From 3e8ad600e236d2f9af22ef721e9077d5660afd66 Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Mon, 22 Jun 2026 10:58:20 +1000 Subject: [PATCH] Use shlex.quote on remote commands --- enroll/remote.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/enroll/remote.py b/enroll/remote.py index 3e7b42d..37e087c 100644 --- a/enroll/remote.py +++ b/enroll/remote.py @@ -577,7 +577,7 @@ def _remote_harvest( rtmp = out.strip() # Be explicit: restrict the remote staging area to the current user. - rc, out, err = _ssh_run(ssh, f"chmod 700 {rtmp}") + rc, out, err = _ssh_run(ssh, f"chmod 700 -- {shlex.quote(rtmp)}") if rc != 0: raise RuntimeError(f"Remote chmod failed: {err.strip()}") @@ -627,7 +627,10 @@ def _remote_harvest( "Unable to determine remote username for chown. " "Pass --remote-user explicitly or use --no-sudo." ) - chown_cmd = f"chown -R {resolved_user} {rbundle}" + chown_cmd = ( + "chown -R -- " + f"{shlex.quote(resolved_user)} {shlex.quote(rbundle)}" + ) rc, out, err = _ssh_run_sudo( ssh, chown_cmd, @@ -644,7 +647,7 @@ def _remote_harvest( ) # Stream a tarball back to the local machine (avoid creating a tar file on the remote). - cmd = f"tar -cz -C {rbundle} ." + cmd = f"tar -cz -C {shlex.quote(rbundle)} ." _stdin, stdout, stderr = ssh.exec_command(cmd) # nosec with open(local_tgz, "wb") as f: while True: @@ -669,7 +672,7 @@ def _remote_harvest( finally: # Cleanup remote tmpdir even on failure. if rtmp: - _ssh_run(ssh, f"rm -rf {rtmp}") + _ssh_run(ssh, f"rm -rf -- {shlex.quote(rtmp)}") try: sftp.close() ssh.close()