Skip to content

Fix PowerShell path escaping #765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 15, 2018
Merged

Fix PowerShell path escaping #765

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b737a89
Fix PowerShell path escaping
Oct 10, 2018
4785078
Only use quote escaping in dot source template
rjmholt Oct 10, 2018
3123832
Add obsolete attributes
rjmholt Oct 10, 2018
4dbf2f8
Remove hidden attribute
rjmholt Oct 10, 2018
08c8ae3
Add international character escaping tests
Oct 10, 2018
e07b5cd
Add dot source tests for strange paths
Oct 10, 2018
2d6a37c
Change use of glob to wildcard
Oct 11, 2018
ce20e65
Fix remaining uses of glob to wildcard
Oct 11, 2018
063b782
Correctly escape path to script
Oct 11, 2018
7fab6d8
Fix git idiocy
Oct 12, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/PowerShellEditorServices.Protocol/Server/DebugAdapter.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ protected async Task HandleLaunchRequest(
// the path exists and is a directory.
if (!string.IsNullOrEmpty(workingDir))
{
workingDir = PowerShellContext.UnescapePath(workingDir);
workingDir = PowerShellContext.UnescapeGlobEscapedPath(workingDir);
try
{
if ((File.GetAttributes(workingDir) & FileAttributes.Directory) != FileAttributes.Directory)
Expand Down
2 changes: 1 addition & 1 deletion src/PowerShellEditorServices/Debugging/DebugService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ public async Task<BreakpointDetails[]> SetLineBreakpoints(
// Fix for issue #123 - file paths that contain wildcard chars [ and ] need to
// quoted and have those wildcard chars escaped.
string escapedScriptPath =
PowerShellContext.EscapePath(scriptPath, escapeSpaces: false);
PowerShellContext.GlobEscapePath(scriptPath);

if (dscBreakpoints == null || !dscBreakpoints.IsDscResourcePath(escapedScriptPath))
{
Expand Down
1 change: 1 addition & 0 deletions src/PowerShellEditorServices/Properties/AssemblyInfo.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

using System.Runtime.CompilerServices;

[assembly: InternalsVisibleTo("Microsoft.PowerShell.EditorServices.Protocol")]
[assembly: InternalsVisibleTo("Microsoft.PowerShell.EditorServices.Test")]
[assembly: InternalsVisibleTo("Microsoft.PowerShell.EditorServices.Test.Shared")]

135 changes: 122 additions & 13 deletions src/PowerShellEditorServices/Session/PowerShellContext.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -796,7 +796,7 @@ public async Task ExecuteScriptWithArgs(string script, string arguments = null,
if (File.Exists(script) || File.Exists(scriptAbsPath))
{
// Dot-source the launched script path
script = ". " + EscapePath(script, escapeSpaces: true);
script = ". " + FullyPowerShellEscapePath(script);
}

launchedScript = script + " " + arguments;
Expand Down Expand Up @@ -1113,30 +1113,143 @@ public async Task SetWorkingDirectory(string path, bool isPathAlreadyEscaped)
{
if (!isPathAlreadyEscaped)
{
path = EscapePath(path, false);
path = GlobEscapePath(path);
}

runspaceHandle.Runspace.SessionStateProxy.Path.SetLocation(path);
}
}

/// <summary>
/// Fully escape a given path for use in PowerShell script.
/// Note: this will not work with PowerShell.AddParameter()
/// </summary>
/// <param name="path">The path to escape.</param>
/// <returns>An escaped version of the path that can be embedded in PowerShell script.</returns>
internal static string FullyPowerShellEscapePath(string path)
{
string globEscapedPath = GlobEscapePath(path);
return QuoteEscapePath(globEscapedPath);
}

/// <summary>
/// Wrap an already escaped path in quotes to make it safe to use in scripts.
/// </summary>
/// <param name="escapedPath">The glob-escaped path to wrap in quotes.</param>
/// <returns>The given path wrapped in quotes appropriately.</returns>
internal static string QuoteEscapePath(string escapedPath)
{
var sb = new StringBuilder(escapedPath.Length + 2); // Length of string plus two quotes
sb.Append('\'');
if (!escapedPath.Contains('\''))
{
sb.Append(escapedPath);
}
else
{
foreach (char c in escapedPath)
{
if (c == '\'')
{
sb.Append("''");
continue;
}

sb.Append(c);
}
}
sb.Append('\'');
return sb.ToString();
}

/// <summary>
/// Return the given path with all PowerShell globbing characters escaped,
/// plus optionally the whitespace.
/// </summary>
/// <param name="path">The path to process.</param>
/// <param name="escapeSpaces">Specify True to escape spaces in the path, otherwise False.</param>
/// <returns>The path with [ and ] escaped.</returns>
internal static string GlobEscapePath(string path, bool escapeSpaces = false)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit but does PowerShell really do globbing? Maybe this should be EscapeWildcardsInPath() or something like that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah good point. Discussing with @JamesWTruher we were calling it "globbing" but the help topic is about_Wildcards. I will rename.

{
var sb = new StringBuilder();
for (int i = 0; i < path.Length; i++)
{
char curr = path[i];
switch (curr)
{
// Escape '[', ']', '?' and '*' with '`'
case '[':
case ']':
case '*':
case '?':
sb.Append('`').Append(curr);
break;

default:
// Escape whitespace if required
if (escapeSpaces && char.IsWhiteSpace(curr))
{
sb.Append('`').Append(curr);
break;
}
sb.Append(curr);
break;
}
}

return sb.ToString();
}

/// <summary>
/// Returns the passed in path with the [ and ] characters escaped. Escaping spaces is optional.
/// </summary>
/// <param name="path">The path to process.</param>
/// <param name="escapeSpaces">Specify True to escape spaces in the path, otherwise False.</param>
/// <returns>The path with [ and ] escaped.</returns>
[Obsolete("This API is not meant for public usage and should not be used.")]
public static string EscapePath(string path, bool escapeSpaces)
{
string escapedPath = Regex.Replace(path, @"(?<!`)\[", "`[");
escapedPath = Regex.Replace(escapedPath, @"(?<!`)\]", "`]");
return GlobEscapePath(path, escapeSpaces);
}

internal static string UnescapeGlobEscapedPath(string globEscapedPath)
{
// Prevent relying on my implementation if we can help it
if (!globEscapedPath.Contains('`'))
{
return globEscapedPath;
}

if (escapeSpaces)
var sb = new StringBuilder(globEscapedPath.Length);
for (int i = 0; i < globEscapedPath.Length; i++)
{
escapedPath = Regex.Replace(escapedPath, @"(?<!`) ", "` ");
// If we see a backtick perform a lookahead
char curr = globEscapedPath[i];
if (curr == '`' && i + 1 < globEscapedPath.Length)
{
// If the next char is an escapable one, don't add this backtick to the new string
char next = globEscapedPath[i + 1];
switch (next)
{
case '[':
case ']':
case '?':
case '*':
continue;

default:
if (char.IsWhiteSpace(next))
{
continue;
}
break;
}
}

sb.Append(curr);
}

return escapedPath;
return sb.ToString();
}

/// <summary>
Expand All @@ -1145,14 +1258,10 @@ public static string EscapePath(string path, bool escapeSpaces)
/// </summary>
/// <param name="path">The path to unescape.</param>
/// <returns>The path with the ` character before [, ] and spaces removed.</returns>
[Obsolete("This API is not meant for public usage and should not be used.")]
public static string UnescapePath(string path)
{
if (!path.Contains("`"))
{
return path;
}

return Regex.Replace(path, @"`(?=[ \[\]])", "");
return UnescapeGlobEscapedPath(path);
}

#endregion
Expand Down
2 changes: 1 addition & 1 deletion src/PowerShellEditorServices/Workspace/Workspace.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,7 @@ internal string ResolveFilePath(string filePath)
// Clients could specify paths with escaped space, [ and ] characters which .NET APIs
// will not handle. These paths will get appropriately escaped just before being passed
// into the PowerShell engine.
filePath = PowerShellContext.UnescapePath(filePath);
filePath = PowerShellContext.UnescapeGlobEscapedPath(filePath);

// Get the absolute file path
filePath = Path.GetFullPath(filePath);
Expand Down
0 ...ed/Debugging/Debug With Params [Test].ps1 → ...d/Debugging/Debug W&ith Params [Test].ps1
View file
Open in desktop
File renamed without changes.
2 changes: 1 addition & 1 deletion test/PowerShellEditorServices.Test/Debugging/DebugServiceTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ public async Task DebuggerAcceptsScriptArgs(string[] args)
// it should not escape already escaped chars.
ScriptFile debugWithParamsFile =
this.workspace.GetFile(
@"..\..\..\..\PowerShellEditorServices.Test.Shared\Debugging\Debug` With Params `[Test].ps1");
@"..\..\..\..\PowerShellEditorServices.Test.Shared\Debugging\Debug` W&ith Params `[Test].ps1");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the deal with the & char? It isn't a wildcard char. Ah, wait a tic. I see. On WinPS it's a reserved char and on PS Core it is used to create a (background) job.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's a "token separator", so it will break a bareword string


await this.debugService.SetLineBreakpoints(
debugWithParamsFile,
Expand Down
74 changes: 74 additions & 0 deletions test/PowerShellEditorServices.Test/Session/PathEscapingTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
using System;
using Xunit;
using Microsoft.PowerShell.EditorServices;

namespace Microsoft.PowerShell.EditorServices.Test.Session
{
public class PathEscapingTests
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+100 !

{
[Theory]
[InlineData("DebugTest.ps1", "DebugTest.ps1")]
[InlineData("../../DebugTest.ps1", "../../DebugTest.ps1")]
[InlineData("C:\\Users\\me\\Documents\\DebugTest.ps1", "C:\\Users\\me\\Documents\\DebugTest.ps1")]
[InlineData("/home/me/Documents/weird&folder/script.ps1", "/home/me/Documents/weird&folder/script.ps1")]
[InlineData("./path/with some/spaces", "./path/with some/spaces")]
[InlineData("C:\\path\\with[some]brackets\\file.ps1", "C:\\path\\with`[some`]brackets\\file.ps1")]
[InlineData("C:\\look\\an*\\here.ps1", "C:\\look\\an`*\\here.ps1")]
[InlineData("/Users/me/Documents/?here.ps1", "/Users/me/Documents/`?here.ps1")]
[InlineData("/Brackets [and s]paces/path.ps1", "/Brackets `[and s`]paces/path.ps1")]
public void CorrectlyGlobEscapesPaths_NoSpaces(string unescapedPath, string escapedPath)
{
string extensionEscapedPath = PowerShellContext.GlobEscapePath(unescapedPath);
Assert.Equal(escapedPath, extensionEscapedPath);
}

[Theory]
[InlineData("DebugTest.ps1", "DebugTest.ps1")]
[InlineData("../../DebugTest.ps1", "../../DebugTest.ps1")]
[InlineData("C:\\Users\\me\\Documents\\DebugTest.ps1", "C:\\Users\\me\\Documents\\DebugTest.ps1")]
[InlineData("/home/me/Documents/weird&folder/script.ps1", "/home/me/Documents/weird&folder/script.ps1")]
[InlineData("./path/with some/spaces", "./path/with` some/spaces")]
[InlineData("C:\\path\\with[some]brackets\\file.ps1", "C:\\path\\with`[some`]brackets\\file.ps1")]
[InlineData("C:\\look\\an*\\here.ps1", "C:\\look\\an`*\\here.ps1")]
[InlineData("/Users/me/Documents/?here.ps1", "/Users/me/Documents/`?here.ps1")]
[InlineData("/Brackets [and s]paces/path.ps1", "/Brackets` `[and` s`]paces/path.ps1")]
public void CorrectlyGlobEscapesPaths_Spaces(string unescapedPath, string escapedPath)
{
string extensionEscapedPath = PowerShellContext.GlobEscapePath(unescapedPath, escapeSpaces: true);
Assert.Equal(escapedPath, extensionEscapedPath);
}

[Theory]
[InlineData("DebugTest.ps1", "'DebugTest.ps1'")]
[InlineData("../../DebugTest.ps1", "'../../DebugTest.ps1'")]
[InlineData("C:\\Users\\me\\Documents\\DebugTest.ps1", "'C:\\Users\\me\\Documents\\DebugTest.ps1'")]
[InlineData("/home/me/Documents/weird&folder/script.ps1", "'/home/me/Documents/weird&folder/script.ps1'")]
[InlineData("./path/with some/spaces", "'./path/with some/spaces'")]
[InlineData("C:\\path\\with[some]brackets\\file.ps1", "'C:\\path\\with`[some`]brackets\\file.ps1'")]
[InlineData("C:\\look\\an*\\here.ps1", "'C:\\look\\an`*\\here.ps1'")]
[InlineData("/Users/me/Documents/?here.ps1", "'/Users/me/Documents/`?here.ps1'")]
[InlineData("/Brackets [and s]paces/path.ps1", "'/Brackets `[and s`]paces/path.ps1'")]
[InlineData("/file path/that isn't/normal/", "'/file path/that isn''t/normal/'")]
public void CorrectlyFullyEscapesPaths_Spaces(string unescapedPath, string escapedPath)
{
string extensionEscapedPath = PowerShellContext.FullyPowerShellEscapePath(unescapedPath);
Assert.Equal(escapedPath, extensionEscapedPath);
}

[Theory]
[InlineData("DebugTest.ps1", "DebugTest.ps1")]
[InlineData("../../DebugTest.ps1", "../../DebugTest.ps1")]
[InlineData("C:\\Users\\me\\Documents\\DebugTest.ps1", "C:\\Users\\me\\Documents\\DebugTest.ps1")]
[InlineData("/home/me/Documents/weird&folder/script.ps1", "/home/me/Documents/weird&folder/script.ps1")]
[InlineData("./path/with` some/spaces", "./path/with some/spaces")]
[InlineData("C:\\path\\with`[some`]brackets\\file.ps1", "C:\\path\\with[some]brackets\\file.ps1")]
[InlineData("C:\\look\\an`*\\here.ps1", "C:\\look\\an*\\here.ps1")]
[InlineData("/Users/me/Documents/`?here.ps1", "/Users/me/Documents/?here.ps1")]
[InlineData("/Brackets` `[and` s`]paces/path.ps1", "/Brackets [and s]paces/path.ps1")]
public void CorrectlyUnescapesPaths(string escapedPath, string expectedUnescapedPath)
{
string extensionUnescapedPath = PowerShellContext.UnescapeGlobEscapedPath(escapedPath);
Assert.Equal(expectedUnescapedPath, extensionUnescapedPath);
}
}
}