gingeekrishna opened a new pull request, #69398:
URL: https://github.com/apache/airflow/pull/69398

   ### Motivation
   
   Closes #69396
   
   `decrypt_remote_file_to_string` in `encryption_utils.py` calls 
`shell_quote_single()` unconditionally. Single-quoting is Unix shell syntax and 
does not work on Windows CMD/PowerShell, so any call targeting a Windows remote 
host produced a malformed `openssl` command.
   
   The issue author notes: *"[Note that the decrypt_remote_file function in 
tpt_util.py does cater for Windows.]"* — that function already handles this 
correctly via `get_remote_os()`.
   
   ### Changes
   
   Apply the same OS-detection pattern already used in 
`tpt_util.py:decrypt_remote_file`:
   - Detect the remote OS via `get_remote_os(ssh_client)`
   - **Windows**: wrap password in double quotes, escape embedded `"` as `""`
   - **Unix/Linux**: keep existing `shell_quote_single()` behaviour (no 
functional change)
   
   ```python
   # Before (Unix only)
   quoted_password = shell_quote_single(password)
   
   # After (OS-aware)
   remote_os = get_remote_os(ssh_client)
   if remote_os == "windows":
       quoted_password = '"' + password.replace('"', '""') + '"'
   else:
       quoted_password = shell_quote_single(password)
   ```
   
   ### Tests
   
   - Updated `test_decrypt_remote_file_to_string` to mock `get_remote_os` 
returning `"unix"` (no behaviour change for Unix path)
   - Added `test_decrypt_remote_file_to_string_windows` to assert double-quote 
escaping is used on Windows remotes, including embedded `"` characters in the 
password


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to