Jay Taylor's notes

back to listing index

alessio/shellescape

[web search]
Original source (github.com)
Tags: shell golang go github.com
Clipped on: 2019-08-12

Skip to content
Escape arbitrary strings for use as command line arguments
Go
Branch: master
New pull request
Clone or download

README.md

Image (Asset 4/7) alt=shellescape

Escape arbitrary strings for safe use as command line arguments.

Contents of the package

This package provides the shellescape.Quote() function that returns a shell-escaped copy of a string. This functionality could be helpful in those cases where it is known that the output of a Go program will be appended to/used in the context of shell programs' command line arguments.

This work was inspired by the Python original package [shellescape] (https://pypi.python.org/pypi/shellescape).

Usage

The following snippet shows a typical unsafe idiom:

package main

import (
	"fmt"
	"os"
)

func main() {
	fmt.Printf("ls -l %s\n", os.Args[1])
}

See in Go Playground

Especially when creating pipeline of commands which might end up being executed by a shell interpreter, tt is particularly unsafe to not escape arguments.

shellescape.Quote() comes in handy and to safely escape strings:

package main

import (
        "fmt"
        "os"

        "gopkg.in/alessio/shellescape.v1"
)

func main() {
        fmt.Printf("ls -l %s\n", shellescape.Quote(os.Args[1]))
}

See in Go Playground

The escargs utility

escargs reads lines from the standard input and prints shell-escaped versions. Unlinke xargs, blank lines on the standard input are not discarded.