-
-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm/global_config_entry.pp: improve shell quoting #436
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🙋🏻♀️
@@ -17,13 +17,13 @@ | |||
if $config_setting =~ /(_|:_)/ { | |||
$onlyif_command = $facts['os']['family'] ? { | |||
'Windows' => "${cmd_exe_path} /C FOR /F %G IN ('${npm_path} config get globalconfig') DO IF EXIST %G (FINDSTR /B /C:\"${$config_setting}\" %G) ELSE (EXIT 1)", | |||
default => "test -f $(${npm_path} config get globalconfig) && grep -qe \"^${$config_setting}\" $(${npm_path} config get globalconfig)", | |||
default => "test -f \"$(${npm_path} config get globalconfig)\" && grep -qe '^${$config_setting}' \"$(${npm_path} config get globalconfig)\"", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't understand the logic of your choices: when did you pick single quotes and when did you pick double quotes, and, why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@igalic when we don't need the shell to do any expansion or interpolation, we can use single quotes, which also saves us some escaping of double quotes. Command substitutions should usually be quoted to prevent word splitting and filename expansion on the results. Probably this doesn't matter for the expected values here, but might as well. Also, here
default => "test \"$(${npm_path} get ${config_setting} --global | tr -d '\n')\" != \"${value}\"", |
we already had proper quoting of the command substitution, so I wanted to make the other ones consistent.
Shell programming is the worst 😉
I wonder if this should be using inifile instead, but I guess this works. 🤷♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually, using inifile would make this infinitely more readable, and easier to transport from one OS to another, and simplify our testing, greatly, as the platform abstraction would already be handled by inifile itself
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so, what do we do?
who has time for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For safety and readability.
b999f28
to
2eb623f
Compare
Improve shell quoting for safety and readability. Noticed these while reviewing #435 but didn't get to this before that was merged.