App#save_password: Shell escape passwordshell-escape-passwords

Escape special shell characters so that passwords with single quotes can be saved to the keychain. Otherwise, the single quotes surrounding the "-w '%s'" cause an error on passwords with single quotes. I know testing private methods is not recommended, but this seemed like something that would be good to test. Maybe the method should be made public if that's a concern?
author: Teddy Wing 2018-01-29 00:07:56 +0100
committer: Teddy Wing 2018-01-29 00:26:07 +0100
commit: c70cf3982c007108dcd631a9d1011e2e6c7e31de (patch)
tree: 016202abca2ee7de61df8039a7e310dd7c531a89 /lib
parent: cea2bbe0d1b2c9629d7fab397093856580a9e099 (diff)
download: hcl-shell-escape-passwords.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/hcl/app.rb b/lib/hcl/app.rb
index 4f2530b..ab8ef5d 100644
--- a/lib/hcl/app.rb
+++ b/lib/hcl/app.rb
@@ -1,5 +1,6 @@
 require 'yaml'
 require 'fileutils'
+require 'shellwords'
 
 require 'trollop'
 require 'highline/import'
@@ -226,10 +227,10 @@ EOM
     end
 
     def save_password config
-      if system("security add-internet-password -U -l hcl -a '%s' -s '%s.harvestapp.com' -w '%s'" % [
+      if system("security add-internet-password -U -l hcl -a '%s' -s '%s.harvestapp.com' -w %s" % [
         config['login'],
         config['subdomain'],
-        config['password'],
+        Shellwords.escape(config['password']),
       ]) then config.delete('password') end
     end
   end
author	Teddy Wing	2018-01-29 00:07:56 +0100
committer	Teddy Wing	2018-01-29 00:26:07 +0100
commit	c70cf3982c007108dcd631a9d1011e2e6c7e31de (patch)
tree	016202abca2ee7de61df8039a7e310dd7c531a89 /lib
parent	cea2bbe0d1b2c9629d7fab397093856580a9e099 (diff)
download	hcl-shell-escape-passwords.tar.bz2