From 867eadf47199e149d43795cb147c793f202cc589 Mon Sep 17 00:00:00 2001 From: Keith Duncan Date: Mon, 30 Aug 2021 18:47:42 +1000 Subject: [PATCH 1/2] Remove the outer escaping --- s3secrets-helper/secrets/secrets.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/s3secrets-helper/secrets/secrets.go b/s3secrets-helper/secrets/secrets.go index 7657d05..45a67b5 100644 --- a/s3secrets-helper/secrets/secrets.go +++ b/s3secrets-helper/secrets/secrets.go @@ -206,14 +206,21 @@ func handleGitCredentials(conf Config, results <-chan getResult) error { } log.Printf("Adding git-credentials in %s/%s as a credential helper", r.bucket, r.key) helpers = append(helpers, fmt.Sprintf( - "'credential.helper=%s %s %s'", + "credential.helper=%s %s %s", conf.GitCredentialHelper, r.bucket, r.key, )) } if len(helpers) == 0 { return nil } - env := "GIT_CONFIG_PARAMETERS=\"" + strings.Join(helpers, " ") + "\"\n" + + var singleQuotedHelpers []string + for helper := range helpers { + singleQuotedHelpers = append(singleQuotedHelpers, "'" + helper + "'") + } + + env := "GIT_CONFIG_PARAMETERS=\"" + strings.Join(singleQuotedHelpers, " ") + "\"\n" + if _, err := io.WriteString(conf.EnvSink, env); err != nil { return fmt.Errorf("writing GIT_CONFIG_PARAMETERS env: %w", err) } From 8766f51ccd0c86b4cac15ca618d52d903b73abda Mon Sep 17 00:00:00 2001 From: Keith Duncan Date: Tue, 31 Aug 2021 12:06:28 +1000 Subject: [PATCH 2/2] Try escaping, that's a cool trick MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I couldn’t find a go shell escaping lib to do this for me so I just did spaces. --- s3secrets-helper/secrets/secrets.go | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/s3secrets-helper/secrets/secrets.go b/s3secrets-helper/secrets/secrets.go index 45a67b5..23992e2 100644 --- a/s3secrets-helper/secrets/secrets.go +++ b/s3secrets-helper/secrets/secrets.go @@ -205,20 +205,29 @@ func handleGitCredentials(conf Config, results <-chan getResult) error { continue } log.Printf("Adding git-credentials in %s/%s as a credential helper", r.bucket, r.key) - helpers = append(helpers, fmt.Sprintf( - "credential.helper=%s %s %s", - conf.GitCredentialHelper, r.bucket, r.key, - )) + + // Replace spaces ' ' in the helper path with an escaped space '\ ' + escapedCredentialHelper := strings.ReplaceAll(conf.GitCredentialHelper, " ", "\\ ") + + helper := fmt.Sprintf("credential.helper=%s %s %s", escapedCredentialHelper, r.bucket, r.key) + + helpers = append(helpers, helper) } if len(helpers) == 0 { return nil } + // Build an environment variable for interpretation by a shell var singleQuotedHelpers []string - for helper := range helpers { + for _, helper := range helpers { + // Escape any escape sequences, the shell will interpret the first level + // of escaping. + + // Replace backslash '\' with double backslash '\\' + helper = strings.ReplaceAll(helper, "\\", "\\\\") + singleQuotedHelpers = append(singleQuotedHelpers, "'" + helper + "'") } - env := "GIT_CONFIG_PARAMETERS=\"" + strings.Join(singleQuotedHelpers, " ") + "\"\n" if _, err := io.WriteString(conf.EnvSink, env); err != nil {