cocaine 0.5.2 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +1 -1
- data/lib/cocaine/command_line.rb +12 -2
- data/lib/cocaine/version.rb +1 -1
- data/spec/cocaine/command_line_spec.rb +14 -0
- metadata +2 -2
data/README.md
CHANGED
|
@@ -34,7 +34,7 @@ line = Cocaine::CommandLine.new("cat", ":file")
|
|
|
34
34
|
line.command(:file => "ohyeah?'`rm -rf /`.ha!") # => "cat 'ohyeah?'\\''`rm -rf /`.ha!'"
|
|
35
35
|
```
|
|
36
36
|
|
|
37
|
-
NOTE: It only does that for arguments interpolated via `run`, NOT
|
|
37
|
+
NOTE: It only does that for arguments interpolated via `run`, NOT arguments
|
|
38
38
|
passed into `new` (see 'Security' below):
|
|
39
39
|
|
|
40
40
|
```ruby
|
data/lib/cocaine/command_line.rb
CHANGED
|
@@ -122,11 +122,21 @@ module Cocaine
|
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
def interpolate(pattern, interpolations)
|
|
125
|
-
interpolations
|
|
126
|
-
|
|
125
|
+
interpolations = stringify_keys(interpolations)
|
|
126
|
+
pattern.gsub(/:\{?(\w+)\b\}?/) do |match|
|
|
127
|
+
key = match.tr(":{}", "")
|
|
128
|
+
interpolations.key?(key) ? shell_quote(interpolations[key]) : match
|
|
127
129
|
end
|
|
128
130
|
end
|
|
129
131
|
|
|
132
|
+
def stringify_keys(hash)
|
|
133
|
+
hash = hash.dup
|
|
134
|
+
hash.keys.each do |key|
|
|
135
|
+
hash[key.to_s] = hash.delete(key)
|
|
136
|
+
end
|
|
137
|
+
hash
|
|
138
|
+
end
|
|
139
|
+
|
|
130
140
|
def shell_quote(string)
|
|
131
141
|
return "" if string.nil?
|
|
132
142
|
if unix?
|
data/lib/cocaine/version.rb
CHANGED
|
@@ -64,6 +64,15 @@ describe Cocaine::CommandLine do
|
|
|
64
64
|
command_string.should == "convert 'a.jpg' 'b.png'"
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
+
it 'does not over-interpolate in a command line' do
|
|
68
|
+
cmd = Cocaine::CommandLine.new("convert",
|
|
69
|
+
":hell :{two} :hello",
|
|
70
|
+
:swallow_stderr => false)
|
|
71
|
+
|
|
72
|
+
command_string = cmd.command(:hell => "a.jpg", :two => "b.png", :hello => "c.tiff")
|
|
73
|
+
command_string.should == "convert 'a.jpg' 'b.png' 'c.tiff'"
|
|
74
|
+
end
|
|
75
|
+
|
|
67
76
|
it "interpolates when running a command" do
|
|
68
77
|
command = Cocaine::CommandLine.new("echo", ":hello_world")
|
|
69
78
|
command.run(:hello_world => "Hello, world").should match(/Hello, world/)
|
|
@@ -95,6 +104,11 @@ describe Cocaine::CommandLine do
|
|
|
95
104
|
command_string.should == "convert '`rm -rf`.jpg' 'ha'\\''ha.png'"
|
|
96
105
|
end
|
|
97
106
|
|
|
107
|
+
it 'cannot recursively introduce a place where user-supplied commands can run' do
|
|
108
|
+
cmd = Cocaine::CommandLine.new('convert', ':foo :bar')
|
|
109
|
+
cmd.command(:foo => ':bar', :bar => '`rm -rf`').should == 'convert \':bar\' \'`rm -rf`\''
|
|
110
|
+
end
|
|
111
|
+
|
|
98
112
|
it "can quote and interpolate dangerous variables even on windows" do
|
|
99
113
|
on_windows!
|
|
100
114
|
cmd = Cocaine::CommandLine.new("convert",
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cocaine
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
12
|
+
date: 2013-10-22 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: climate_control
|