fix(escape-cli-args): Always use quotes to escape CLI arguments #53
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's the identified issue ?
Mrsk currently does not escape the command line arguments it concatenates for the docker commands.
This make mrsk very susceptible to unescaped characters errors, as the following example demonstrates with an environment string that contains the symbol
&
:Which subsequently creates this docker run issue :
This is due to the
argumentize
function not escaping the characters.What fix does this PR introduce ?
This PR forces all
argumentized
CLI arguments to be escaped, thus making the produced commands safe to run.What's important to note
Labels are argumentized the same way that environment variables are, which means I also had to change the way we use traefik labels that use backticks in the code. Result should be 1:1 with what existed before, but I also had to revamp most of the tests to account for this change.
We might have wanted to make two different
argumentize
functions, but I don't love it because of code duplication and because I think it's always better to escape characters.In the future we might want to create a special case for integers, but iirc everything that bash passes is a string so I didn't do that here and noticed no behavior
Tests are passing and this has been tested on a mrsk deploy.