Triple quoting does not work on command lines

Bug #1401542 reported by Martin Geisler on 2014-12-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
satori
Undecided
Unassigned

Bug Description

The code at https://github.com/stackforge/satori/blob/b778d8165aaf15c17d6d73e19bb386d92e993c08/satori/ssh.py#L168 looks wrong to me:

  command = 'echo -e """%s""" | python' % platform_command

As far as I can see, this string is then passed to the remote host for execution. The problem is see is that shells don't do triple quoting like Python. What happens instead is that the first pair of quotes become an empty string and disappears. The second set of quotes quote the Python code and the third pair of quotes also disappear:

  $ python -c 'import sys; print sys.argv' """x "foo" y"""
  ['-c', 'x foo y']

The embedded Python code should probably be backslash-escaped properly instead. I think the misleading quotes should be removed in any case.

Reviewed: https://review.openstack.org/141060
Committed: https://git.openstack.org/cgit/stackforge/satori/commit/?id=f0e97f6e717c0328beadc7ca68bce2657b9af904
Submitter: Jenkins
Branch: master

commit f0e97f6e717c0328beadc7ca68bce2657b9af904
Author: Martin Geisler <email address hidden>
Date: Thu Dec 11 15:12:22 2014 +0100

    ssh: fix quoting of platform_command

    The old code was constructing the shell command like this:

      echo -e """%s""" | python

    However, shells don't do triple quoting like Python. What happens
    instead is that the first pair of quotes become an empty string and
    disappears. The second set of quotes quote the Python code and the
    third pair of quotes also disappear.

    To correctly quote the argument, one should instead wrap it in
    single-quotes and take care to replace internal single-quotes with an
    escaped version that first ends the previously quoted string, inserts
    a single-quote and begins a new quoted string. The new shellquote
    function does this.

    When using this function, the -e flag is not needed or desired: it
    will prematurely evaluate escape sequences that would otherwise have
    been evaluated by Python.

    Change-Id: I19166575b0d9b9e9836d072abab8ce0fbb2af7f2
    Closes-Bug: 1401542

Changed in satori:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers