Escape shell flag values
Use shellwords to escape special characters
For fields that are to be passed via the shell, use the ruby core
library functionality in shellwords to escape the string to prevent
errors and promote safe handling.
Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7198
Changelog: changed
What does this MR do?
This MR makes use of the shellwords gem's shellescape
function to properly escape flag arguments with special characters.
Related issues
Closes #7198 (closed)
Testing
The following docker-compose file can be used to test this change.
The GitLab image
used in this file was created by this MR's triggered pipeline.
Notice that the redis password is set to "redis)", which fails to converge before this MR since it contains a ")" character.
Running docker compose up --pull always --force-recreate
should result in a working GitLab instance. To see the broken state before this MR, uncomment the second image
in the below file.
version: '3.6'
services:
gitlab:
container_name: 'gitlab'
image: 'registry.gitlab.com/gitlab-org/omnibus-gitlab/gitlab-ee:15.8.0-rfbranch.755428643.fb022d92-0'
# image: 'gitlab/gitlab-ee:nightly'
hostname: 'gitlab.dev'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.dev'
letsencrypt['enable'] = false
gitlab_rails['initial_root_password'] = 'rtrtrtrt'
redis['enable'] = false
gitlab_rails['redis_host'] = 'redis'
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = 'redis)'
redis_exporter['enable'] = true
redis_exporter['flags'] = {
'redis.addr' => 'redis://redis:6379',
'redis.password' => 'redis)'
}
ports:
- '8080:80'
- '8443:443'
shm_size: '256m'
redis:
image: 'redis:7'
command: ['redis-server', '--requirepass', 'redis)']
Inside the GitLab container you can see there are no errors in the redis-exporter log with:
cat /var/log/gitlab/redis-exporter/current
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-package
has a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened
Closes #7198 (closed)