Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Arguments for external executables aren't correctly escaped

See original GitHub issue

Steps to reproduce

write a C program native.exe which acquires ARGV
Run native.exe "`"a`""

Expected behavior

ARGV[1] == "a"

Actual behavior

ARGV[1] == a

Environment data

Windows 10 x64

Name                           Value
----                           -----
PSVersion                      5.1.14393.0
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.0
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Issue Analytics

State:
Created 7 years ago
Reactions:37
Comments:201 (111 by maintainers)

Top GitHub Comments

12reactions

be5inviscommented, Aug 31, 2016

Currently to make native.exe correctly receive an ARGV with two quotes and an a character, you have to use this weird call:

native.exe "\`"a\`""

9reactions

Artoria2e5commented, Jul 3, 2020

Making a special operator for this doesn’t make sense for a command-line shell at all, since its main job is to launch programs and pass them arguments. Introducing a new operator that does system() for this job is like Matlab introducing a way to call calc.exe because it has a bug in its arithmetics. What should instead be done is that:

The pwsh team prepares for a new major release that fixes the command-line stuff, moving the current behavior behind a built-in cmdlet.
As a stop-gap solution, the upcoming pwsh version gets a built-in cmdlet that uses the new, correct behavior for command-line passing.

The same applies to Start-Process. (Actually it’s a pretty good candidate for the “new” cmdlet with some options like -QuotingBehavior Legacy…) See #13089.

Top Results From Across the Web

python - How to escape os.system() calls?

Remove all chars that aren't in that list. Escape slashes and double-quotes. Surround entire command with double quotes so the command argument ......

is there an escape for '&' character in the command prompt?

Since & is a special char, you must escape it with ^ , resulting in ^& . Running set pwd=abc^&123 will set the...

about Parsing - PowerShell

Numbers are treated as numerical values rather than as a series of characters (unless escaped). Operators, including unary operators like - and ...

escapeshellarg - Manual

Correctly escaping shell commands on Windows is not a simple matter. Programs must consider two distinct escape mechanisms which serve different purposes:

escapeshellcmd - Manual

escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should...