double quote eval to protect from quotes escape

Signed-off-by: Aleksei Stepanov <penguinolog@gmail.com>

Author: penguinolog

exec_helpers/_ssh_client_base.py

@@ -410,7 +410,8 @@ def _prepare_command(self, cmd: str, chroot_path: typing.Optional[str] = None) -
             return super()._prepare_command(cmd=cmd, chroot_path=chroot_path)
         if any((chroot_path, self._chroot_path)):
             target_path: str = shlex.quote(chroot_path if chroot_path else self._chroot_path)  # type: ignore
-            return f'chroot {target_path} sudo sh -c "eval {shlex.quote(cmd)}"'
+            quoted_command: str = shlex.quote(cmd)
+            return f'chroot {target_path} sudo sh -c {shlex.quote(f"eval {quoted_command}")}'
         return f'sudo -S sh -c "eval {shlex.quote(cmd)}"'
 
     # noinspection PyMethodOverriding

exec_helpers/api.py

@@ -229,7 +229,8 @@ def _prepare_command(self, cmd: str, chroot_path: typing.Optional[str] = None) -
         """
         if any((chroot_path, self._chroot_path)):
             target_path: str = shlex.quote(chroot_path if chroot_path else self._chroot_path)  # type: ignore
-            return f'chroot {target_path} sh -c "eval {shlex.quote(cmd)}"'
+            quoted_command = shlex.quote(cmd)
+            return f'chroot {target_path} sh -c {shlex.quote(f"eval {quoted_command}")}'
         return cmd
 
     def execute_async(  # pylint: disable=missing-param-doc,differing-param-doc,differing-type-doc

test/test_ssh_client_execute_async_special.py

@@ -56,6 +56,7 @@ def read_stream(stream: FakeFileStream) -> typing.Tuple[bytes, ...]:
 
 command = "ls ~\nline 2\nline 3\nline с кирилицей"
 cmd_execute = f"{command}\n"
+quoted_command = shlex.quote(command)
 command_log = f"Executing command:\n{command.rstrip()!r}\n"
 stdout_src = (b" \n", b"2\n", b"3\n", b" \n")
 stderr_src = (b" \n", b"0\n", b"1\n", b" \n")
@@ -233,7 +234,7 @@ def test_011_execute_async_chroot_cmd(ssh, ssh_transport_channel):
     ssh_transport_channel.assert_has_calls(
         (
             mock.call.makefile_stderr("rb"),
-            mock.call.exec_command(f'chroot / sh -c "eval {shlex.quote(command)}"\n'),
+            mock.call.exec_command(f'chroot / sh -c {shlex.quote(f"eval {quoted_command}")}\n'),
         )
     )
 
@@ -245,7 +246,7 @@ def test_012_execute_async_chroot_context(ssh, ssh_transport_channel):
     ssh_transport_channel.assert_has_calls(
         (
             mock.call.makefile_stderr("rb"),
-            mock.call.exec_command(f'chroot / sh -c "eval {shlex.quote(command)}"\n'),
+            mock.call.exec_command(f'chroot / sh -c {shlex.quote(f"eval {quoted_command}")}\n'),
         )
     )