shellescape

package module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2020 License: MIT Imports: 2 Imported by: 0

README

GoDoc Travis-CI Status Coverage Coverage Status

shellescape

Escape arbitrary strings for safe use as command line arguments.

Contents of the package

This package provides the shellescape.Quote() function that returns a shell-escaped copy of a string. This functionality could be helpful in those cases where it is known that the output of a Go program will be appended to/used in the context of shell programs' command line arguments.

This work was inspired by the Python original package shellescape.

Usage

The following snippet shows a typical unsafe idiom:

package main

import (
	"fmt"
	"os"
)

func main() {
	fmt.Printf("ls -l %s\n", os.Args[1])
}

See in Go Playground

Especially when creating pipeline of commands which might end up being executed by a shell interpreter, it is particularly unsafe to not escape arguments.

shellescape.Quote() comes in handy and to safely escape strings:

package main

import (
        "fmt"
        "os"

        "gopkg.in/alessio/shellescape.v1"
)

func main() {
        fmt.Printf("ls -l %s\n", shellescape.Quote(os.Args[1]))
}

See in Go Playground

The escargs utility

escargs reads lines from the standard input and prints shell-escaped versions. Unlinke xargs, blank lines on the standard input are not discarded.

Documentation

Overview

Package shellescape provides the shellescape.Quote to escape arbitrary strings for a safe use as command line arguments in the most common POSIX shells.

The original Python package which this work was inspired by can be found at https://pypi.python.org/pypi/shellescape.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Quote 

func Quote(s string) string

Quote returns a shell-escaped version of the string s. The returned value is a string that can safely be used as one token in a shell command line.

Example 
package main

import (
	"fmt"
	"strings"

	"github.com/alessio/shellescape"
)

func main() {
	filename := "myfile; rm -rf /"
	prog := "/bin/ls -lh"
	unescapedCommand := strings.Join([]string{prog, filename}, " ")
	escapedCommand := strings.Join([]string{prog, shellescape.Quote(filename)}, " ")

	fmt.Println(unescapedCommand)
	fmt.Println(escapedCommand)
	fmt.Println(strings.Split(unescapedCommand, " "))
	fmt.Println(strings.Split(escapedCommand, " "))
}

Output:

/bin/ls -lh myfile; rm -rf /
/bin/ls -lh 'myfile; rm -rf /'
[/bin/ls -lh myfile; rm -rf /]
[/bin/ls -lh 'myfile; rm -rf /']

func QuoteCommand added in v1.3.0 

func QuoteCommand(args []string) string

QuoteCommand returns a shell-escaped version of the slice of strings. The returned value is a string that can safely be used as shell command arguments.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
cmd
escargs command
escargs reads lines from the standard input and prints shell-escaped versions.
 escargs reads lines from the standard input and prints shell-escaped versions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.