Commit1dd7d2c

committed

Prevent early variable expansion in header command

1 parent71d3405 commit1dd7d2cCopy full SHA for 1dd7d2c

File tree

6 files changed

+74

-23

lines changed

src
- main/kotlin/com/coder/gateway
  - cli
    - CoderCLIManager.kt
  - util
    - Escape.kt
- test
  - fixtures/outputs
    - header-command-windows.conf
    - header-command.conf
  - kotlin/com/coder/gateway
    - cli
      - CoderCLIManagerTest.kt
    - util
      - EscapeTest.kt

6 files changed

+74

-23

lines changed

`‎src/main/kotlin/com/coder/gateway/cli/CoderCLIManager.kt‎`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,14 +3,15 @@ package com.coder.gateway.cli`
`3`	`3`	`importcom.coder.gateway.cli.ex.MissingVersionException`
`4`	`4`	`importcom.coder.gateway.cli.ex.ResponseException`
`5`	`5`	`importcom.coder.gateway.cli.ex.SSHConfigFormatException`
`6`		`-importcom.coder.gateway.settings.CoderSettings`
`7`	`6`	`importcom.coder.gateway.services.CoderSettingsState`
	`7`	`+importcom.coder.gateway.settings.CoderSettings`
`8`	`8`	`importcom.coder.gateway.util.CoderHostnameVerifier`
`9`	`9`	`importcom.coder.gateway.util.InvalidVersionException`
`10`		`-importcom.coder.gateway.util.SemVer`
`11`	`10`	`importcom.coder.gateway.util.OS`
	`11`	`+importcom.coder.gateway.util.SemVer`
`12`	`12`	`importcom.coder.gateway.util.coderSocketFactory`
`13`	`13`	`importcom.coder.gateway.util.escape`
	`14`	`+importcom.coder.gateway.util.escapeSubcommand`
`14`	`15`	`importcom.coder.gateway.util.getHeaders`
`15`	`16`	`importcom.coder.gateway.util.getOS`
`16`	`17`	`importcom.coder.gateway.util.safeHost`
`@@ -228,7 +229,7 @@ class CoderCLIManager(`
`228`	`229`	`escape(localBinaryPath.toString()),`
`229`	`230`	`"--global-config", escape(coderConfigPath.toString()),`
`230`	`231`	`if (settings.headerCommand.isNotBlank())"--header-command"elsenull,`
`231`		`-if (settings.headerCommand.isNotBlank())escape(settings.headerCommand)elsenull,`
	`232`	`+if (settings.headerCommand.isNotBlank())escapeSubcommand(settings.headerCommand)elsenull,`
`232`	`233`	`"ssh","--stdio")`
`233`	`234`	`val blockContent= workspaceNames.joinToString(`
`234`	`235`	`System.lineSeparator(),`

`‎src/main/kotlin/com/coder/gateway/util/Escape.kt‎`

Lines changed: 34 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,10 @@`
`1`	`1`	`packagecom.coder.gateway.util`
`2`	`2`
`3`	`3`	`/**`
`4`		`- * Escape a command argument to be used in the ProxyCommand of an SSH`
`5`		`- * config. Surround with double quotes if the argument contains whitespace`
`6`		`- * and escape any existing double quotes.`
	`4`	`+ * Escape an argument to be used in the ProxyCommand of an SSH config.`
	`5`	`+ *`
	`6`	`+ * Escaping happens by surrounding with double quotes if the argument contains`
	`7`	`+ * whitespace and escaping any existing double quotes regardless of whitespace.`
`7`	`8`	`*`
`8`	`9`	`* Throws if the argument is invalid.`
`9`	`10`	`*/`
`@@ -15,4 +16,33 @@ fun escape(s: String): String {`
`15`	`16`	`return"\""+ s.replace("\"","\\\"")+"\""`
`16`	`17`	`}`
`17`	`18`	`return s.replace("\"","\\\"")`
`18`		`-}`
	`19`	`+}`
	`20`	`+`
	`21`	`+/**`
	`22`	`+ * Escape an argument to be executed by the Coder binary such that expansions`
	`23`	`+ * happen in the binary and not in SSH.`
	`24`	`+ *`
	`25`	`+ * Escaping happens by wrapping in single quotes on Linux and escaping % on`
	`26`	`+ * Windows.`
	`27`	`+ *`
	`28`	`+ * Throws if the argument is invalid.`
	`29`	`+*/`
	`30`	`+funescapeSubcommand(s:String):String {`
	`31`	`+if (s.contains("\n")) {`
	`32`	`+throwException("argument cannot contain newlines")`
	`33`	`+ }`
	`34`	`+returnif (getOS()==OS.WINDOWS) {`
	`35`	`+// On Windows variables are in the format %VAR%. % is interpreted by`
	`36`	`+// SSH as a special sequence and can be escaped with %%. Do not use`
	`37`	`+// single quotes on Windows; they appear to only be used literally.`
	`38`	`+return escape(s).replace("%","%%")`
	`39`	`+ }else {`
	`40`	`+// On *nix and similar systems variables are in the format $VAR. SSH`
	`41`	`+// will expand these before executing the proxy command; we can prevent`
	`42`	`+// this by using single quotes. You cannot escape single quotes inside`
	`43`	`+// single quotes, so if there are existing quotes you end the current`
	`44`	`+// quoted string, output an escaped quote, then start the quoted string`
	`45`	`+// again.`
	`46`	`+"'"+ s.replace("'","'\\''")+"'"`
	`47`	`+ }`
	`48`	`+}`

`‎src/test/fixtures/outputs/header-command-windows.conf‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`# --- START CODER JETBRAINS test.coder.invalid`
`2`	`2`	`Host coder-jetbrains--header--test.coder.invalid`
`3`		`- ProxyCommand /tmp/coder-gateway/test.coder.invalid/coder-linux-amd64 --global-config /tmp/coder-gateway/test.coder.invalid/config --header-command "C:\Program Files\My Header Command\\"also has quotes\"\HeaderCommand.exe" ssh --stdio header`
	`3`	`+ ProxyCommand /tmp/coder-gateway/test.coder.invalid/coder-linux-amd64 --global-config /tmp/coder-gateway/test.coder.invalid/config --header-command "\"C:\Program Files\My Header Command\HeaderCommand.exe\" --url \"%%CODER_URL%%\" --test=\"foo bar\"" ssh --stdio header`
`4`	`4`	`ConnectTimeout 0`
`5`	`5`	`StrictHostKeyChecking no`
`6`	`6`	`UserKnownHostsFile /dev/null`

`‎src/test/fixtures/outputs/header-command.conf‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`# --- START CODER JETBRAINS test.coder.invalid`
`2`	`2`	`Host coder-jetbrains--header--test.coder.invalid`
`3`		`- ProxyCommand /tmp/coder-gateway/test.coder.invalid/coder-linux-amd64 --global-config /tmp/coder-gateway/test.coder.invalid/config --header-command"my-header-command\"test\"" ssh --stdio header`
	`3`	`+ ProxyCommand /tmp/coder-gateway/test.coder.invalid/coder-linux-amd64 --global-config /tmp/coder-gateway/test.coder.invalid/config --header-command'my-header-command--url="$CODER_URL" --test="foo bar" --literal='\''$CODER_URL'\''' ssh --stdio header`
`4`	`4`	`ConnectTimeout 0`
`5`	`5`	`StrictHostKeyChecking no`
`6`	`6`	`UserKnownHostsFile /dev/null`

`‎src/test/kotlin/com/coder/gateway/cli/CoderCLIManagerTest.kt‎`

Lines changed: 16 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,16 +3,6 @@ package com.coder.gateway.cli`
`3`	`3`	`importcom.coder.gateway.cli.ex.MissingVersionException`
`4`	`4`	`importcom.coder.gateway.cli.ex.ResponseException`
`5`	`5`	`importcom.coder.gateway.cli.ex.SSHConfigFormatException`
`6`		`-importkotlin.test.Test`
`7`		`-importkotlin.test.assertContains`
`8`		`-importkotlin.test.assertEquals`
`9`		`-importkotlin.test.assertFailsWith`
`10`		`-importkotlin.test.assertFalse`
`11`		`-importkotlin.test.assertNotEquals`
`12`		`-importkotlin.test.assertTrue`
`13`		`-importorg.junit.jupiter.api.assertDoesNotThrow`
`14`		`-importorg.junit.jupiter.api.BeforeAll`
`15`		`-`
`16`	`6`	`importcom.coder.gateway.services.CoderSettingsState`
`17`	`7`	`importcom.coder.gateway.settings.CoderSettings`
`18`	`8`	`importcom.coder.gateway.util.InvalidVersionException`
`@@ -24,13 +14,22 @@ import com.coder.gateway.util.sha1`
`24`	`14`	`importcom.coder.gateway.util.toURL`
`25`	`15`	`importcom.google.gson.JsonSyntaxException`
`26`	`16`	`importcom.sun.net.httpserver.HttpServer`
	`17`	`+importorg.junit.jupiter.api.BeforeAll`
	`18`	`+importorg.junit.jupiter.api.assertDoesNotThrow`
	`19`	`+importorg.zeroturnaround.exec.InvalidExitValueException`
	`20`	`+importorg.zeroturnaround.exec.ProcessInitException`
`27`	`21`	`importjava.net.HttpURLConnection`
`28`	`22`	`importjava.net.InetSocketAddress`
`29`	`23`	`importjava.net.URL`
`30`	`24`	`importjava.nio.file.AccessDeniedException`
`31`	`25`	`importjava.nio.file.Path`
`32`		`-importorg.zeroturnaround.exec.InvalidExitValueException`
`33`		`-importorg.zeroturnaround.exec.ProcessInitException`
	`26`	`+importkotlin.test.Test`
	`27`	`+importkotlin.test.assertContains`
	`28`	`+importkotlin.test.assertEquals`
	`29`	`+importkotlin.test.assertFailsWith`
	`30`	`+importkotlin.test.assertFalse`
	`31`	`+importkotlin.test.assertNotEquals`
	`32`	`+importkotlin.test.assertTrue`
`34`	`33`
`35`	`34`	`internalclassCoderCLIManagerTest {`
`36`	`35`	`privatefunmkbin(version:String):String {`
`@@ -253,8 +252,11 @@ internal class CoderCLIManagerTest {`
`253`	`252`	`SSHTest(listOf("foo-bar"),"no-blocks","append-no-blocks","no-blocks",null),`
`254`	`253`	`SSHTest(listOf("foo-bar"),"no-related-blocks","append-no-related-blocks","no-related-blocks",null),`
`255`	`254`	`SSHTest(listOf("foo-bar"),"no-newline","append-no-newline","no-blocks",null),`
`256`		`-SSHTest(listOf("header"),null,"header-command","blank","my-header-command\"test\""),`
`257`		`-SSHTest(listOf("header"),null,"header-command-windows","blank","""C:\Program Files\My Header Command\"also has quotes"\HeaderCommand.exe"""),`
	`255`	`+if (getOS()==OS.WINDOWS) {`
	`256`	`+SSHTest(listOf("header"),null,"header-command-windows","blank",""""C:\Program Files\My Header Command\HeaderCommand.exe" --url="%CODER_URL%" --test="foo bar"""")`
	`257`	`+ }else {`
	`258`	`+SSHTest(listOf("header"),null,"header-command","blank","my-header-command --url=\"\$CODER_URL\" --test=\"foo bar\" --literal='\$CODER_URL'")`
	`259`	`+ }`
`258`	`260`	`)`
`259`	`261`
`260`	`262`	`val newlineRe="\r?\n".toRegex()`

`‎src/test/kotlin/com/coder/gateway/util/EscapeTest.kt‎`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,4 +19,22 @@ internal class EscapeTest {`
`19`	`19`	`assertEquals(it.value, escape(it.key))`
`20`	`20`	`}`
`21`	`21`	`}`
	`22`	`+`
	`23`	`+ @Test`
	`24`	`+funtestEscapeSubcommand() {`
	`25`	`+val tests=if (getOS()==OS.WINDOWS) {`
	`26`	`+mapOf(`
	`27`	`+"auth.exe --url=%CODER_URL%" to"\"auth.exe --url=%%CODER_URL%%\"",`
	`28`	`+"\"my auth.exe\" --url=%CODER_URL%" to"\"\\\"my auth.exe\\\" --url=%%CODER_URL%%\"",`
	`29`	`+ )`
	`30`	`+ }else {`
	`31`	`+mapOf(`
	`32`	`+"auth --url=\$CODER_URL" to"'auth --url=\$CODER_URL'",`
	`33`	`+"'my auth program' --url=\$CODER_URL" to"''\\''my auth program'\\'' --url=\$CODER_URL'",`
	`34`	`+ )`
	`35`	`+ }`
	`36`	`+ tests.forEach {`
	`37`	`+ assertEquals(it.value, escapeSubcommand(it.key))`
	`38`	`+ }`
	`39`	`+ }`
`22`	`40`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1dd7d2c

File tree

6 files changed

6 files changed

`‎src/main/kotlin/com/coder/gateway/cli/CoderCLIManager.kt‎`

`‎src/main/kotlin/com/coder/gateway/util/Escape.kt‎`

`‎src/test/fixtures/outputs/header-command-windows.conf‎`

`‎src/test/fixtures/outputs/header-command.conf‎`

`‎src/test/kotlin/com/coder/gateway/cli/CoderCLIManagerTest.kt‎`

`‎src/test/kotlin/com/coder/gateway/util/EscapeTest.kt‎`

0 commit comments