summary refs log tree commit diff
diff options
context:
space:
mode:
authorzimbatm <zimbatm@zimbatm.com>2016-06-12 18:11:37 +0100
committerzimbatm <zimbatm@zimbatm.com>2016-06-12 18:11:37 +0100
commit28fa4a2f03e2232d95dec9dc2b8ef40857d725db (patch)
tree60a16516608d1b34c78b1a19bfdac0c9188f8412
parent852e9c309638c3e1c0e611c70a2b443d52455aca (diff)
downloadnixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.tar
nixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.tar.gz
nixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.tar.bz2
nixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.tar.lz
nixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.tar.xz
nixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.tar.zst
nixpkgs-28fa4a2f03e2232d95dec9dc2b8ef40857d725db.zip
Escape all shell arguments uniformly
Diffstat
-rw-r--r--lib/strings.nix11


-rw-r--r--nixos/modules/security/acme.nix2


-rw-r--r--nixos/modules/services/mail/opendkim.nix2


-rw-r--r--nixos/modules/services/misc/taskserver/default.nix2


-rw-r--r--nixos/modules/services/networking/ejabberd.nix2


-rw-r--r--pkgs/build-support/vm/windows/controller/default.nix4


-rw-r--r--pkgs/development/ruby-modules/bundler-env/default.nix6


-rw-r--r--pkgs/development/ruby-modules/gem/default.nix7


-rw-r--r--pkgs/servers/x11/xquartz/default.nix3


9 files changed, 20 insertions, 19 deletions
diff --git a/lib/strings.nix b/lib/strings.nix
index 9e9bdd6e153..653317ed171 100644
--- a/lib/strings.nix
+++ b/lib/strings.nix
@@ -213,7 +213,16 @@ rec {
        escapeShellArg "so([<>])me"
        => "so\\(\\[\\<\\>\\]\\)me"
   */
-  escapeShellArg = lib.escape (stringToCharacters "\\ ';$`()|<>\t*[]");
+  escapeShellArg = arg:
+    lib.escape (stringToCharacters "\\ ';$`()|<>\t*[]") (toString arg);
+
+  /* Escape all arguments to be passed to the Bourne shell.
+
+     Example:
+       escapeShellArgs ["one" "two three"]
+       => "one two\\ three"
+  */
+  escapeShellArgs = concatMapStringsSep " " escapeShellArg;
 
   /* Obsolete - use replaceStrings instead. */
   replaceChars = builtins.replaceStrings or (
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index ef6da788e61..f646602221a 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -187,7 +187,7 @@ in
                   script = ''
                     cd '${cpath}'
                     set +e
-                    simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline}
+                    simp_le ${escapeShellArgs cmdline}
                     EXITCODE=$?
                     set -e
                     echo "$EXITCODE" > /tmp/lastExitCode
diff --git a/nixos/modules/services/mail/opendkim.nix b/nixos/modules/services/mail/opendkim.nix
index af996758f41..f065208ddfc 100644
--- a/nixos/modules/services/mail/opendkim.nix
+++ b/nixos/modules/services/mail/opendkim.nix
@@ -101,7 +101,7 @@ in {
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = "${pkgs.opendkim}/bin/opendkim ${concatMapStringsSep " " escapeShellArg args}";
+        ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
         User = cfg.user;
         Group = cfg.group;
         RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix
index b7d14e90a2b..c846ffd0455 100644
--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@@ -152,8 +152,6 @@ let
     };
   };
 
-  mkShellStr = val: "'${replaceStrings ["'"] ["'\\''"] val}'";
-
   certtool = "${pkgs.gnutls.bin}/bin/certtool";
 
   nixos-taskserver = pkgs.buildPythonPackage {
diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix
index 9868f303ab2..8ecc16257db 100644
--- a/nixos/modules/services/networking/ejabberd.nix
+++ b/nixos/modules/services/networking/ejabberd.nix
@@ -13,7 +13,7 @@ let
 
   ectl = ''${cfg.package}/bin/ejabberdctl ${if cfg.configFile == null then "" else "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"'';
 
-  dumps = lib.concatMapStringsSep " " lib.escapeShellArg cfg.loadDumps;
+  dumps = lib.escapeShellArgs cfg.loadDumps;
 
 in {
 
diff --git a/pkgs/build-support/vm/windows/controller/default.nix b/pkgs/build-support/vm/windows/controller/default.nix
index 1c8e6af83b8..06a0a229306 100644
--- a/pkgs/build-support/vm/windows/controller/default.nix
+++ b/pkgs/build-support/vm/windows/controller/default.nix
@@ -71,8 +71,6 @@ let
     };
   };
 
-  shellEscape = x: "'${replaceChars ["'"] [("'\\'" + "'")] x}'";
-
   loopForever = "while :; do ${coreutils}/bin/sleep 1; done";
 
   initScript = writeScript "init.sh" (''
@@ -132,7 +130,7 @@ let
       -o StrictHostKeyChecking=no \
       -i /ssh.key \
       -l Administrator \
-      192.168.0.1 -- ${shellEscape command}
+      192.168.0.1 -- ${lib.escapeShellArg command}
   '') + optionalString (suspendTo != null) ''
     ${coreutils}/bin/touch /xchg/suspend_now
     ${loopForever}
diff --git a/pkgs/development/ruby-modules/bundler-env/default.nix b/pkgs/development/ruby-modules/bundler-env/default.nix
index 4ebba0d5b65..56a3b371d1d 100644
--- a/pkgs/development/ruby-modules/bundler-env/default.nix
+++ b/pkgs/development/ruby-modules/bundler-env/default.nix
@@ -16,8 +16,6 @@
 }@args:
 
 let
-
-  shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
   importedGemset = import gemset;
   filteredGemset = (lib.filterAttrs (name: attrs:
     if (builtins.hasAttr "groups" attrs)
@@ -58,8 +56,8 @@ let
         "${confFiles}/Gemfile" \
         "$out/${ruby.gemPath}" \
         "${bundler}/${ruby.gemPath}" \
-        ${shellEscape (toString envPaths)} \
-        ${shellEscape (toString groups)}
+        ${lib.escapeShellArg envPaths} \
+        ${lib.escapeShellArg groups}
     '' + lib.optionalString (postBuild != null) postBuild;
     passthru = rec {
       inherit ruby bundler meta gems;
diff --git a/pkgs/development/ruby-modules/gem/default.nix b/pkgs/development/ruby-modules/gem/default.nix
index 6e1b0c00bd0..74dc64000c0 100644
--- a/pkgs/development/ruby-modules/gem/default.nix
+++ b/pkgs/development/ruby-modules/gem/default.nix
@@ -18,8 +18,8 @@
 # Normal gem packages can be used outside of bundler; a binstub is created in
 # $out/bin.
 
-{ lib, ruby, bundler, fetchurl, fetchgit, makeWrapper, git,
-  buildRubyGem, darwin
+{ lib, fetchurl, fetchgit, makeWrapper, git, darwin
+, ruby, bundler
 } @ defs:
 
 lib.makeOverridable (
@@ -53,7 +53,6 @@ lib.makeOverridable (
 , ...} @ attrs:
 
 let
-  shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
   src = attrs.src or (
     if type == "gem" then
       fetchurl {
@@ -165,7 +164,7 @@ stdenv.mkDerivation (attrs // {
       ${src} \
       ${attrs.rev} \
       ${version} \
-      ${shellEscape (toString buildFlags)}
+      ${lib.escapeShellArgs buildFlags}
     ''}
 
     ${lib.optionalString (type == "gem") ''
diff --git a/pkgs/servers/x11/xquartz/default.nix b/pkgs/servers/x11/xquartz/default.nix
index 16a4aeb1ce5..79b99faea9b 100644
--- a/pkgs/servers/x11/xquartz/default.nix
+++ b/pkgs/servers/x11/xquartz/default.nix
@@ -37,7 +37,6 @@
 # that point into the user's profile.
 
 let
-  shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
   installer = writeScript "xquartz-install" ''
     NIX_LINK=$HOME/.nix-profile
 
@@ -138,7 +137,7 @@ in stdenv.mkDerivation {
     defaultStartX="$out/bin/startx -- $out/bin/Xquartz"
 
     ruby ${./patch_plist.rb} \
-      ${shellEscape (builtins.toXML {
+      ${lib.escapeShellArg (builtins.toXML {
         XQUARTZ_DEFAULT_CLIENT = "${xterm}/bin/xterm";
         XQUARTZ_DEFAULT_SHELL  = "${shell}";
         XQUARTZ_DEFAULT_STARTX = "@STARTX@";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-25 16:26:05 +0000