Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add escape for systemd service in installer script #7598

Merged
merged 1 commit into from
Jan 18, 2023
Merged

Add escape for systemd service in installer script #7598

merged 1 commit into from
Jan 18, 2023

Conversation

yangsheng6810
Copy link
Contributor

Among all the characters that are allowed in a URL, both the percentage sign "%" and the single quotation mark "'" needs escaping when written as a environment variable in a systemd service file. While the single quotation mark may be rare, the percentage sign is widely used to escape characters in a URL. This is especially common in proxy setting, where username and password may contain special characters that need percentage escaping. This patch applies the following replacements:

  % -> %%
  ' -> \'

@yangsheng6810
Add escape for systemd service in installer script
7c08144 
Among all the characters that are allowed in a URL, both the percentage
sign "%" and the single quotation mark "'" needs escaping when written
as a environment variable in a systemd service file. While the single
quotation mark may be rare, the percentage sign is widely used to escape
characters in a URL. This is especially common in proxy setting, where
username and password may contain special characters that need
percentage escaping. This patch applies the following replacements:

  % -> %%
  ' -> \'
@thufschmitt
Copy link
Member

Could systemd-escape be used instead? Since this is a systemd install, I imagine it's fine to assume that it's present and that would make the logic more robust and future-proof

@yangsheng6810
Copy link
Contributor Author

Actually that was what I tried first, and unfortunately the answer is a "NO". systemd-escape is intended for escaping things to be included in unit names, a totally different scenario. For example

$ systemd-escape /mnt/some-dir
-mnt-some\x2ddir
$ systemd-escape http://127.0.0.1:8080
http:--127.0.0.1:8080

And the escaped URL is no longer valid.

Just another thought: while a single quote is technically legal in a URL according to RFC3986, it is rarely used in real life. It may be a good idea not to support it, to guard against potential escaping bugs. I do not expect someone to use a proxy with single quote somewhere in its URL. Should it happen, I would expect it already being escaped as "%27" in HTTP_PROXY.

@thufschmitt
Copy link
Member

Actually that was what I tried first, and unfortunately the answer is a "NO". systemd-escape is intended for escaping things to be included in unit names, a totally different scenario.

Argh, too bad.

Just another thought: while a single quote is technically legal in a URL according to RFC3986, it is rarely used in real life. It may be a good idea not to support it, to guard against potential escaping bugs.

I don't have a strong opinion here, but I think supporting it is a good idea. It's edge-casy and all, but should work OK

@thufschmitt thufschmitt merged commit e3bb97d into NixOS:master Jan 18, 2023
@abathur abathur mentioned this pull request Jul 1, 2023
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thufschmitt thufschmitt thufschmitt approved these changes

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yangsheng6810 @thufschmitt