Ensure shell arguments are escaped properly

liamnichols · m-ruhl · commit d0fb8b82a91b · 2021-08-09T15:08:00.000+02:00
- Make each item in `cmd` an individual argument
- Expand file paths before passing into shell command
- Pass `cmd` as a variable length argument list (`*cmd`)
- Update specs to include checks for expanded paths and escaped arguments
diff --git a/lib/fastlane/plugin/xcodegen/actions/xcodegen_action.rb b/lib/fastlane/plugin/xcodegen/actions/xcodegen_action.rb
@@ -15,14 +15,14 @@ def self.run(params)
         end)
 
         cmd = ["xcodegen"]
-        cmd << "--spec #{params[:spec]}" if params[:spec]
-        cmd << "--project #{params[:project]}" if params[:project]
+        cmd += ["--spec", File.expand_path(params[:spec])] if params[:spec]
+        cmd += ["--project", File.expand_path(params[:project])] if params[:project]
         cmd << "--quiet" if params[:quiet]
         cmd << "--use-cache" if params[:use_cache]
-        cmd << "--cache-path #{params[:cache_path]}" if params[:cache_path]
-        cmd << "--project-root #{params[:project_root]}" if params[:project_root]
+        cmd += ["--cache-path", File.expand_path(params[:cache_path])] if params[:cache_path]
+        cmd += ["--project-root", File.expand_path(params[:project_root])] if params[:project_root]
 
-        Actions.sh(cmd.join(' '))
+        Actions.sh(*cmd)
       end
 
       def self.description
diff --git a/spec/xcodegen_action_spec.rb b/spec/xcodegen_action_spec.rb
@@ -17,10 +17,10 @@
       end
       it "sets the project param" do
         result = Fastlane::FastFile.new.parse("lane :test do
-            xcodegen(project: '/tmp/Project.xcodeproj')
+            xcodegen(project: '/tmp/My Project.xcodeproj')
           end").runner.execute(:test)
 
-        expect(result).to eq("xcodegen --project /tmp/Project.xcodeproj")
+        expect(result).to eq('xcodegen --project /tmp/My\ Project.xcodeproj')
       end
       it "sets the quiet param" do
         result = Fastlane::FastFile.new.parse("lane :test do
@@ -41,14 +41,15 @@
             xcodegen(cache_path: '~/.xcodegen/cache/MyProject')
           end").runner.execute(:test)
 
-        expect(result).to eq("xcodegen --cache-path ~/.xcodegen/cache/MyProject")
+        cache_path = File.expand_path("~/.xcodegen/cache/MyProject")
+        expect(result).to eq("xcodegen --cache-path #{cache_path}")
       end
       it "sets the project-root param" do
         result = Fastlane::FastFile.new.parse("lane :test do
-            xcodegen(project_root: '../')
+            xcodegen(project_root: '/tmp/project-root')
           end").runner.execute(:test)
 
-        expect(result).to eq("xcodegen --project-root ../")
+        expect(result).to eq("xcodegen --project-root /tmp/project-root")
       end
       it "ignores the quiet and use-cache params if false" do
         result = Fastlane::FastFile.new.parse("lane :test do
