Fix #14749 (cmdFilename: handle more bash special characters)

Author: danmar

lib/cppcheck.cpp

@@ -304,10 +304,10 @@ namespace {
     };
 }
 
-static std::string cmdFileName(std::string f)
+std::string CppCheck::cmdFileName(std::string f)
 {
     f = Path::toNativeSeparators(std::move(f));
-    if (f.find(' ') != std::string::npos)
+    if (f.find_first_of(" \t;$<>|&`\n") != std::string::npos)
         return "\"" + f + "\"";
     return f;
 }
@@ -442,11 +442,11 @@ static std::vector<picojson::value> executeAddon(const AddonInfo &addonInfo,
     std::string pythonExe;
 
     if (!addonInfo.executable.empty())
-        pythonExe = addonInfo.executable;
+        pythonExe = CppCheck::cmdFileName(addonInfo.executable);
     else if (!addonInfo.python.empty())
-        pythonExe = cmdFileName(addonInfo.python);
+        pythonExe = CppCheck::cmdFileName(addonInfo.python);
     else if (!defaultPythonExe.empty())
-        pythonExe = cmdFileName(defaultPythonExe);
+        pythonExe = CppCheck::cmdFileName(defaultPythonExe);
     else {
         // store in static variable so we only look this up once - TODO: do not cache globally
         static const std::string detectedPythonExe = detectPython(executeCommand);
@@ -457,13 +457,13 @@ static std::vector<picojson::value> executeAddon(const AddonInfo &addonInfo,
 
     std::string args;
     if (addonInfo.executable.empty())
-        args = cmdFileName(addonInfo.runScript) + " " + cmdFileName(addonInfo.scriptFile);
+        args = CppCheck::cmdFileName(addonInfo.runScript) + " " + CppCheck::cmdFileName(addonInfo.scriptFile);
     args += std::string(args.empty() ? "" : " ") + "--cli" + addonInfo.args;
     if (!premiumArgs.empty() && !addonInfo.executable.empty())
         args += " " + premiumArgs;
 
     const bool is_file_list = (file.find(FILELIST) != std::string::npos);
-    const std::string fileArg = (is_file_list ? " --file-list " : " ") + cmdFileName(file);
+    const std::string fileArg = (is_file_list ? " --file-list " : " ") + CppCheck::cmdFileName(file);
     args += fileArg;
 
     std::string result;
@@ -658,7 +658,7 @@ static std::string getClangFlags(const Settings& setting, Standards::Language la
     flags += getDefinesFlags(setting.userDefines);
 
     for (const std::string &i: setting.userIncludes)
-        flags += "--include " + cmdFileName(i) + " ";
+        flags += "--include " + CppCheck::cmdFileName(i) + " ";
 
     return flags;
 }

lib/cppcheck.h

@@ -142,6 +142,11 @@ class CPPCHECKLIB CppCheck {
     /** analyse whole program use .analyzeinfo files or ctuinfo string */
     unsigned int analyseWholeProgram(const std::string &buildDir, const std::list<FileWithDetails> &files, const std::list<FileSettings>& fileSettings, const std::string& ctuInfo);
 
+    /**
+     * 
+     */
+    static std::string cmdFileName(std::string f);
+
 private:
     void purgedConfigurationMessage(const std::string &file, const std::string& configuration);
 

test/testcppcheck.cpp

@@ -84,6 +84,7 @@ class TestCppcheck : public TestFixture {
         TEST_CASE(checkPlistOutput);
         TEST_CASE(premiumResultsCache);
         TEST_CASE(purgedConfiguration);
+        TEST_CASE(cmdFileName);
     }
 
     void getErrorMessages() const {
@@ -622,6 +623,18 @@ class TestCppcheck : public TestFixture {
                       it->toString(false, templateFormat, ""));
     }
 
+    void cmdFileName() const {
+        ASSERT_EQUALS("x", CppCheck::cmdFileName("x"));
+        ASSERT_EQUALS("\" \"", CppCheck::cmdFileName(" "));
+        ASSERT_EQUALS("\"\t\"", CppCheck::cmdFileName("\t"));
+        ASSERT_EQUALS("\";\"", CppCheck::cmdFileName(";"));
+        ASSERT_EQUALS("\">\"", CppCheck::cmdFileName(">"));
+        ASSERT_EQUALS("\"<\"", CppCheck::cmdFileName("<"));
+        ASSERT_EQUALS("\"|\"", CppCheck::cmdFileName("|"));
+        ASSERT_EQUALS("\"`\"", CppCheck::cmdFileName("`"));
+        ASSERT_EQUALS("\"$\"", CppCheck::cmdFileName("$"));
+    }
+
     // TODO: test suppressions
     // TODO: test all with FS
 };