fix: Quote CL cmd in iCmd5250 for shell escaping

kadler · kadler · commit 5b8493d8de43 · 2020-02-21T18:55:10.000-06:00
iCmd5250 is just a fancy wrapper around iSh, using the PASE system command. It did not do any shell escaping/quoting, so it basically only allowed calling CL commands without parameters or with only positional parameters because the parentheses would cause the shell to gack. eg. iCmd5250('wrkactjob', 'WRKACTJOB SBS(QBATCH)') basically became iSh('wrkactjob', '/QOpenSys/usr/bin/system WRKACTJOB SBS(QBATCH)') When executed, an error would be given from the shell: sh: syntax error at line 1 : `(' unexpected The proper fix is to quote the string, but that can be tricky to get right. Luckily, Python has shlex.quote to do the hard work for us. https://docs.python.org/3/library/shlex.html#shlex.quote Fixes #49
diff --git a/src/itoolkit/itoolkit.py b/src/itoolkit/itoolkit.py
@@ -113,6 +113,13 @@ class iXml(iBase):          IBM i XMLSERVICE raw xml input
 import re
 import time
 
+try:
+    from shlex import quote
+except ImportError:
+    # python2 has shlex, but not shlex.quote
+    # Implement a crude equivalent. We don't care about Python 2 that much
+    def quote(s):
+        return '"{}"'.format(s)
 
 class iBase(object): # noqa N801
     """
@@ -329,7 +336,7 @@ class iCmd5250(iSh): # noqa N801
     """
 
     def __init__(self, ikey, icmd, iopt={}):
-        cmd = "/QOpenSys/usr/bin/system " + icmd
+        cmd = "/QOpenSys/usr/bin/system " + quote(icmd)
         super(iCmd5250, self).__init__(ikey, cmd, iopt)
 
 
