2011-08-22 20:14:12 +00:00
|
|
|
{- safely running shell commands
|
|
|
|
-
|
2015-05-05 17:51:31 +00:00
|
|
|
- Copyright 2010-2015 Joey Hess <id@joeyh.name>
|
2011-08-22 20:14:12 +00:00
|
|
|
-
|
2014-05-10 14:01:27 +00:00
|
|
|
- License: BSD-2-clause
|
2011-08-22 20:14:12 +00:00
|
|
|
-}
|
|
|
|
|
2015-05-10 20:31:50 +00:00
|
|
|
{-# OPTIONS_GHC -fno-warn-tabs #-}
|
|
|
|
|
2019-11-23 15:07:22 +00:00
|
|
|
module Utility.SafeCommand (
|
|
|
|
CommandParam(..),
|
|
|
|
toCommand,
|
|
|
|
boolSystem,
|
|
|
|
boolSystem',
|
|
|
|
boolSystemEnv,
|
|
|
|
safeSystem,
|
|
|
|
safeSystem',
|
|
|
|
safeSystemEnv,
|
|
|
|
shellWrap,
|
|
|
|
shellEscape,
|
|
|
|
shellUnEscape,
|
|
|
|
segmentXargsOrdered,
|
|
|
|
segmentXargsUnordered,
|
|
|
|
prop_isomorphic_shellEscape,
|
|
|
|
prop_isomorphic_shellEscape_multiword,
|
|
|
|
) where
|
2011-08-22 20:14:12 +00:00
|
|
|
|
|
|
|
import System.Exit
|
2012-07-19 04:43:36 +00:00
|
|
|
import Utility.Process
|
2017-05-16 03:32:17 +00:00
|
|
|
import Utility.Split
|
2013-08-01 19:15:49 +00:00
|
|
|
import System.FilePath
|
|
|
|
import Data.Char
|
2015-11-17 21:27:24 +00:00
|
|
|
import Data.List
|
2015-05-10 20:19:56 +00:00
|
|
|
import Control.Applicative
|
|
|
|
import Prelude
|
2011-08-22 20:14:12 +00:00
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Parameters that can be passed to a shell command.
|
|
|
|
data CommandParam
|
2015-06-01 17:52:23 +00:00
|
|
|
= Param String -- ^ A parameter
|
2015-05-27 16:39:04 +00:00
|
|
|
| File FilePath -- ^ The name of a file
|
2011-08-22 20:14:12 +00:00
|
|
|
deriving (Eq, Show, Ord)
|
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Used to pass a list of CommandParams to a function that runs
|
|
|
|
-- a command and expects Strings. -}
|
2011-08-22 20:14:12 +00:00
|
|
|
toCommand :: [CommandParam] -> [String]
|
2018-08-16 18:28:05 +00:00
|
|
|
toCommand = map toCommand'
|
|
|
|
|
|
|
|
toCommand' :: CommandParam -> String
|
|
|
|
toCommand' (Param s) = s
|
|
|
|
-- Files that start with a non-alphanumeric that is not a path
|
|
|
|
-- separator are modified to avoid the command interpreting them as
|
|
|
|
-- options or other special constructs.
|
|
|
|
toCommand' (File s@(h:_))
|
|
|
|
| isAlphaNum h || h `elem` pathseps = s
|
|
|
|
| otherwise = "./" ++ s
|
2012-12-13 04:24:19 +00:00
|
|
|
where
|
2013-08-02 16:37:45 +00:00
|
|
|
-- '/' is explicitly included because it's an alternative
|
|
|
|
-- path separator on Windows.
|
2013-08-02 16:42:14 +00:00
|
|
|
pathseps = pathSeparator:"./"
|
2018-08-16 18:28:05 +00:00
|
|
|
toCommand' (File s) = s
|
2011-08-22 20:14:12 +00:00
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Run a system command, and returns True or False if it succeeded or failed.
|
|
|
|
--
|
|
|
|
-- This and other command running functions in this module log the commands
|
|
|
|
-- run at debug level, using System.Log.Logger.
|
2011-08-22 20:14:12 +00:00
|
|
|
boolSystem :: FilePath -> [CommandParam] -> IO Bool
|
2015-05-05 17:51:31 +00:00
|
|
|
boolSystem command params = boolSystem' command params id
|
2011-08-22 20:14:12 +00:00
|
|
|
|
2015-05-05 17:51:31 +00:00
|
|
|
boolSystem' :: FilePath -> [CommandParam] -> (CreateProcess -> CreateProcess) -> IO Bool
|
|
|
|
boolSystem' command params mkprocess = dispatch <$> safeSystem' command params mkprocess
|
2012-12-13 04:24:19 +00:00
|
|
|
where
|
|
|
|
dispatch ExitSuccess = True
|
|
|
|
dispatch _ = False
|
2011-11-09 21:28:35 +00:00
|
|
|
|
2015-05-05 17:51:31 +00:00
|
|
|
boolSystemEnv :: FilePath -> [CommandParam] -> Maybe [(String, String)] -> IO Bool
|
|
|
|
boolSystemEnv command params environ = boolSystem' command params $
|
|
|
|
\p -> p { env = environ }
|
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Runs a system command, returning the exit status.
|
2011-11-09 21:28:35 +00:00
|
|
|
safeSystem :: FilePath -> [CommandParam] -> IO ExitCode
|
2015-05-05 17:51:31 +00:00
|
|
|
safeSystem command params = safeSystem' command params id
|
2011-11-09 21:28:35 +00:00
|
|
|
|
2015-05-05 17:51:31 +00:00
|
|
|
safeSystem' :: FilePath -> [CommandParam] -> (CreateProcess -> CreateProcess) -> IO ExitCode
|
2020-06-03 16:52:11 +00:00
|
|
|
safeSystem' command params mkprocess =
|
|
|
|
withCreateProcess p $ \_ _ _ pid ->
|
|
|
|
waitForProcess pid
|
2015-05-05 17:51:31 +00:00
|
|
|
where
|
|
|
|
p = mkprocess $ proc command (toCommand params)
|
|
|
|
|
|
|
|
safeSystemEnv :: FilePath -> [CommandParam] -> Maybe [(String, String)] -> IO ExitCode
|
|
|
|
safeSystemEnv command params environ = safeSystem' command params $
|
|
|
|
\p -> p { env = environ }
|
2011-08-22 20:14:12 +00:00
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Wraps a shell command line inside sh -c, allowing it to be run in a
|
|
|
|
-- login shell that may not support POSIX shell, eg csh.
|
2013-03-29 17:09:30 +00:00
|
|
|
shellWrap :: String -> String
|
|
|
|
shellWrap cmdline = "sh -c " ++ shellEscape cmdline
|
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Escapes a filename or other parameter to be safely able to be exposed to
|
|
|
|
-- the shell.
|
|
|
|
--
|
|
|
|
-- This method works for POSIX shells, as well as other shells like csh.
|
2011-08-22 20:14:12 +00:00
|
|
|
shellEscape :: String -> String
|
|
|
|
shellEscape f = "'" ++ escaped ++ "'"
|
2012-12-13 04:24:19 +00:00
|
|
|
where
|
|
|
|
-- replace ' with '"'"'
|
2017-01-31 22:40:42 +00:00
|
|
|
escaped = intercalate "'\"'\"'" $ splitc '\'' f
|
2011-08-22 20:14:12 +00:00
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Unescapes a set of shellEscaped words or filenames.
|
2011-08-22 20:14:12 +00:00
|
|
|
shellUnEscape :: String -> [String]
|
|
|
|
shellUnEscape [] = []
|
|
|
|
shellUnEscape s = word : shellUnEscape rest
|
2012-12-13 04:24:19 +00:00
|
|
|
where
|
|
|
|
(word, rest) = findword "" s
|
|
|
|
findword w [] = (w, "")
|
|
|
|
findword w (c:cs)
|
|
|
|
| c == ' ' = (w, cs)
|
|
|
|
| c == '\'' = inquote c w cs
|
|
|
|
| c == '"' = inquote c w cs
|
|
|
|
| otherwise = findword (w++[c]) cs
|
|
|
|
inquote _ w [] = (w, "")
|
|
|
|
inquote q w (c:cs)
|
|
|
|
| c == q = findword w cs
|
|
|
|
| otherwise = inquote q (w++[c]) cs
|
2011-08-22 20:14:12 +00:00
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | For quickcheck.
|
2015-11-16 18:37:31 +00:00
|
|
|
prop_isomorphic_shellEscape :: String -> Bool
|
|
|
|
prop_isomorphic_shellEscape s = [s] == (shellUnEscape . shellEscape) s
|
|
|
|
prop_isomorphic_shellEscape_multiword :: [String] -> Bool
|
|
|
|
prop_isomorphic_shellEscape_multiword s = s == (shellUnEscape . unwords . map shellEscape) s
|
2013-02-15 17:05:19 +00:00
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Segments a list of filenames into groups that are all below the maximum
|
|
|
|
-- command-line length limit.
|
2015-04-02 04:30:36 +00:00
|
|
|
segmentXargsOrdered :: [FilePath] -> [[FilePath]]
|
|
|
|
segmentXargsOrdered = reverse . map reverse . segmentXargsUnordered
|
|
|
|
|
2015-05-27 16:39:04 +00:00
|
|
|
-- | Not preserving order is a little faster, and streams better when
|
|
|
|
-- there are a great many filenames.
|
2015-04-02 04:30:36 +00:00
|
|
|
segmentXargsUnordered :: [FilePath] -> [[FilePath]]
|
|
|
|
segmentXargsUnordered l = go l [] 0 []
|
2013-02-15 17:05:19 +00:00
|
|
|
where
|
2015-04-02 04:30:36 +00:00
|
|
|
go [] c _ r = (c:r)
|
2013-02-15 17:05:19 +00:00
|
|
|
go (f:fs) c accumlen r
|
2015-04-02 04:33:08 +00:00
|
|
|
| newlen > maxlen && len < maxlen = go (f:fs) [] 0 (c:r)
|
2013-02-15 17:05:19 +00:00
|
|
|
| otherwise = go fs (f:c) newlen r
|
|
|
|
where
|
|
|
|
len = length f
|
|
|
|
newlen = accumlen + len
|
|
|
|
|
2015-03-26 17:48:12 +00:00
|
|
|
{- 10k of filenames per command, well under 100k limit
|
|
|
|
- of Linux (and OSX has a similar limit);
|
2018-11-06 21:26:20 +00:00
|
|
|
- allows room for other parameters etc. Also allows for
|
|
|
|
- eg, multibyte characters. -}
|
2013-02-15 17:05:19 +00:00
|
|
|
maxlen = 10240
|