0

shlex.split() is not giving the proper output on the input string.

In python interpreter, storing the input value in a variable produces the expected output.

But if i execute via a script, shlex.split() output is incorrect and input string did not split on whitespace.

>>> import shlex

>>> var = "/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep> /playbooks/ --extra-vars '{ \"text\": \"DUMMY\", \"addition\": [\"1\", \"2\", \"3\", ], \"deletion\": [], \"update\": \"update\", \"path\": \"/var/sandeep\", }' /tmp/sandeep//tmp/example.yaml"
>>>
>>>
>>> shlex.split(var)

['/usr/bin/ansible-playbook', '--timeout=60', '--module-path', '/var/sandeep/playbooks/', '--extra-vars', '{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }', '/tmp/sandeep//tmp/example.yaml']

def create_extra(text, extra_dict):
    extra = "'{{ \\\"text\\\": \\\"{}\\\", ".format(text)
    for key, value in extra_dict.items():
        if isinstance(value, list):
            extra += '\\\"{}\\\": ['.format(key)
            for item in value:
                extra += '\\\"{}\\\", '.format(item)
            extra += '], '
        elif isinstance(value, dict):
            extra += '\\\"{}\\\": {{'.format(key)
            for item_key, item_value in value.items():
                extra += '\\\"{}\\\": \\\"{}\\\", '.format(item_key, item_value)
            extra += "}, "
        else:
            extra += '\\\"{}\\\": \\\"{}\\\", '.format(key, value)
    extra += "}'"
    #print("extra: %s" % extra)
    return extra

extra_dict = {'addition': ["1", "2", "3"],
                   'deletion': [],
                   'update': 'update',
                   'path' : '/var/sandeep'
                  }


temp = create_extra("DUMMY", extra_dict)

"""create_extra function formats and return string"""

cmd = ('"/usr/bin/ansible-playbook ' +
        '--timeout=60 '  +
        '--module-path /var/sandeep/playbooks/ ' +
        '--extra-vars {} {}/{}"'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))

print(cmd)
print(shlex.split(cmd))

output of print(cmd)
"/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars '{ \"text\": \"DUMMY\", \"addition\": [\"1\", \"2\", \"3\", ], \"deletion\": [], \"update\": \"update\", \"path\": \"/var/sandeep\", }' /tmp/sandeep//tmp/example.yaml"


Expected results:
['/usr/bin/ansible-playbook', '--timeout=60', '--module-path', '/var/sandeep/playbooks/', '--extra-vars', '{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }', '/tmp/sandeep//tmp/example.yaml']


Actual Results:
['/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars \'{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }\' /tmp/sandeep//tmp/example.yaml']

Am i missing something here?

4

1 回答 1

5

由于字符串中包含文字字符shlex,输出完全正确。"

cmd = ('"/usr/bin/ansible-playbook ' +
#       ^- that right there
        '--timeout=60 '  +
        '--module-path /var/sandeep/playbooks/ ' +
        '--extra-vars {} {}/{}"'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
#        and this right here -^

正如你print(cmd)所展示的:

"/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars whatever /tmp/sandeep//tmp/example.yaml"

...您的字符串以 a 开头并以 a"结尾",这使得它在由 shell 解析时成为单个文字字符串。

只要把这些字符去掉,问题就不会再发生了:

cmd = ('/usr/bin/ansible-playbook ' +
       '--timeout=60 '  +
       '--module-path /var/sandeep/playbooks/ ' +
       '--extra-vars {} {}/{}'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))

print(cmd)
print(shlex.split(cmd))

但是,您还有其他严重的错误,因为字符串连接本质上不适合构建命令行。与其尝试采用这种方法,不如直接构建一个数组:

cmd = ['/usr/bin/ansible-playbook',
       '--timeout=60',
       '--module-path', '/var/sandeep/playbooks/',
       '--extra-vars', temp, os.path.join('/tmp/sandeep', '/tmp/example.yml')]

...然后temp带有空格或文字引号的值或其他变量将不再破坏您的代码或允许注入任意参数。

于 2019-05-07T15:13:12.707 回答