MyNixOS website logo
MyNixOS website logo
Flakes
Categories
Options
Packages
package

shellwords

Description

Parse strings into words, like a shell would.

Description
hackage.haskell.org

See https://github.com/pbrisbin/hs-shellwords#readme

README.md
hackage.haskell.org

ShellWords

Hackage Stackage Nightly Stackage LTS CI

Parse a string into words, like a shell would.

Motivation

If you want to execute a specific command with input given to you from an untrusted source, you should not give that text as-is to a shell:

let userInput = "push origin main"

callCommand $ "git " <> userInput
-- Forward output of the push command...

You may be tempted to do this because you want to correctly handle quoting and other notoriously-difficult word-splitting problems. But doing so is a severe security vulnerability:

let userInput = "push origin main; cat /etc/passwd"

callCommand $ "git " <> userInput
-- Forward output of the push command...
-- And then dump /etc/passwd. Oops.

Furthermore, any attempts to sanitize the string are unlikely to be 100% affective and should be avoided. The only safe way to do this is to not use a shell intermediary, and always exec a process directly:

let userInput = "push origin main"

callProcess "git" $ words userInput
-- Forward output of the push command...

Now, there's no vulnerability:

let userInput = "push origin main; cat /etc/passwd"

callProcess "git" $ words userInput
-- Invalid usage. :)

The new problem (but not a security-related one!) is how to correctly parse a string like "push origin main" into command arguments. The rules are complex enough that you probably want to get a library to do it.

So here we are.

Example

Right args <- parse "some -complex --command=\"Line And\" 'More'"

callProcess cmd args
--
-- Is equivalent to:
--
-- > callProcess cmd ["some", "-complex", "--command=Line And", "More"]
--

Unsafe Usage

The following is a perfectly reasonable thing one might do with this library:

Right (cmd:args) <- parse userInput

callProcess cmd args

However, if:

  1. userInput is un-trusted, and
  2. You do no further validation of what cmd can be,

Then this re-introduces the original security vulnerability and, at that point, you might as well just pass userInput to a shell.

Lineage

This package is inspired by and named after

CHANGELOG | LICENSE.

Metadata

Version

0.1.3.2

License

MIT

Status

BrokenNo
InsecureNo
UnfreeNo
UnsupportedNo

Source

pkgs/development/haskell-modules/hackage-packages.nix:283615

Homepage

https://hackage.haskell.org/package/shellwords

Platforms (77)

    Darwin
    FreeBSD
    Genode
    GHCJS
    Linux
    MMIXware
    NetBSD
    none
    OpenBSD
    Redox
    Solaris
    WASI
    Windows
Show all
  • aarch64-darwin
  • aarch64-freebsd
  • aarch64-genode
  • aarch64-linux
  • aarch64-netbsd
  • aarch64-none
  • aarch64-windows
  • aarch64_be-none
  • arm-none
  • armv5tel-linux
  • armv6l-linux
  • armv6l-netbsd
  • armv6l-none
  • armv7a-darwin
  • armv7a-linux
  • armv7a-netbsd
  • armv7l-linux
  • armv7l-netbsd
  • avr-none
  • i686-cygwin
  • i686-darwin
  • i686-freebsd
  • i686-genode
  • i686-linux
  • i686-netbsd
  • i686-none
  • i686-openbsd
  • i686-windows
  • javascript-ghcjs
  • loongarch64-linux
  • m68k-linux
  • m68k-netbsd
  • m68k-none
  • microblaze-linux
  • microblaze-none
  • microblazeel-linux
  • microblazeel-none
  • mips-linux
  • mips-none
  • mips64-linux
  • mips64-none
  • mips64el-linux
  • mipsel-linux
  • mipsel-netbsd
  • mmix-mmixware
  • msp430-none
  • or1k-none
  • powerpc-netbsd
  • powerpc-none
  • powerpc64-linux
  • powerpc64le-linux
  • powerpcle-none
  • riscv32-linux
  • riscv32-netbsd
  • riscv32-none
  • riscv64-linux
  • riscv64-netbsd
  • riscv64-none
  • rx-none
  • s390-linux
  • s390-none
  • s390x-linux
  • s390x-none
  • vc4-none
  • wasm32-wasi
  • wasm64-wasi
  • x86_64-cygwin
  • x86_64-darwin
  • x86_64-freebsd
  • x86_64-genode
  • x86_64-linux
  • x86_64-netbsd
  • x86_64-none
  • x86_64-openbsd
  • x86_64-redox
  • x86_64-solaris
  • x86_64-windows