wagon-ssh-external doesn't protect file names from shell variable expansion
---------------------------------------------------------------------------
Key: WAGON-292
URL: http://jira.codehaus.org/browse/WAGON-292
Project: Maven Wagon
Issue Type: Bug
Components: wagon-ssh-external
Affects Versions: 1.0-beta-6, 1.0-beta-5, 1.0-beta-4, 1.0-beta-3, 1.0-beta-2
Environment: Originally produced with wagon-1.0-beta-2, but no
relevant code changes are apparent in wagon-1.0-beta-6
Reporter: Tuure Laurinolli
When constructing SCP command line in ScpExternalWagon#executeScpCommand(...)
file names are not processed in any way. Since the command is executed via a
shell, the raw, correct file names are subject to shell variable expansion.
This is problematic at least when wagon-ssh-external is used as deployment
target in Hudson, whch apparently uses path names like groupId$artifactId in
the path that to files that are to be deployed.
Surrounding the file names with single quotes should enough to prevent
expansion. Arguably this is something that should be done by the Plexus utility
when argument contents are set with Arg.setFile(...), but it doesn't do that
and Wagon doesn't use .setFile(...) anyway (and probably couldn't for the
remote file).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
