From 7f4cb1c1d050249b6c4a35a656bd02ee0b131574 Mon Sep 17 00:00:00 2001
From: Damian Kaczmarek <rush@rushbase.net>
Date: Tue, 27 Feb 2018 00:48:38 -0600
Subject: [PATCH] improve: shell escaping, allow for whitespace and single
 quotes (#108)

---
 plugin.go      | 7 +++++--
 plugin_test.go | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/plugin.go b/plugin.go
index 120f92d..6ea65d8 100644
--- a/plugin.go
+++ b/plugin.go
@@ -43,6 +43,10 @@ type (
 	}
 )
 
+func escapeArg(arg string) string {
+	return "'" + strings.Replace(arg, "'", `'\''`, -1) + "'"
+}
+
 func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 	// Create MakeConfig instance with remote username, server address and path to private key.
 	ssh := &easyssh.MakeConfig{
@@ -72,8 +76,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 	for _, key := range p.Config.Envs {
 		key = strings.ToUpper(key)
 		val := os.Getenv(key)
-		val = strings.Replace(val, " ", "", -1)
-		env = append(env, key+"='"+val+"'")
+		env = append(env, key+"="+escapeArg(val))
 	}
 
 	p.Config.Script = append(env, p.Config.Script...)
diff --git a/plugin_test.go b/plugin_test.go
index 246db11..998e304 100644
--- a/plugin_test.go
+++ b/plugin_test.go
@@ -232,7 +232,7 @@ func TestSSHCommandExitCodeError(t *testing.T) {
 }
 
 func TestSetENV(t *testing.T) {
-	os.Setenv("FOO", "1)")
+	os.Setenv("FOO", `'  1)  '`)
 	plugin := Plugin{
 		Config: Config{
 			Host:           []string{"localhost"},