Skip to content

Commit

Permalink
Simplify shell escaping - escape chars instead of quoting whole string
Browse files Browse the repository at this point in the history
  • Loading branch information
dorny committed Dec 17, 2020
1 parent 44ac6d8 commit ada1eee
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 17 deletions.
21 changes: 13 additions & 8 deletions __tests__/shell-escape.test.ts
Original file line number Diff line number Diff line change
@@ -1,16 +1,21 @@
import shellEscape from '../src/shell-escape'

test('simple path escaped', () => {
expect(shellEscape('file')).toBe("'file'")
test('simple filename should not be modified', () => {
expect(shellEscape('file.txt')).toBe('file.txt')
})

test('path with space is wrapped with single quotes', () => {
expect(shellEscape('file with space')).toBe("'file with space'")
test('directory separator should be preserved and not escaped', () => {
expect(shellEscape('path/to/file.txt')).toBe('path/to/file.txt')
})

test('path with quote is divided into quoted segments and escaped quote', () => {
expect(shellEscape("file'with quote")).toBe("'file'\\''with quote'")
test('spaces should be escaped with backslash', () => {
expect(shellEscape('file with space')).toBe('file\\ with\\ space')
})
test('path with leading quote does not have double quotes at beginning', () => {
expect(shellEscape("'file-leading-quote")).toBe("\\''file-leading-quote'")

test('quotes should be escaped with backslash', () => {
expect(shellEscape('file\'with quote"')).toBe('file\\\'with\\ quote\\"')
})

test('$variables sould be escaped', () => {
expect(shellEscape('$var')).toBe('\\$var')
})
7 changes: 3 additions & 4 deletions dist/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -15222,12 +15222,11 @@ module.exports = require("fs");

"use strict";

// Credits to https://github.com/xxorax/node-shell-escape
Object.defineProperty(exports, "__esModule", { value: true });
// Uses easy safe set of characters which can be left unescaped to keep it readable.
// Every other character will be backslash-escaped
function shellEscape(value) {
return `'${value.replace(/'/g, "'\\''")}'`
.replace(/^(?:'')+/g, '') // unduplicate single-quote at the beginning
.replace(/\\'''/g, "\\'"); // remove non-escaped single-quote if there are enclosed between 2 escaped
return value.replace(/([^a-zA-Z0-9,._+:@%/-])/gm, '\\$1');
}
exports.default = shellEscape;

Expand Down
8 changes: 3 additions & 5 deletions src/shell-escape.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
// Credits to https://github.com/xxorax/node-shell-escape

// Uses easy safe set of characters which can be left unescaped to keep it readable.
// Every other character will be backslash-escaped
export default function shellEscape(value: string): string {
return `'${value.replace(/'/g, "'\\''")}'`
.replace(/^(?:'')+/g, '') // unduplicate single-quote at the beginning
.replace(/\\'''/g, "\\'") // remove non-escaped single-quote if there are enclosed between 2 escaped
return value.replace(/([^a-zA-Z0-9,._+:@%/-])/gm, '\\$1')
}

0 comments on commit ada1eee

Please sign in to comment.