From ada1eee64852bca2ac252e50a263fe8374355f9d Mon Sep 17 00:00:00 2001 From: Michal Dorner Date: Sat, 12 Dec 2020 21:02:07 +0100 Subject: [PATCH] Simplify shell escaping - escape chars instead of quoting whole string --- __tests__/shell-escape.test.ts | 21 +++++++++++++-------- dist/index.js | 7 +++---- src/shell-escape.ts | 8 +++----- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/__tests__/shell-escape.test.ts b/__tests__/shell-escape.test.ts index 232cdd7b..d03669a1 100644 --- a/__tests__/shell-escape.test.ts +++ b/__tests__/shell-escape.test.ts @@ -1,16 +1,21 @@ import shellEscape from '../src/shell-escape' -test('simple path escaped', () => { - expect(shellEscape('file')).toBe("'file'") +test('simple filename should not be modified', () => { + expect(shellEscape('file.txt')).toBe('file.txt') }) -test('path with space is wrapped with single quotes', () => { - expect(shellEscape('file with space')).toBe("'file with space'") +test('directory separator should be preserved and not escaped', () => { + expect(shellEscape('path/to/file.txt')).toBe('path/to/file.txt') }) -test('path with quote is divided into quoted segments and escaped quote', () => { - expect(shellEscape("file'with quote")).toBe("'file'\\''with quote'") +test('spaces should be escaped with backslash', () => { + expect(shellEscape('file with space')).toBe('file\\ with\\ space') }) -test('path with leading quote does not have double quotes at beginning', () => { - expect(shellEscape("'file-leading-quote")).toBe("\\''file-leading-quote'") + +test('quotes should be escaped with backslash', () => { + expect(shellEscape('file\'with quote"')).toBe('file\\\'with\\ quote\\"') +}) + +test('$variables sould be escaped', () => { + expect(shellEscape('$var')).toBe('\\$var') }) diff --git a/dist/index.js b/dist/index.js index ea54600c..c0b79269 100644 --- a/dist/index.js +++ b/dist/index.js @@ -15222,12 +15222,11 @@ module.exports = require("fs"); "use strict"; -// Credits to https://github.com/xxorax/node-shell-escape Object.defineProperty(exports, "__esModule", { value: true }); +// Uses easy safe set of characters which can be left unescaped to keep it readable. +// Every other character will be backslash-escaped function shellEscape(value) { - return `'${value.replace(/'/g, "'\\''")}'` - .replace(/^(?:'')+/g, '') // unduplicate single-quote at the beginning - .replace(/\\'''/g, "\\'"); // remove non-escaped single-quote if there are enclosed between 2 escaped + return value.replace(/([^a-zA-Z0-9,._+:@%/-])/gm, '\\$1'); } exports.default = shellEscape; diff --git a/src/shell-escape.ts b/src/shell-escape.ts index 6dfe46d1..643b7ccb 100644 --- a/src/shell-escape.ts +++ b/src/shell-escape.ts @@ -1,7 +1,5 @@ -// Credits to https://github.com/xxorax/node-shell-escape - +// Uses easy safe set of characters which can be left unescaped to keep it readable. +// Every other character will be backslash-escaped export default function shellEscape(value: string): string { - return `'${value.replace(/'/g, "'\\''")}'` - .replace(/^(?:'')+/g, '') // unduplicate single-quote at the beginning - .replace(/\\'''/g, "\\'") // remove non-escaped single-quote if there are enclosed between 2 escaped + return value.replace(/([^a-zA-Z0-9,._+:@%/-])/gm, '\\$1') }