Skip to content

Commit

Permalink
go.mod: go get github.com/mattn/[email protected]
Browse files Browse the repository at this point in the history
We use this library only for interpreting the "TF_CLI_ARG_..." environment
variables as additional command line arguments, so the potential impact
of this is very limited.

The upstream changes here expand on the supported dynamic behavior around
backtick command execution and nested environment variable expansion. We
don't use either of those features, but just to make sure I changed the
code to force them off (since otherwise another package in the program
could change the package's global configuration) and added test cases that
will fail if they end up turned on.
  • Loading branch information
apparentlymart committed Mar 13, 2024
1 parent 61a5c1f commit 48df312
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 14 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ require (
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0
github.com/masterzen/winrm v0.0.0-20200615185753-c42b5136ff88
github.com/mattn/go-isatty v0.0.20
github.com/mattn/go-shellwords v1.0.4
github.com/mattn/go-shellwords v1.0.12
github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
github.com/mitchellh/go-homedir v1.1.0
github.com/mitchellh/go-linereader v0.0.0-20190213213312-1b945b3263eb
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -832,8 +832,8 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-shellwords v1.0.4 h1:xmZZyxuP+bYKAKkA9ABYXVNJ+G/Wf3R8d8vAP3LDJJk=
github.com/mattn/go-shellwords v1.0.4/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mergestat/timediff v0.0.3 h1:ucCNh4/ZrTPjFZ081PccNbhx9spymCJkFxSzgVuPU+Y=
github.com/mergestat/timediff v0.0.3/go.mod h1:yvMUaRu2oetc+9IbPLYBJviz6sA7xz8OXMDfhBl7YSI=
Expand Down
7 changes: 6 additions & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -359,8 +359,13 @@ func mergeEnvArgs(envName string, cmd string, args []string) ([]string, error) {
return args, nil
}

swParser := &shellwords.Parser{
ParseEnv: false,
ParseBacktick: false,
}

log.Printf("[INFO] %s value: %q", envName, v)
extra, err := shellwords.Parse(v)
extra, err := swParser.Parse(v)
if err != nil {
return nil, fmt.Errorf(
"Error parsing extra CLI args from %s: %s",
Expand Down
37 changes: 27 additions & 10 deletions main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func TestMain_cliArgsFromEnv(t *testing.T) {
cases := []struct {
Name string
Args []string
Value string
EnvValue string
Expected []string
Err bool
}{
Expand Down Expand Up @@ -111,19 +111,36 @@ func TestMain_cliArgsFromEnv(t *testing.T) {
[]string{"-foo", "'bar baz'", "foo"},
false,
},

{
"backticks taken literally",
// The shellwords library we use to parse the environment variables
// has the option to automatically execute commands written in
// backticks. This test is here to make sure we don't accidentally
// enable that.
[]string{testCommandName, "foo"},
"-foo `echo nope`",
[]string{"-foo", "`echo nope`", "foo"},
false,
},

{
"no nested environment variable expansion",
// The shellwords library we use to parse the environment variables
// has the option to automatically expand sequences that appear
// to be environment variable interpolations. This test is here to
// make sure we don't accidentally enable that.
[]string{testCommandName, "foo"},
"-foo $OTHER_ENV",
[]string{"-foo", "$OTHER_ENV", "foo"},
false,
},
}

for i, tc := range cases {
t.Run(fmt.Sprintf("%d-%s", i, tc.Name), func(t *testing.T) {
os.Unsetenv(EnvCLI)
defer os.Unsetenv(EnvCLI)

// Set the env var value
if tc.Value != "" {
if err := os.Setenv(EnvCLI, tc.Value); err != nil {
t.Fatalf("err: %s", err)
}
}
t.Setenv(EnvCLI, tc.EnvValue)
t.Setenv("OTHER_ENV", "placeholder")

// Set up the args
args := make([]string, len(tc.Args)+1)
Expand Down

0 comments on commit 48df312

Please sign in to comment.