnsW75gOqhSVSd/iSqn nwnw==
X-Gm-Message-State: APjAAAXqk5zbR7Dn3NNg7eUtTWQlQSt0akn/1DovRhHTOR3Z38alnd1L hjd9g4mj40YCo7z3Pc+DRYsVz4gGiXfh4EV7bqU=
X-Google-Smtp-Source: APXvYqxQGdd8NIj3Ge8/qO025ZFD/eS09gV5J8/StifpffHLELUOs7KhlB1Jw7y8MxNYr4e6XYoyd3PBA4wt0NtZdaQ=
X-Received: by 2002:a50:9eac:: with SMTP id a41mr19492345edf.237.1572712063068; Sat, 02 Nov 2019 09:27:43 -0700 (PDT)
In-Reply-To: <fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized.
X-Received-From: 2a00:1450:4864:20::542
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Mailman-Original-Message-ID: <CAOnw=2JXTMic2sW5QWRrBiBDh83kEAMVBjX2X-Qwo5jLAWh_ww@mail.gmail.com>
X-Mailman-Original-References: <CAOnw=2J6fse6U=6zofMW7pORp0yTere_DYYSKGS6hf5xK2PuQA@mail.gmail.com> <13ecc4db-2b5e-95dd-2445-78191b9c01dd@iki.fi> <CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com> <fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org>
Xref: csiph.com gnu.bash.bug:15556

Upon further inspection, what Andreas pointed out is actually what I need.
Just to close the loop on everything...

It looks like Ruby does support execution with and without a shell:
https://apidock.com/ruby/Kernel/system.

The reasoning for using two programming languages is that sometimes it is
easier to accomplish things in Ruby and sometimes it is easier to
accomplish things in a shell. Providing the user the option to implement
something via shell or via Ruby allows for maximum flexibility and utility.

Regarding, posix compliance, I was specifically asking about whether the
following code could be expected to be supported by any POSIX-compliant
shell:

command=$(cat <<'MAGIC_WORD'
  #{command}
  MAGIC_WORD
)
tmux send-keys -t %1 q C-u "$command" C-m

Not sure if this is the canonical POSIX shell reference:
https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_07_04,
but it appears that the quoted here-doc and command substitution are shell
features defined by the POSIX standard.

Thank you very much for your help.

-- Patrick


On Fri, Nov 1, 2019 at 3:44 PM Eli Schwartz <eschwartz@archlinux.org> wrote:

> On 11/1/19 3:57 PM, Patrick Blesi wrote:
> > The actual use case is taking a command from a Ruby script:
> >
> >
> https://github.com/braintree/runbook/blob/4a0f0770a8a2a7be135cf13ee435d981b5975a06/lib/runbook/helpers/tmux_helper.rb#L23
> >
> > `tmux send-keys -t #{target} #{_pager_escape_sequence} '#{command}' C-m`
> >
> > The user specifies the command they want to run as a Ruby string and it
> > gets interpolated into the above string and then executed (The backticks
> in
> > Ruby invoke the command in a subprocess and return the output as a
> string,
> > #{} is string interpolation). As you can see, if the user-specified
> command
> > has a single quote, it will break this command unless escaped.
>
> I don't know about ruby.
>
> I know that in, say, python, the subprocess module can take an array
> with a command executable and its arguments, and execute it using the
> exec() family of functions.
>
> You can optionally request that the subprocess module do its execution
> via a shell, just like system() does, but it's generally not exactly
> recommended.
>
> Have you considered rewriting your ruby program to not use vulnerable
> methods of executing subprocesses? Given that ruby is, presumably, a
> powerful programming language, I don't understand why you would want to
> write a program that now uses *two* programming languages:
>
> - ruby
> - /bin/sh
>
> when you could do all your work in ruby.
>
> If you absolutely require using shell syntax in your subprocess for
> inexplicable reasons, you can use the shell syntax embedded within this
> pseudocode, which would be executed using the exec() family of functions:
>
> {'sh', '-c', 'do_things "$1"', '_', 'argv_containing_user_input'}
>
> given sh is being passed an argument without introducing a shell, and
> that argument is assigned to the shell variable $1, that argument can be
> defined and passed to exec() containing anything which ruby wants to put
> there.
>
> Safely.
>
> > I think doing something like this should serve my needs:
> >
> >   `
> >   command=$(cat <<'MAGIC_WORD'
> >   #{command}
> >   MAGIC_WORD
> >   )
> >   tmux send-keys -t #{target} #{_pager_escape_sequence} "$command" C-m
> >   `
> > So that no single quote escaping is required. The non-valid input for the
> > command would be MAGIC_WORD. Do you know if this command is POSIX
> > compliant/supported by a large number of shells? Is is supported by the
> > bourne shell?
>
> Is what command POSIX compliant?
>
> - The one you're proposing be added, right now, to bash and bash alone?
> - tmux?
> - cat with quoted delimiter tokens?
>
> --
> Eli Schwartz
> Arch Linux Bug Wrangler and Trusted User
>
>