Fix bad sanitisation

Lamparter · Lamparter · commit d461701a4428 · 2026-03-14T18:02:55.000Z
diff --git a/src/features/Riverside.CompilerPlatform.Features.Swagger/KiotaEngine.Methods.cs b/src/features/Riverside.CompilerPlatform.Features.Swagger/KiotaEngine.Methods.cs
@@ -1,4 +1,5 @@
-﻿using System.Text;
+﻿using Riverside.CompilerPlatform.Helpers;
+using System.Text;
 
 namespace Riverside.CompilerPlatform.Features.Swagger;
 
@@ -13,19 +14,19 @@ partial class KiotaEngine
 	/// </returns>
 	public override string ToString()
 	{
-		var command = new StringBuilder().Append("kiota generate");
+		var command = new StringBuilder().Append("generate");
 
 		if (!string.IsNullOrWhiteSpace(Path))
 		{
-			command.Append($" --openapi {Path}");
+			command.Append($" --openapi {SanitizationHelpers.EscapeArg(Path!)}");
 		}
 		if (!string.IsNullOrWhiteSpace(Manifest))
 		{
-			command.Append($" --manifest {Manifest}");
+			command.Append($" --manifest {SanitizationHelpers.EscapeArg(Manifest!)}");
 		}
 		if (!string.IsNullOrWhiteSpace(Output))
 		{
-			command.Append($" --output {Output}");
+			command.Append($" --output {SanitizationHelpers.EscapeArg(Output!)}");
 		}
 		command.Append($" --language {Language}");
 		if (!string.IsNullOrWhiteSpace(ClassName))
@@ -56,68 +57,68 @@ public override string ToString()
 		{
 			command.Append($" --additional-data {AdditionalData}");
 		}
-		if (Serializer is not null)
+		if (Serializer is not null && Serializer.Length > 0)
 		{
 			var serializers = new StringBuilder().Append(" --serializer ");
 			foreach (var serializer in Serializer)
 			{
 				serializers.Append(serializer + "|");
 			}
-			serializers.Remove(serializers.Length, 1); // remove final '|' char
+			serializers.Remove(serializers.Length - 1, 1); // remove final '|' char
 			command.Append(serializers.ToString());
 		}
-		if (Deserializer is not null)
+		if (Deserializer is not null && Deserializer.Length > 0)
 		{
 			var deserializers = new StringBuilder().Append(" --deserializer ");
 			foreach (var deserializer in Deserializer)
 			{
 				deserializers.Append(deserializer + "|");
 			}
-			deserializers.Remove(deserializers.Length, 1); // remove final '|' char
+			deserializers.Remove(deserializers.Length - 1, 1); // remove final '|' char
 			command.Append(deserializers.ToString());
 		}
 		if (CleanOutput is not null)
 		{
 			command.Append($" --clean-output {CleanOutput}");
 		}
-		if (StructuredMimeTypes is not null)
+		if (StructuredMimeTypes is not null && StructuredMimeTypes.Length > 0)
 		{
 			var structuredMimeTypes = new StringBuilder().Append(" --structured-mime-types ");
 			foreach (var structuredMimeType in StructuredMimeTypes)
 			{
 				structuredMimeTypes.Append(structuredMimeType + "|");
 			}
-			structuredMimeTypes.Remove(structuredMimeTypes.Length, 1); // remove final '|' char
+			structuredMimeTypes.Remove(structuredMimeTypes.Length - 1, 1); // remove final '|' char
 			command.Append(structuredMimeTypes.ToString());
 		}
-		if (IncludePath is not null)
+		if (IncludePath is not null && IncludePath.Length > 0)
 		{
 			var includePaths = new StringBuilder().Append(" --include-path ");
 			foreach (var includePath in IncludePath)
 			{
 				includePaths.Append(includePath + "|");
 			}
-			includePaths.Remove(includePaths.Length, 1); // remove final '|' char
+			includePaths.Remove(includePaths.Length - 1, 1); // remove final '|' char
 			command.Append(includePaths.ToString());
 		}
-		if (ExcludePath is not null)
+		if (ExcludePath is not null && ExcludePath.Length > 0)
 		{
 			var excludePaths = new StringBuilder().Append(" --exclude-path ");
 			foreach (var excludePath in ExcludePath)
 			{
 				excludePaths.Append(excludePath + "|");
 			}
-			excludePaths.Remove(excludePaths.Length, 1); // remove final '|' char
+			excludePaths.Remove(excludePaths.Length - 1, 1); // remove final '|' char
 			command.Append(excludePaths.ToString());
 		}
-		if (DisableValidationRules is not null)
+		if (DisableValidationRules is not null && DisableValidationRules.Length > 0)
 		{
 			var disableValidationRules = new StringBuilder().Append(" --disable-validation-rules ");
 			foreach (var disableValidationRule in DisableValidationRules)
 			{
 				disableValidationRules.Append(disableValidationRule + "|");
 			}
-			disableValidationRules.Remove(disableValidationRules.Length, 1); // remove final '|' char
+			disableValidationRules.Remove(disableValidationRules.Length - 1, 1); // remove final '|' char
 			command.Append(disableValidationRules.ToString());
 		}
 		if (ClearCache is not null)
diff --git a/src/roslyn/Riverside.CompilerPlatform.Extensions/Helpers/SanitizationHelpers.cs b/src/roslyn/Riverside.CompilerPlatform.Extensions/Helpers/SanitizationHelpers.cs
@@ -36,7 +36,6 @@ public static string Sanitize(string s)
 	/// <param name="arg">The argument to escape.</param>
 	/// <returns>A string containing the escaped argument, suitable for use in a command-line context.</returns>
 	/// <exception cref="ArgumentNullException">Thrown if <paramref name="arg"/> is null.</exception>
-	[NotMyCode] // from the internet
 	public static string EscapeArg(string arg)
 	{
 		if (arg == null)

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`		`-using System.Text;`
	`1`	`+using Riverside.CompilerPlatform.Helpers;`
	`2`	`+using System.Text;`
`2`	`3`
`3`	`4`	`namespace Riverside.CompilerPlatform.Features.Swagger;`
`4`	`5`
`@@ -13,19 +14,19 @@ partial class KiotaEngine`
`13`	`14`	`/// </returns>`
`14`	`15`	`public override string ToString()`
`15`	`16`	`{`
`16`		`- var command = new StringBuilder().Append("kiota generate");`
	`17`	`+ var command = new StringBuilder().Append("generate");`
`17`	`18`
`18`	`19`	`if (!string.IsNullOrWhiteSpace(Path))`
`19`	`20`	`{`
`20`		`- command.Append($" --openapi {Path}");`
	`21`	`+ command.Append($" --openapi {SanitizationHelpers.EscapeArg(Path!)}");`
`21`	`22`	`}`
`22`	`23`	`if (!string.IsNullOrWhiteSpace(Manifest))`
`23`	`24`	`{`
`24`		`- command.Append($" --manifest {Manifest}");`
	`25`	`+ command.Append($" --manifest {SanitizationHelpers.EscapeArg(Manifest!)}");`
`25`	`26`	`}`
`26`	`27`	`if (!string.IsNullOrWhiteSpace(Output))`
`27`	`28`	`{`
`28`		`- command.Append($" --output {Output}");`
	`29`	`+ command.Append($" --output {SanitizationHelpers.EscapeArg(Output!)}");`
`29`	`30`	`}`
`30`	`31`	`command.Append($" --language {Language}");`
`31`	`32`	`if (!string.IsNullOrWhiteSpace(ClassName))`
`@@ -56,68 +57,68 @@ public override string ToString()`
`56`	`57`	`{`
`57`	`58`	`command.Append($" --additional-data {AdditionalData}");`
`58`	`59`	`}`
`59`		`- if (Serializer is not null)`
	`60`	`+ if (Serializer is not null && Serializer.Length > 0)`
`60`	`61`	`{`
`61`	`62`	`var serializers = new StringBuilder().Append(" --serializer ");`
`62`	`63`	`foreach (var serializer in Serializer)`
`63`	`64`	`{`
`64`	`65`	`serializers.Append(serializer + "\|");`
`65`	`66`	`}`
`66`		`- serializers.Remove(serializers.Length, 1); // remove final '\|' char`
	`67`	`+ serializers.Remove(serializers.Length - 1, 1); // remove final '\|' char`
`67`	`68`	`command.Append(serializers.ToString());`
`68`	`69`	`}`
`69`		`- if (Deserializer is not null)`
	`70`	`+ if (Deserializer is not null && Deserializer.Length > 0)`
`70`	`71`	`{`
`71`	`72`	`var deserializers = new StringBuilder().Append(" --deserializer ");`
`72`	`73`	`foreach (var deserializer in Deserializer)`
`73`	`74`	`{`
`74`	`75`	`deserializers.Append(deserializer + "\|");`
`75`	`76`	`}`
`76`		`- deserializers.Remove(deserializers.Length, 1); // remove final '\|' char`
	`77`	`+ deserializers.Remove(deserializers.Length - 1, 1); // remove final '\|' char`
`77`	`78`	`command.Append(deserializers.ToString());`
`78`	`79`	`}`
`79`	`80`	`if (CleanOutput is not null)`
`80`	`81`	`{`
`81`	`82`	`command.Append($" --clean-output {CleanOutput}");`
`82`	`83`	`}`
`83`		`- if (StructuredMimeTypes is not null)`
	`84`	`+ if (StructuredMimeTypes is not null && StructuredMimeTypes.Length > 0)`
`84`	`85`	`{`
`85`	`86`	`var structuredMimeTypes = new StringBuilder().Append(" --structured-mime-types ");`
`86`	`87`	`foreach (var structuredMimeType in StructuredMimeTypes)`
`87`	`88`	`{`
`88`	`89`	`structuredMimeTypes.Append(structuredMimeType + "\|");`
`89`	`90`	`}`
`90`		`- structuredMimeTypes.Remove(structuredMimeTypes.Length, 1); // remove final '\|' char`
	`91`	`+ structuredMimeTypes.Remove(structuredMimeTypes.Length - 1, 1); // remove final '\|' char`
`91`	`92`	`command.Append(structuredMimeTypes.ToString());`
`92`	`93`	`}`
`93`		`- if (IncludePath is not null)`
	`94`	`+ if (IncludePath is not null && IncludePath.Length > 0)`
`94`	`95`	`{`
`95`	`96`	`var includePaths = new StringBuilder().Append(" --include-path ");`
`96`	`97`	`foreach (var includePath in IncludePath)`
`97`	`98`	`{`
`98`	`99`	`includePaths.Append(includePath + "\|");`
`99`	`100`	`}`
`100`		`- includePaths.Remove(includePaths.Length, 1); // remove final '\|' char`
	`101`	`+ includePaths.Remove(includePaths.Length - 1, 1); // remove final '\|' char`
`101`	`102`	`command.Append(includePaths.ToString());`
`102`	`103`	`}`
`103`		`- if (ExcludePath is not null)`
	`104`	`+ if (ExcludePath is not null && ExcludePath.Length > 0)`
`104`	`105`	`{`
`105`	`106`	`var excludePaths = new StringBuilder().Append(" --exclude-path ");`
`106`	`107`	`foreach (var excludePath in ExcludePath)`
`107`	`108`	`{`
`108`	`109`	`excludePaths.Append(excludePath + "\|");`
`109`	`110`	`}`
`110`		`- excludePaths.Remove(excludePaths.Length, 1); // remove final '\|' char`
	`111`	`+ excludePaths.Remove(excludePaths.Length - 1, 1); // remove final '\|' char`
`111`	`112`	`command.Append(excludePaths.ToString());`
`112`	`113`	`}`
`113`		`- if (DisableValidationRules is not null)`
	`114`	`+ if (DisableValidationRules is not null && DisableValidationRules.Length > 0)`
`114`	`115`	`{`
`115`	`116`	`var disableValidationRules = new StringBuilder().Append(" --disable-validation-rules ");`
`116`	`117`	`foreach (var disableValidationRule in DisableValidationRules)`
`117`	`118`	`{`
`118`	`119`	`disableValidationRules.Append(disableValidationRule + "\|");`
`119`	`120`	`}`
`120`		`- disableValidationRules.Remove(disableValidationRules.Length, 1); // remove final '\|' char`
	`121`	`+ disableValidationRules.Remove(disableValidationRules.Length - 1, 1); // remove final '\|' char`
`121`	`122`	`command.Append(disableValidationRules.ToString());`
`122`	`123`	`}`
`123`	`124`	`if (ClearCache is not null)`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,6 @@ public static string Sanitize(string s)`
`36`	`36`	`/// <param name="arg">The argument to escape.</param>`
`37`	`37`	`/// <returns>A string containing the escaped argument, suitable for use in a command-line context.</returns>`
`38`	`38`	`/// <exception cref="ArgumentNullException">Thrown if <paramref name="arg"/> is null.</exception>`
`39`		`- [NotMyCode] // from the internet`
`40`	`39`	`public static string EscapeArg(string arg)`
`41`	`40`	`{`
`42`	`41`	`if (arg == null)`