Merge pull request #760 from flatcar/krnowak/bash-escape-parameters

ci-automation: Properly escape parameters passed to bash
2025-08-16 01:16:59 +02:00 · 2023-05-03 08:00:27 +02:00 · 2023-05-03 08:00:27 +02:00 · dbe64c0131
commit dbe64c0131
parent d2b3744252 66e72c79a0
1 changed files with 35 additions and 9 deletions
--- a/ci-automation/test.sh
+++ b/ci-automation/test.sh
@ -114,6 +114,21 @@ function __prepare_torcx() {
 }
 # --

+function __escape_multiple() {
+    local out_array_arg_name="${1}"; shift
+    # rest are args to be escape and appended into the array named
+    # after the first arg
+    local -n out_array_arg_ref="${out_array_arg_name}"
+    local arg arg_escaped
+
+    out_array_arg_ref=()
+    for arg; do
+        printf -v arg_escaped '%q' "${arg}"
+        out_array_arg_ref+=( "${arg_escaped}" )
+    done
+}
+# --
+
 function test_run() {
    # Run a subshell, so the traps, environment changes and global
    # variables are not spilled into the caller.
@ -173,11 +188,27 @@ function _test_run_impl() {
    # A job on each worker prunes old mantle images (docker image prune)
    echo "docker rm -f '${container_name}'" >> ./ci-cleanup.sh

+    local image_escaped
+    printf -v image_escaped '%q' "${image}"
+    local common_test_args=(
+        "${work_dir}"
+        "${tests_dir}"
+        "${arch}"
+        "${vernum}"
+    )
+    local common_test_args_escaped=()
+    __escape_multiple common_test_args_escaped "${common_test_args[@]}"
+
+    local tests_escaped=()
+    __escape_multiple tests_escaped "${@}"
+
    # Vendor tests may need to know if it is a first run or a rerun
    touch "${work_dir}/first_run"
    for retry in $(seq "${retries}"); do
        local tapfile="results-run-${retry}.tap"
        local failfile="failed-run-${retry}.txt"
+        local tapfile_escaped
+        printf -v tapfile_escaped '%q' "${tapfile}"

        # Ignore retcode since tests are flaky. We'll re-run failed tests and
        #  determine success based on test results (tapfile).
@ -185,13 +216,9 @@ function _test_run_impl() {
        touch sdk_container/.env
        docker run --pull always --rm --name="${container_name}" --privileged --net host -v /dev:/dev \
          -w /work -v "$PWD":/work "${mantle_ref}" \
-         bash -c "set -o noglob && git config --global --add safe.directory /work && source sdk_container/.env && ci-automation/vendor-testing/${image}.sh \
-                \"${work_dir}\" \
-                \"${tests_dir}\" \
-                \"${arch}\" \
-                \"${vernum}\" \
-                \"${tapfile}\" \
-                $*"
+         bash -c "git config --global --add safe.directory /work && \
+                  source sdk_container/.env && \
+                  ci-automation/vendor-testing/${image_escaped}.sh ${common_test_args_escaped[*]} ${tapfile_escaped} ${tests_escaped[*]}"
        set -e
        rm -f "${work_dir}/first_run"

@ -226,10 +253,9 @@ function _test_run_impl() {
        echo "Failed tests:"
        printf '%s\n' "${failed_tests[@]}"
        echo "-----------"
-        set -- "${failed_tests[@]}"
+        __escape_multiple tests_escaped "${failed_tests[@]}"
    done

-
    if ${print_give_up}; then
        echo "########### All re-runs exhausted ($retries). Giving up. ###########"
    fi