Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Special characters not escaped for zsh completion script #1596

Open
iyzana opened this issue Nov 9, 2019 · 7 comments
Open

Special characters not escaped for zsh completion script #1596

iyzana opened this issue Nov 9, 2019 · 7 comments
Labels
A-completion Area: completion generator C-bug Category: Updating dependencies E-easy Call for participation: Experience needed to fix: Easy / not much

Comments

@iyzana
Copy link

iyzana commented Nov 9, 2019

Rust Version

rustc 1.38.0 (625451e37 2019-09-23)

Affected Version of clap

clap 2.33.0

Expected Behavior Summary

Generated Zsh completions correctly complete possible_values even in the presence of characters that have a special meaning for the shell

Actual Behavior Summary

For example, when some string in possible_values contains | (a pipe) the generated completion script fails with

(eval):1: parse error near `|'

when pressing tab for that argument.
That was the problem I ran into. I then tested some other special characters.

A sample of the characters I found to have problems:

  • | breaks completion script (eval):1: parse error near `|'
  • ; splits completion value into two
  • ? makes whole value not show up in completions
  • * makes whole value not show up in completions
  • " breaks completion script (eval):1: unmatched "
  • ` breaks completion script (eval):1: unmatched `
  • $ interpreted as https://www.gnu.org/software/bash/manual/html_node/Special-Parameters.html when followed by some other chars
  • # makes whole value not show up in completions

There are more special characters, that need to be escaped. The reproduction from the repo tests against all non control ascii characters and some dollar-something strings.

Steps to Reproduce the issue

  • Clone reproduction repo git clone https://github.com/succcubbus/clap-zsh-completions-repro
  • cd clap-zsh-completions-repro
  • cargo run --release > _clap-zsh-completions-repro
  • Copy _clap-zsh-completions-repro somewhere into the $fpath of the zsh (e.g. /usr/local/share/zsh/site-functions)
  • cargo install --path .
  • rehash; compinit (so the zsh picks up the new binary and completions)
  • Type clap-zsh-completions-repro and try to complete the argument

Sample Code or Link to Sample Code

https://github.com/succcubbus/clap-zsh-completions-repro

Debug output

https://pastebin.com/KU4yd6FR

@dotboris
Copy link

I've hit the same issue in a project, I've had to work around this by rephrasing the about of a subcommand. dotboris/alt@37e3255

@CreepySkeleton CreepySkeleton added the A-completion Area: completion generator label Feb 1, 2020
@pksunkara pksunkara added this to the 3.1 milestone Apr 9, 2020
@CreepySkeleton CreepySkeleton added D: easy E-easy Call for participation: Experience needed to fix: Easy / not much E-medium Call for participation: Experience needed to fix: Medium / intermediate labels Jun 30, 2020
@Nukesor
Copy link
Contributor

Nukesor commented Sep 14, 2020

' also breaks completion when using subcommands, which uses " for strings).

@alerque
Copy link
Contributor

alerque commented Oct 28, 2020

We just hit this in a project too, backticks in a documentation string shouldn't be causing code execution!

In our case we're using the 3.0.0-beta.2 release, so this isn't just 2.x stuff.

theleagueof/fontship#108

@pksunkara
Copy link
Member

Unfortunately I am still unable to get zsh working properly on my computer. So, I am going to have to rely on contribution

@alerque
Copy link
Contributor

alerque commented Oct 29, 2020

Would introducing a dependency for this be acceptable? I had a look at what's available now and this would take quite a bit of coding. Most of the current dependencies are focused on Claps' core function: accepting stuff in from the CLI. Passing stuff out to into the CLI (as opposed to just the TTY) would is a bit of a different problem but it seems reasonable to expect Clap to handle this robustly. As the inital report and demo repository note there are a lot of cases involved here. I haven't confirmed if shell-escape is actually appropriate or if there are better alternatives, but before I research too much lets hear about whether a dependency to safely handle shell escapeing is going to be allowed.

@pksunkara
Copy link
Member

Since the generator lives in a separate crate and is always opt-in, I would tentatively say yes.

@pksunkara
Copy link
Member

But I don't think there are any crates that do this.

pseyfert added a commit to pseyfert/clap that referenced this issue Oct 8, 2021
 * This escapes everything that comes up in the reproducer from the
   above issue. NB: this means possible_value only.

missing:

 * possible_value(...).about
 * Arg(...).value_name[s]
 * Arg(...).about
 * Arg(...).long
@epage epage removed this from the 3.1 milestone Dec 9, 2021
@epage epage added C-bug Category: Updating dependencies and removed D: easy E-medium Call for participation: Experience needed to fix: Medium / intermediate labels Dec 9, 2021
jcgruenhage added a commit to jcgruenhage/ouch that referenced this issue Feb 13, 2022
Apparently, clap_complete doesn't properly escape single quotes in doc
comments, leading to broken shell completions for zsh. To circumvent
this, I've removed the single quote in the one place where it shouldn't
have been in the first place ("it's" vs "its", contraction vs possessive
pronoun), and replaced "it's" with "it is" in the other place.

Reference to upstream issue: clap-rs/clap#1596
pseyfert added a commit to pseyfert/clap that referenced this issue May 9, 2022
 * This escapes everything that comes up in the reproducer from the
   above issue. NB: this means possible_values only.

missing:

 * possible_value(...).help
 * Arg(...).value_name[s]
 * Arg(...).about
 * Arg(...).long
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-completion Area: completion generator C-bug Category: Updating dependencies E-easy Call for participation: Experience needed to fix: Easy / not much
Projects
None yet
Development

No branches or pull requests

7 participants