Fixes bug: unable to spawn .bat with %<environment variable>% in name #51
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cspotcode
added a commit
to cspotcode/node-cross-spawn
that referenced
this pull request
Dec 11, 2016
…able name>% Passes command string to cmd.exe as an environment variable cmd.exe unsets the environment variable and then runs the command cross-spawn avoids environment variable naming conflicts
6817897
to
8c6ef59
Compare
cspotcode
added a commit
to cspotcode/node-cross-spawn
that referenced
this pull request
Dec 11, 2016
…able name>% Passes command string to cmd.exe as an environment variable cmd.exe unsets the environment variable and then runs the command cross-spawn avoids environment variable naming conflicts
8c6ef59
to
a284ab9
Compare
|
I updated this PR to fix the bug using the technique I described above. All tests are passing, so it should be ready to merge. Let me know if you have any questions. |
|
@cspotcode Thanks for the PR, it's definitively something that I haven't though. I will request a few changes to the code. |
satazor
reviewed
Feb 25, 2017
| @@ -36,13 +40,20 @@ function parseNonShell(parsed) { | |||
| if (needsShell) { | |||
| // Escape command & arguments | |||
| applyQuotes = (parsed.command !== 'echo'); // Do not quote arguments for the special "echo" command | |||
| parsed.command = escapeCommand(parsed.command); | |||
There was a problem hiding this comment.
Can we keep everything in the parsed object? Code is concise and no additional variables are necessary.
There was a problem hiding this comment.
Keeping everything on the parsed object is more confusing to a new reader. Doing so would mean we are storing a temporary value onto the object with no intention of keeping that value, since it is overwritten on line 57. By using a variable, we're indicating that this is a temporary value used in computation. command would ideally be declared const to make the code's intent even clearer.
lib/parse.js
Outdated
| @@ -107,4 +118,16 @@ function parse(command, args, options) { | |||
| return options.shell ? parseShell(parsed) : parseNonShell(parsed); | |||
| } | |||
|
|
|||
| // Like Object.assign, for older node versions | |||
| function assign(target, source) { | |||
There was a problem hiding this comment.
Add lodash.assign as a dependency and use it instead.
lib/parse.js
Outdated
| parsed.args = ['/d', '/s', '/c', '"' + parsed.command + (parsed.args.length ? ' ' + parsed.args.join(' ') : '') + '"']; | ||
| // Pass command as environment variable | ||
| parsed.options.env = assign({}, parsed.options.env || process.env); | ||
| do { |
There was a problem hiding this comment.
I don't think this is necessary, just assigning _cross_spawn_command_<Math.round(Math.random() * 10e15).toString(35)> is fine.
There was a problem hiding this comment.
My implementation is technically safer, although I agree the possibility of a collision is remote. If you're dedicated to saving 2 lines of code then I'll change it, but at this point the code's already written, so I think it should stay the way it is.
| envVariableName = 'cross_spawn_command_' + envVariableSuffix; | ||
| envVariableSuffix += 1; | ||
| } while (Object.prototype.hasOwnProperty.call(parsed.options.env, envVariableName)); | ||
| parsed.options.env[envVariableName] = command + (args.length ? ' ' + args.join(' ') : ''); |
There was a problem hiding this comment.
Add a comment explaining this technique and why it's necessary for future reading.
bab1783
to
6b3ba1a
Compare
|
@satazor Thanks for the comments. I implemented the requested changes or replied with comments explaining why I think my implementation should remain as-is. Although I do have strong opinions, I don't have a problem changing my code if you really want it implemented a certain way. Just let me know. In the process I also noticed that the passed options object is mutated in certain situations, so I added a failing test and then fixed it. EDIT: I forgot to mention that I can squash these commits downs, too. I left them separate to make the revisions more obvious. |
…able name>% Passes command string to cmd.exe as an environment variable cmd.exe unsets the environment variable and then runs the command cross-spawn avoids environment variable naming conflicts
6b3ba1a
to
0a4824a
Compare
|
Any interest in merging this? I published a proof-of-concept at @cspotcode/cross-spawn. Tests pass; everything appears to work correctly. |
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
- Add a work around for a NodeJS bug when spawning a command with spaces when `options.shell` was enabled
- Remove support for running `echo` on Windows
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Add a work around for a NodeJS bug when spawning a command with spaces when `options.shell` was enabled, fixes #77
- Fix `options` argument being mutated
- Remove support for running `echo` on Windows
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Add a work around for a NodeJS bug when spawning a command with spaces when `options.shell` was enabled, fixes #77
- Fix `options` argument being mutated
- Remove support for running `echo` on Windows
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
|
@cspotcode I've been working on #83 that fixes this issue by using a different escaping technique using I will be closing this in favor of that MR that I will eventually release tomorrow as a major release. (your failing test was copied as well as the clone of the |
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Change escaping on Windows to use `^` instead of quotes:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Add `^` to also escape Windows metachars:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 11, 2017
- Remove NodeJS v0.10 and v0.12 support
- Add `^` to also escape Windows metachars:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
satazor
added a commit
that referenced
this pull request
Nov 12, 2017
- Remove NodeJS v0.10 and v0.12 support
- Add `^` to also escape Windows metachars:
- Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82
- Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51
- Fix `options` argument being mutated
|
Awesome, thanks for fixing it. |
|
I'm still waiting some feedback on #83 from some people.
|
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported Fixes #82, #51
satazor
added a commit
that referenced
this pull request
Jan 22, 2018
…ch syntax error More specifically: - Fix a bug that made it impossible to escape an argument that contained quotes followed by `>` or other special chars, e.g.: `"foo|bar"`, fixes #82 - Fix a bug were a command containing `%x%` would be replaced with the contents of the `x` environment variable, fixes #51 This was resolved by using `^` to escape all meta chars. Additionally, double escaping was necessary for cmd-shim files located in `node_modules./bin/`. Also, this commit was a major overhaul: - Upgrade tooling - Upgrate project to es6 (node v4) - Fix commands as posix unix relatixe paths not working correctly - Fix `options` argument being mutated - Improve compliance with node's ENOENT errors - Improve detection of node's shell option support - Migrate project to moxystudio BREAKING CHANGE: remove support for older nodejs versions, only node >= 4 is supported Fixes #82, #51
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Spawning
cmd /D /S /C <command string>is susceptible to environment variable expansion. I've added a failing test that illustrates the problem.The only solution I've devised is to pass the command to be executed as an environment variable, not after the
/cflag. Here's an example: