Use "dollar-single-quotes" to escape shell-sensitive strings

Also called "ANSI-C Quoting" in info:(bash) ANSI-C Quoting.

The escaping rules are a POSIX proposal, and are described in
http://austingroupbugs.net/view.php?id=249. There's a lot of back-and-forth on
the details of escaping of control characters, but we'll be only using a small
subset of the syntax that is common to all proposals and is widely supported.
Unfortunately dash and fish and maybe some other shells do not support it (see
the man page patch for a list).

This allows environment variables to be safely exported using show-environment
and imported into the shell. Shells which do not support this syntax will have
to do something like
    export $(systemctl show-environment|grep -v '=\$')
or whatever is appropriate in their case. I think csh and fish do not support
the A=B syntax anyway, so the change is moot for them.

Fixes #5536.

v2:
- also escape newlines (which currently disallowed in shell values, so this
  doesn't really matter), and tabs (as $'\t'), and ! (as $'!'). This way quoted
  output can be included directly in both interactive and noninteractive bash.

diff --git a/src/basic/escape.c b/src/basic/escape.c
index aa5dece97e239628e551ca28f4626fd106aa9674..d43bdaebfc9922e0294a00a8b8dc4e2e45b3193c 100644 (file)
--- a/src/basic/escape.c
+++ b/src/basic/escape.c
@@ -442,10 +442,16 @@ char *octescape(const char *s, size_t len) {
 
 }
 
 
 }
 

-static char *strcpy_backslash_escaped(char *t, const char *s, const char *bad) {
+static char *strcpy_backslash_escaped(char *t, const char *s, const char *bad, bool escape_tab_nl) {

         assert(bad);
 
         for (; *s; s++) {
         assert(bad);
 
         for (; *s; s++) {

+                if (escape_tab_nl && IN_SET(*s, '\n', '\t')) {
+                        *(t++) = '\\';
+                        *(t++) = *s == '\n' ? 'n' : 't';
+                        continue;
+                }
+

                 if (*s == '\\' || strchr(bad, *s))
                         *(t++) = '\\';
 
                 if (*s == '\\' || strchr(bad, *s))
                         *(t++) = '\\';
 


@@ -462,20 +468,21 @@ char *shell_escape(const char *s, const char *bad) {
         if (!r)
                 return NULL;
 
         if (!r)
                 return NULL;
 

-        t = strcpy_backslash_escaped(r, s, bad);
+        t = strcpy_backslash_escaped(r, s, bad, false);

         *t = 0;
 
         return r;
 }
 
         *t = 0;
 
         return r;
 }
 

-char *shell_maybe_quote(const char *s) {
+char* shell_maybe_quote(const char *s, EscapeStyle style) {

         const char *p;
         char *r, *t;
 
         assert(s);
 
         const char *p;
         char *r, *t;
 
         assert(s);
 

-        /* Encloses a string in double quotes if necessary to make it
-         * OK as shell string. */
+        /* Encloses a string in quotes if necessary to make it OK as a shell
+         * string. Note that we treat benign UTF-8 characters as needing
+         * escaping too, but that should be OK. */

 
         for (p = s; *p; p++)
                 if (*p <= ' ' ||
 
         for (p = s; *p; p++)
                 if (*p <= ' ' ||


@@ -486,17 +493,30 @@ char *shell_maybe_quote(const char *s) {
         if (!*p)
                 return strdup(s);
 
         if (!*p)
                 return strdup(s);
 

-        r = new(char, 1+strlen(s)*2+1+1);
+        r = new(char, (style == ESCAPE_POSIX) + 1 + strlen(s)*2 + 1 + 1);

         if (!r)
                 return NULL;
 
         t = r;
         if (!r)
                 return NULL;
 
         t = r;

-        *(t++) = '"';
+        if (style == ESCAPE_BACKSLASH)
+                *(t++) = '"';
+        else if (style == ESCAPE_POSIX) {
+                *(t++) = '$';
+                *(t++) = '\'';
+        } else
+                assert_not_reached("Bad EscapeStyle");
+

         t = mempcpy(t, s, p - s);
 
         t = mempcpy(t, s, p - s);
 

-        t = strcpy_backslash_escaped(t, p, SHELL_NEED_ESCAPE);
+        if (style == ESCAPE_BACKSLASH)
+                t = strcpy_backslash_escaped(t, p, SHELL_NEED_ESCAPE, false);
+        else
+                t = strcpy_backslash_escaped(t, p, SHELL_NEED_ESCAPE_POSIX, true);

 
 

-        *(t++)= '"';
+        if (style == ESCAPE_BACKSLASH)
+                *(t++) = '"';
+        else
+                *(t++) = '\'';

         *t = 0;
 
         return r;
         *t = 0;
 
         return r;

diff --git a/src/basic/escape.h b/src/basic/escape.h
index 8383c75869b8b7cbe5df5bacc0eb80fbfce57183..2977145d69cae3f0bc03da0f7498b3178adbd0ce 100644 (file)
--- a/src/basic/escape.h
+++ b/src/basic/escape.h
@@ -31,13 +31,30 @@
 /* What characters are special in the shell? */
 /* must be escaped outside and inside double-quotes */
 #define SHELL_NEED_ESCAPE "\"\\`$"
 /* What characters are special in the shell? */
 /* must be escaped outside and inside double-quotes */
 #define SHELL_NEED_ESCAPE "\"\\`$"

-/* can be escaped or double-quoted */
-#define SHELL_NEED_QUOTES SHELL_NEED_ESCAPE GLOB_CHARS "'()<>|&;"
+
+/* Those that can be escaped or double-quoted.
+ *
+ * Stricly speaking, ! does not need to be escaped, except in interactive
+ * mode, but let's be extra nice to the user and quote ! in case this
+ * output is ever used in interactive mode. */
+#define SHELL_NEED_QUOTES SHELL_NEED_ESCAPE GLOB_CHARS "'()<>|&;!"
+
+/* Note that we assume control characters would need to be escaped too in
+ * addition to the "special" characters listed here, if they appear in the
+ * string. Current users disallow control characters. Also '"' shall not
+ * be escaped.
+ */
+#define SHELL_NEED_ESCAPE_POSIX "\\\'"

 
 typedef enum UnescapeFlags {
         UNESCAPE_RELAX = 1,
 } UnescapeFlags;
 
 
 typedef enum UnescapeFlags {
         UNESCAPE_RELAX = 1,
 } UnescapeFlags;
 

+typedef enum EscapeStyle {
+        ESCAPE_BACKSLASH = 1,
+        ESCAPE_POSIX = 2,
+} EscapeStyle;
+

 char *cescape(const char *s);
 char *cescape_length(const char *s, size_t n);
 size_t cescape_char(char c, char *buf);
 char *cescape(const char *s);
 char *cescape_length(const char *s, size_t n);
 size_t cescape_char(char c, char *buf);


@@ -52,5 +69,5 @@ char *xescape(const char *s, const char *bad);
 char *octescape(const char *s, size_t len);
 
 char *shell_escape(const char *s, const char *bad);
 char *octescape(const char *s, size_t len);
 
 char *shell_escape(const char *s, const char *bad);

-char *shell_maybe_quote(const char *s);

 #endif // 0
 #endif // 0

+char* shell_maybe_quote(const char *s, EscapeStyle style);

diff --git a/src/test/test-escape.c b/src/test/test-escape.c
index 2c2270b138f7558ce3bc44a95949a34074b6afa8..20b54c6abb2b863d7c30c0786a862f9908fe49bd 100644 (file)
--- a/src/test/test-escape.c
+++ b/src/test/test-escape.c
@@ -87,26 +87,53 @@ static void test_shell_escape(void) {
         test_shell_escape_one("foo:bar,baz", ",:", "foo\\:bar\\,baz");
 }
 
         test_shell_escape_one("foo:bar,baz", ",:", "foo\\:bar\\,baz");
 }
 

-static void test_shell_maybe_quote_one(const char *s, const char *expected) {
-        _cleanup_free_ char *r;
-
-        assert_se(r = shell_maybe_quote(s));
-        assert_se(streq(r, expected));
+static void test_shell_maybe_quote_one(const char *s,
+                                       EscapeStyle style,
+                                       const char *expected) {
+        _cleanup_free_ char *ret = NULL;
+
+        assert_se(ret = shell_maybe_quote(s, style));
+        log_debug("[%s] → [%s] (%s)", s, ret, expected);
+        assert_se(streq(ret, expected));

 }
 
 static void test_shell_maybe_quote(void) {
 
 }
 
 static void test_shell_maybe_quote(void) {
 

-        test_shell_maybe_quote_one("", "");
-        test_shell_maybe_quote_one("\\", "\"\\\\\"");
-        test_shell_maybe_quote_one("\"", "\"\\\"\"");
-        test_shell_maybe_quote_one("foobar", "foobar");
-        test_shell_maybe_quote_one("foo bar", "\"foo bar\"");
-        test_shell_maybe_quote_one("foo \"bar\" waldo", "\"foo \\\"bar\\\" waldo\"");
-        test_shell_maybe_quote_one("foo$bar", "\"foo\\$bar\"");
+        test_shell_maybe_quote_one("", ESCAPE_BACKSLASH, "");
+        test_shell_maybe_quote_one("", ESCAPE_POSIX, "");
+        test_shell_maybe_quote_one("\\", ESCAPE_BACKSLASH, "\"\\\\\"");
+        test_shell_maybe_quote_one("\\", ESCAPE_POSIX, "$'\\\\'");
+        test_shell_maybe_quote_one("\"", ESCAPE_BACKSLASH, "\"\\\"\"");
+        test_shell_maybe_quote_one("\"", ESCAPE_POSIX, "$'\"'");
+        test_shell_maybe_quote_one("foobar", ESCAPE_BACKSLASH, "foobar");
+        test_shell_maybe_quote_one("foobar", ESCAPE_POSIX, "foobar");
+        test_shell_maybe_quote_one("foo bar", ESCAPE_BACKSLASH, "\"foo bar\"");
+        test_shell_maybe_quote_one("foo bar", ESCAPE_POSIX, "$'foo bar'");
+        test_shell_maybe_quote_one("foo\tbar", ESCAPE_BACKSLASH, "\"foo\tbar\"");
+        test_shell_maybe_quote_one("foo\tbar", ESCAPE_POSIX, "$'foo\\tbar'");
+        test_shell_maybe_quote_one("foo\nbar", ESCAPE_BACKSLASH, "\"foo\nbar\"");
+        test_shell_maybe_quote_one("foo\nbar", ESCAPE_POSIX, "$'foo\\nbar'");
+        test_shell_maybe_quote_one("foo \"bar\" waldo", ESCAPE_BACKSLASH, "\"foo \\\"bar\\\" waldo\"");
+        test_shell_maybe_quote_one("foo \"bar\" waldo", ESCAPE_POSIX, "$'foo \"bar\" waldo'");
+        test_shell_maybe_quote_one("foo$bar", ESCAPE_BACKSLASH, "\"foo\\$bar\"");
+        test_shell_maybe_quote_one("foo$bar", ESCAPE_POSIX, "$'foo$bar'");
+
+        /* Note that current users disallow control characters, so this "test"
+         * is here merely to establish current behaviour. If control characters
+         * were allowed, they should be quoted, i.e. \001 should become \\001. */
+        test_shell_maybe_quote_one("a\nb\001", ESCAPE_BACKSLASH, "\"a\nb\001\"");
+        test_shell_maybe_quote_one("a\nb\001", ESCAPE_POSIX, "$'a\\nb\001'");
+
+        test_shell_maybe_quote_one("foo!bar", ESCAPE_BACKSLASH, "\"foo!bar\"");
+        test_shell_maybe_quote_one("foo!bar", ESCAPE_POSIX, "$'foo!bar'");

 }
 #endif // 0
 
 int main(int argc, char *argv[]) {
 }
 #endif // 0
 
 int main(int argc, char *argv[]) {

+        log_set_max_level(LOG_DEBUG);
+        log_parse_environment();
+        log_open();
+

         test_cescape();
         test_cunescape();
 #if 0 /// UNNEEDED by elogind
         test_cescape();
         test_cunescape();
 #if 0 /// UNNEEDED by elogind