use shell-quote package
#4080
use shell-quote package
#4080
Conversation
|
|
A wrangler prerelease is available for testing. You can install this latest build in your project with: npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/6384551922/npm-package-wrangler-4080You can reference the automatically updated head of this PR with: npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/6384551922/npm-package-wrangler-4080Or you can use npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/6384551922/npm-package-wrangler-4080 dev path/to/script.jsAdditional artifacts:npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/6384551922/npm-package-cloudflare-pages-shared-4080Note that these links will no longer work once the GitHub Actions artifact expires.
| Please ensure constraints are pinned, and |
RamIdeas
force-pushed
the
command-parse-no-split
branch
from
e7e5b6f
to
ac29253
Compare
Codecov Report
@@ Coverage Diff @@
## main #4080 +/- ##
==========================================
- Coverage 75.07% 74.99% -0.08%
==========================================
Files 216 217 +1
Lines 12054 12065 +11
Branches 3123 3122 -1
==========================================
- Hits 9049 9048 -1
- Misses 3005 3017 +12
|
| runWrangler("d1 execute --command 'select 1;'") | ||
| runWrangler("d1 execute db --command 'select 1;'") |
There was a problem hiding this comment.
This test forgot to specify the database positional argument. It was passing before because the command argument has a space (and previously we split the whole command by space), resulting in command parsed as 'select and database parsed as 1;'
| "deploy --dry-run --outdir dist --define abc:'https://www.abc.net.au/news/'" | ||
| `deploy --dry-run --outdir dist --define "abc:'https://www.abc.net.au/news/'"` |
There was a problem hiding this comment.
This wasn't a correct example of how a user would specify the define arg with this value.
Before (incorrect, note the missing quotes by the time node.js sees the value):
▶ node -e 'console.log(process.argv.slice(1))' -- --define abc:'123'
[ '--define', 'abc:123' ]After (correct, note the quotes in the value as expected):
▶ node -e 'console.log(process.argv.slice(1))' -- --define "abc:'123'"
[ '--define', "abc:'123'" ]
| `kv:key put dKey dVal --namespace-id some-namespace-id --metadata {"mKey":"mValue"}` | ||
| `kv:key put dKey dVal --namespace-id some-namespace-id --metadata '{"mKey":"mValue"}'` |
There was a problem hiding this comment.
This wasn't a correct example of how a user would specify the metadata arg with JSON.
Before (incorrect, note the missing quotes which would fail JSON.parse)
▶ node -e 'console.log(process.argv.slice(1))' -- --metadata {"mKey":"mValue"}
[ '--metadata', '{mKey:mValue}' ]After (correct, note the valid JSON as expected):
▶ node -e 'console.log(process.argv.slice(1))' -- --metadata '{"mKey":"mValue"}'
[ '--metadata', '{"mKey":"mValue"}' ]
| ...getC3CommandFromEnv().split(" "), | ||
| ...shellquote.parse(getC3CommandFromEnv()), |
There was a problem hiding this comment.
This would have failed in scenarios where the c3 command was pointing to a local executable, for example, in a directory with spaces
| c3Arguments.unshift(...getC3CommandFromEnv().split(" ")); | ||
| c3Arguments.unshift(...shellquote.parse(getC3CommandFromEnv())); |
There was a problem hiding this comment.
This would have failed in scenarios where the c3 command was pointing to a local executable, for example, in a directory with spaces
| import shellquote from "shell-quote"; | ||
|
|
||
| export const quote = shellquote.quote; | ||
|
|
||
| export function parse(cmd: string, env?: Record<string, string>): string[] { | ||
| const entries = shellquote.parse(cmd, env); | ||
| const argv: string[] = []; | ||
|
|
||
| for (const entry of entries) { | ||
| // use string entries, as is | ||
| if (typeof entry === "string") { | ||
| argv.push(entry); | ||
| continue; | ||
| } | ||
|
|
||
| // ignore comments | ||
| if ("comment" in entry) { | ||
| continue; | ||
| } | ||
|
|
||
| // we don't want to resolve globs, passthrough the pattern unexpanded | ||
| if (entry.op === "glob") { | ||
| argv.push(entry.pattern); | ||
| continue; | ||
| } | ||
|
|
||
| // any other entry.op is a ControlOperator (e.g. && or ||) we don't want to support | ||
| throw new Error( | ||
| `Only simple commands are supported, please don't use the "${entry.op}" operator in "${cmd}".` | ||
| ); | ||
| } | ||
|
|
||
| return argv; | ||
| } |
There was a problem hiding this comment.
This is duplicated across C3 and wrangler. I will extract to a new shared package when #4038 is merged
instead of approximating behaviour with .split(" ") and .join(" ")
- return string[], not including objects - passthrough glob patterns - throw when using non-simple commands
RamIdeas
force-pushed
the
command-parse-no-split
branch
from
ef392be
to
ea0e5e7
Compare
use
shell-quotepackage instead of approximating behaviour with.split(" ")and.join(" ")Fixes #4079
Reviewer is to perform the following, as applicable:
Note for PR author:
We want to celebrate and highlight awesome PR review! If you think this PR received a particularly high-caliber review, please assign it the label
highlight pr reviewso future reviewers can take inspiration and learn from it.