Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use shell-quote package #4080

Merged
merged 5 commits into from
Oct 3, 2023
Merged

use shell-quote package #4080

merged 5 commits into from
Oct 3, 2023

Conversation

RamIdeas
Copy link
Contributor

@RamIdeas RamIdeas commented Oct 1, 2023

use shell-quote package instead of approximating behaviour with .split(" ") and .join(" ")

Fixes #4079

Reviewer is to perform the following, as applicable:

  • Checked for inclusion of relevant tests
  • Checked for inclusion of a relevant changeset
  • Checked for creation of associated docs updates
  • Manually pulled down the changes and spot-tested

Note for PR author:

We want to celebrate and highlight awesome PR review! If you think this PR received a particularly high-caliber review, please assign it the label highlight pr review so future reviewers can take inspiration and learn from it.

@RamIdeas RamIdeas requested review from a team as code owners October 1, 2023 12:47
@changeset-bot
Copy link

changeset-bot bot commented Oct 1, 2023

⚠️ No Changeset found

Latest commit: ea0e5e7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Contributor

github-actions bot commented Oct 1, 2023

A wrangler prerelease is available for testing. You can install this latest build in your project with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/6384551922/npm-package-wrangler-4080

You can reference the automatically updated head of this PR with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/6384551922/npm-package-wrangler-4080

Or you can use npx with this latest build directly:

npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/6384551922/npm-package-wrangler-4080 dev path/to/script.js
Additional artifacts:
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/6384551922/npm-package-cloudflare-pages-shared-4080

Note that these links will no longer work once the GitHub Actions artifact expires.


[email protected] includes the following runtime dependencies:

Package Constraint Resolved
miniflare 3.20230922.0 3.20230922.0
workerd 1.20230922.0 1.20230922.0
workerd --version 1.20230922.0 2023-09-22

|

Please ensure constraints are pinned, and miniflare/workerd minor versions match.

@RamIdeas RamIdeas force-pushed the command-parse-no-split branch from e7e5b6f to ac29253 Compare October 1, 2023 12:50
@codecov
Copy link

codecov bot commented Oct 1, 2023

Codecov Report

Merging #4080 (647440a) into main (17ced68) will decrease coverage by 0.08%.
The diff coverage is 90.90%.

❗ Current head 647440a differs from pull request most recent head ea0e5e7. Consider uploading reports for the commit ea0e5e7 to get more accurate results

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4080      +/-   ##
==========================================
- Coverage   75.07%   74.99%   -0.08%     
==========================================
  Files         216      217       +1     
  Lines       12054    12065      +11     
  Branches     3123     3122       -1     
==========================================
- Hits         9049     9048       -1     
- Misses       3005     3017      +12     
Files Coverage Δ
...ges/wrangler/src/__tests__/helpers/run-wrangler.ts 100.00% <100.00%> (ø)
packages/wrangler/src/init.ts 92.01% <100.00%> (+0.01%) ⬆️
packages/wrangler/src/utils/shell-quote.ts 87.50% <87.50%> (ø)

... and 10 files with indirect coverage changes

runWrangler("d1 execute --command 'select 1;'")
runWrangler("d1 execute db --command 'select 1;'")
Copy link
Contributor Author

@RamIdeas RamIdeas Oct 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test forgot to specify the database positional argument. It was passing before because the command argument has a space (and previously we split the whole command by space), resulting in command parsed as 'select and database parsed as 1;'

Comment on lines -4314 to +4326
"deploy --dry-run --outdir dist --define abc:'https://www.abc.net.au/news/'"
`deploy --dry-run --outdir dist --define "abc:'https://www.abc.net.au/news/'"`
Copy link
Contributor Author

@RamIdeas RamIdeas Oct 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wasn't a correct example of how a user would specify the define arg with this value.

Before (incorrect, note the missing quotes by the time node.js sees the value):

▶ node -e 'console.log(process.argv.slice(1))' -- --define abc:'123'
[ '--define', 'abc:123' ]

After (correct, note the quotes in the value as expected):

▶ node -e 'console.log(process.argv.slice(1))' -- --define "abc:'123'"
[ '--define', "abc:'123'" ]

`kv:key put dKey dVal --namespace-id some-namespace-id --metadata {"mKey":"mValue"}`
`kv:key put dKey dVal --namespace-id some-namespace-id --metadata '{"mKey":"mValue"}'`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wasn't a correct example of how a user would specify the metadata arg with JSON.

Before (incorrect, note the missing quotes which would fail JSON.parse)

▶ node -e 'console.log(process.argv.slice(1))' --  --metadata {"mKey":"mValue"}  
[ '--metadata', '{mKey:mValue}' ]

After (correct, note the valid JSON as expected):

▶ node -e 'console.log(process.argv.slice(1))' --  --metadata '{"mKey":"mValue"}'
[ '--metadata', '{"mKey":"mValue"}' ]

Comment on lines -187 to +188
...getC3CommandFromEnv().split(" "),
...shellquote.parse(getC3CommandFromEnv()),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would have failed in scenarios where the c3 command was pointing to a local executable, for example, in a directory with spaces

Comment on lines -255 to +256
c3Arguments.unshift(...getC3CommandFromEnv().split(" "));
c3Arguments.unshift(...shellquote.parse(getC3CommandFromEnv()));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would have failed in scenarios where the c3 command was pointing to a local executable, for example, in a directory with spaces

Comment on lines +1 to +34
import shellquote from "shell-quote";

export const quote = shellquote.quote;

export function parse(cmd: string, env?: Record<string, string>): string[] {
const entries = shellquote.parse(cmd, env);
const argv: string[] = [];

for (const entry of entries) {
// use string entries, as is
if (typeof entry === "string") {
argv.push(entry);
continue;
}

// ignore comments
if ("comment" in entry) {
continue;
}

// we don't want to resolve globs, passthrough the pattern unexpanded
if (entry.op === "glob") {
argv.push(entry.pattern);
continue;
}

// any other entry.op is a ControlOperator (e.g. && or ||) we don't want to support
throw new Error(
`Only simple commands are supported, please don't use the "${entry.op}" operator in "${cmd}".`
);
}

return argv;
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is duplicated across C3 and wrangler. I will extract to a new shared package when #4038 is merged

instead of approximating behaviour with .split(" ") and .join(" ")
- return string[], not including objects
- passthrough glob patterns
- throw when using non-simple commands
@RamIdeas RamIdeas force-pushed the command-parse-no-split branch from ef392be to ea0e5e7 Compare October 2, 2023 19:24
@mrbbot mrbbot merged commit b54512b into main Oct 3, 2023
22 of 24 checks passed
@mrbbot mrbbot deleted the command-parse-no-split branch October 3, 2023 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CHORE: use a parser instead of splitting command strings by space
3 participants