Add validation for options and arguments

Author: Christian Benthake

src/Definition/Pattern.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PHPSu\ShellCommandBuilder\Definition;
+
+use PHPSu\ShellCommandBuilder\Exception\ShellBuilderException;
+
+final class Pattern
+{
+    // @see https://github.com/ruby/ruby/blob/master/lib/shellwords.rb#L82
+    public const SHELLWORD_PATTERN = <<<REGEXP
+/\G\s*(?>([^\s\\\\\'\"]+)|'([^\']*)'|"((?:[^\"\\\\]|\\\\.)*)"|(\\\\.?)|(\S))(\s|\z)?/m
+REGEXP;
+    // @see https://github.com/jimmycuadra/rust-shellwords/blob/master/src/lib.rs#L104
+    public const METACHAR_PATTERN = /** @lang PhpRegExp */ '/\\\\([$`"\\\\\n])/';
+    public const ESCAPE_PATTERN = /** @lang PhpRegExp */ '/\\\\(.)/';
+
+    /**
+     * Splitting an input into an array of shell words.
+     * The pattern being used is based on a combination of the ruby and rust implementation of the same functionality
+     * It derives from the original UNIX Bourne documentation
+     *
+     * @psalm-pure
+     * @param string $input
+     * @return array<string>
+     * @throws ShellBuilderException
+     */
+    public static function split(string $input): array
+    {
+        $words = [];
+        $field = '';
+        $matches = [];
+        preg_match_all(self::SHELLWORD_PATTERN, $input . ' ', $matches, PREG_SET_ORDER | PREG_UNMATCHED_AS_NULL);
+        /** @var array<int, null|string> $match */
+        foreach ($matches as $match) {
+            if ($match[5] ?? false) {
+                throw new ShellBuilderException('The given input has mismatching Quotes');
+            }
+            $doubleQuoted = '';
+            if (isset($match[3])) {
+                $doubleQuoted = preg_replace(self::METACHAR_PATTERN, '$1', $match[3]);
+            }
+            $escaped = '';
+            if (isset($match[4])) {
+                $escaped = preg_replace(self::ESCAPE_PATTERN, '$1', $match[4]);
+                $escaped .= '';
+            }
+            $field .= implode('', [$match[1], $match[2] ?? '', $doubleQuoted, $escaped]);
+            $seperator = $match[6] ?? '';
+            if ($seperator !== '') {
+                $words[] = $field;
+                $field = '';
+            }
+        }
+        return $words;
+    }
+}

src/Literal/ShellWord.php

@@ -4,6 +4,7 @@
 
 namespace PHPSu\ShellCommandBuilder\Literal;
 
+use PHPSu\ShellCommandBuilder\Definition\Pattern;
 use PHPSu\ShellCommandBuilder\Exception\ShellBuilderException;
 use PHPSu\ShellCommandBuilder\ShellInterface;
 
@@ -50,9 +51,13 @@ class ShellWord implements ShellInterface
      * The constructor is protected, you must choose one of the children
      * @param string $argument
      * @param string|ShellInterface $value
+     * @throws ShellBuilderException
      */
     protected function __construct(string $argument, $value = '')
     {
+        if (!empty($argument) && !$this->validShellWord($argument)) {
+            throw new ShellBuilderException('A Shell Argument has to be a valid Shell word and cannot contain e.g whitespace');
+        }
         $this->argument = $argument;
         $this->value = $value;
     }
@@ -89,6 +94,17 @@ protected function validate(): void
         }
     }
 
+    /**
+     * @psalm-pure
+     * @param string $word
+     * @return bool
+     * @throws ShellBuilderException
+     */
+    private function validShellWord(string $word): bool
+    {
+        return count(Pattern::split($word)) === 1;
+    }
+
     private function prepare(): void
     {
         $this->validate();

src/ShellBuilder.php

@@ -22,6 +22,15 @@ final class ShellBuilder implements ShellInterface
     /** @var bool */
     private $asynchronously = false;
 
+    /**
+     * This is a shortcut for quicker fluid access to the shell builder
+     * @return static
+     */
+    public static function new(): self
+    {
+        return new ShellBuilder();
+    }
+
     public function __construct(int $groupType = GroupType::NO_GROUP)
     {
         $this->groupType = $groupType;

tests/Definiton/PatternTest.php

@@ -0,0 +1,79 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PHPSu\ShellCommandBuilder\Tests\Definiton;
+
+use PHPSu\ShellCommandBuilder\Definition\Pattern;
+use PHPSu\ShellCommandBuilder\Exception\ShellBuilderException;
+use PHPUnit\Framework\TestCase;
+
+final class PatternTest extends TestCase
+{
+    public function testSplitNothingSpecial(): void
+    {
+        $this->assertEquals(['a', 'b', 'c', 'd'], Pattern::split('a b c d'));
+    }
+
+    public function testSplitQuotedStrings(): void
+    {
+        $this->assertEquals(['a', 'b b', 'a'], Pattern::split('a "b b" a'));
+    }
+
+    public function testSplitSingleQuotedStrings(): void
+    {
+        $this->assertEquals(["a", "'b' c", "d"], Pattern::split('a "\'b\' c" d'));
+    }
+
+    public function testSplitFileName(): void
+    {
+        $this->assertEquals(['/home/user/dev/hallo welt.txt'], Pattern::split('/home/user/dev/hallo\ welt.txt'));
+    }
+
+    public function testSplitDoubleQuotedStrings(): void
+    {
+        $this->assertEquals(["a", "\"b\" c", "d"], Pattern::split('a "\"b\" c" d'));
+    }
+
+    public function testSplitEscapedSpaceStrings(): void
+    {
+        $this->assertEquals(["a", "b c", "d"], Pattern::split('a b\ c d'));
+    }
+
+    public function testBadDoubleQuotes(): void
+    {
+        $this->expectException(ShellBuilderException::class);
+        $this->expectExceptionMessage('The given input has mismatching Quotes');
+        Pattern::split("a \"b c d e");
+    }
+
+    public function testBadSingleQuotes(): void
+    {
+        $this->expectException(ShellBuilderException::class);
+        $this->expectExceptionMessage('The given input has mismatching Quotes');
+        Pattern::split("a 'b c d e");
+    }
+
+    public function testBadMultipleQuotes(): void
+    {
+        $this->expectException(ShellBuilderException::class);
+        $this->expectExceptionMessage('The given input has mismatching Quotes');
+        Pattern::split("one '\"\"\"");
+    }
+
+    public function testSplitTrailingWhitespace(): void
+    {
+        $this->assertEquals(["a", "b", "c", "d"], Pattern::split('a b c d '));
+    }
+
+    public function testMultibyte(): void
+    {
+        // currently multibyte is not escaped - make sure escaping happens before
+        $this->assertEquals(["あい", "あい"], Pattern::split('あい あい'));
+    }
+
+    public function testSplitPercentSign(): void
+    {
+        $this->assertEquals(["abc", "%foo bar%"], Pattern::split('abc \'%foo bar%\''));
+    }
+}

tests/ShellBuilderTest.php

@@ -463,4 +463,11 @@ public function testRsyncCommandWithSubCommandAsArgument(): void
             ->addArgument('./var/storage/')->addToBuilder();
         $this->assertEquals($result, (string)$rsync);
     }
+
+    public function testCreateCommandWithBadArgument(): void
+    {
+        $this->expectException(ShellBuilderException::class);
+        $this->expectExceptionMessage('A Shell Argument has to be a valid Shell word and cannot contain e.g whitespace');
+        ShellBuilder::new()->createCommand('this is not a valid command');
+    }
 }