From 756e96499c7ab747a1fb967369d661a725071f24 Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Fri, 20 Dec 2024 13:43:58 +0100
Subject: [PATCH] fix(nix/writeTree): also shell escape path nodes

We allow strings with context that represent paths (since they qualify
as `pathLike`). While store path (names) may not contain any characters
that are meaningful in shell, they may contain directories and/or files
with such names since it's permissible in POSIX.

To fix this, we convert the given value `v` to a shell argument in two
stages:

1. Use `${v}` to coerce the value to a string while importing any
   necessary paths to store.
2. Escape the resulting string for use as an argument.

Change-Id: Ib989b50df2a921c2abcd1ebc7ca0ff6e2bb79088
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12898
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
---
 nix/writeTree/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nix/writeTree/default.nix b/nix/writeTree/default.nix
index 0c7c2a130..4f22221f3 100644
--- a/nix/writeTree/default.nix
+++ b/nix/writeTree/default.nix
@@ -17,7 +17,7 @@ let
     + pipe tree [
       (mapAttrsToList (k: v:
         if isPathLike v then
-          "cp -R --reflink=auto ${v} \"$out/\"${esc path}/${esc k}"
+          "cp -R --reflink=auto ${esc "${v}"} \"$out/\"${esc path}/${esc k}"
         else if lib.isAttrs v then
           writeTreeAtPath (path + "/" + k) v
         else