Skip to content

Quote command args in setenv example#71

Open
salva wants to merge 1 commit into
masterfrom
fix/setenv-example-quote-argv
Open

Quote command args in setenv example#71
salva wants to merge 1 commit into
masterfrom
fix/setenv-example-quote-argv

Conversation

@salva

@salva salva commented Jun 4, 2026

Copy link
Copy Markdown
Owner

Summary

Quote the user command and arguments in examples/setenv_and_exec.pl before building the remote shell command.

Changes

  • Apply $ssh->shell_quote to every element of @ARGV.
  • Preserve the existing environment export behavior.

Fixes #54.

Testing

  • perl -Ilib -c examples/setenv_and_exec.pl

Copilot AI review requested due to automatic review settings June 4, 2026 12:03
Copilot AI reviewed Jun 4, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the setenv_and_exec example to avoid command-injection pitfalls by shell-quoting the user-supplied remote command and its arguments before assembling the remote shell string, aligning the example with safer Net::OpenSSH usage (Fixes #54).

Changes:

  • Apply $ssh->shell_quote to each element of @ARGV before concatenating into the remote command.
  • Preserve the existing export ... environment setup behavior and overall command structure.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

setenv_and_exec example concatenates unquoted command arguments

2 participants

@salva