shlex.split() 将整个命令作为单个字符串返回
shlex.split() returning whole command as a single string
shlex.split() 没有在输入字符串上给出正确的输出。
在python 解释器中,将输入值存储在变量中会产生预期的输出。
但如果我通过脚本执行,shlex.split() 输出不正确并且输入字符串未按空格拆分。
>>> import shlex
>>> var = "/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep> /playbooks/ --extra-vars '{ \"text\": \"DUMMY\", \"addition\": [\"1\", \"2\", \"3\", ], \"deletion\": [], \"update\": \"update\", \"path\": \"/var/sandeep\", }' /tmp/sandeep//tmp/example.yaml"
>>>
>>>
>>> shlex.split(var)
['/usr/bin/ansible-playbook', '--timeout=60', '--module-path', '/var/sandeep/playbooks/', '--extra-vars', '{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }', '/tmp/sandeep//tmp/example.yaml']
def create_extra(text, extra_dict):
extra = "'{{ \\"text\\": \\"{}\\", ".format(text)
for key, value in extra_dict.items():
if isinstance(value, list):
extra += '\\"{}\\": ['.format(key)
for item in value:
extra += '\\"{}\\", '.format(item)
extra += '], '
elif isinstance(value, dict):
extra += '\\"{}\\": {{'.format(key)
for item_key, item_value in value.items():
extra += '\\"{}\\": \\"{}\\", '.format(item_key, item_value)
extra += "}, "
else:
extra += '\\"{}\\": \\"{}\\", '.format(key, value)
extra += "}'"
#print("extra: %s" % extra)
return extra
extra_dict = {'addition': ["1", "2", "3"],
'deletion': [],
'update': 'update',
'path' : '/var/sandeep'
}
temp = create_extra("DUMMY", extra_dict)
"""create_extra function formats and return string"""
cmd = ('"/usr/bin/ansible-playbook ' +
'--timeout=60 ' +
'--module-path /var/sandeep/playbooks/ ' +
'--extra-vars {} {}/{}"'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
print(cmd)
print(shlex.split(cmd))
output of print(cmd)
"/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars '{ \"text\": \"DUMMY\", \"addition\": [\"1\", \"2\", \"3\", ], \"deletion\": [], \"update\": \"update\", \"path\": \"/var/sandeep\", }' /tmp/sandeep//tmp/example.yaml"
Expected results:
['/usr/bin/ansible-playbook', '--timeout=60', '--module-path', '/var/sandeep/playbooks/', '--extra-vars', '{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }', '/tmp/sandeep//tmp/example.yaml']
Actual Results:
['/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars \'{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }\' /tmp/sandeep//tmp/example.yaml']
我是不是遗漏了什么?
shlex 输出完全正确,因为字符串中包含文字 " 个字符。
cmd = ('"/usr/bin/ansible-playbook ' +
# ^- that right there
'--timeout=60 ' +
'--module-path /var/sandeep/playbooks/ ' +
'--extra-vars {} {}/{}"'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
# and this right here -^
如您的 print(cmd) 所示:
"/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars whatever /tmp/sandeep//tmp/example.yaml"
...您的字符串以 " 开头并以 " 结尾,这使得它在被 shell.[=20 解析时成为单个文字字符串=]
只要去掉那些字符,问题就不会再发生了:
cmd = ('/usr/bin/ansible-playbook ' +
'--timeout=60 ' +
'--module-path /var/sandeep/playbooks/ ' +
'--extra-vars {} {}/{}'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
print(cmd)
print(shlex.split(cmd))
但是,您有 其他 个严重错误,因为字符串连接本质上不适合构建命令行。与其尝试采用这种方法,不如直接构建一个数组:
cmd = ['/usr/bin/ansible-playbook',
'--timeout=60',
'--module-path', '/var/sandeep/playbooks/',
'--extra-vars', temp, os.path.join('/tmp/sandeep', '/tmp/example.yml')]
...然后 temp 或其他带有空格或文字引号的变量的值将不再破坏您的代码或允许注入任意参数。
shlex.split() 没有在输入字符串上给出正确的输出。
在python 解释器中,将输入值存储在变量中会产生预期的输出。
但如果我通过脚本执行,shlex.split() 输出不正确并且输入字符串未按空格拆分。
>>> import shlex
>>> var = "/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep> /playbooks/ --extra-vars '{ \"text\": \"DUMMY\", \"addition\": [\"1\", \"2\", \"3\", ], \"deletion\": [], \"update\": \"update\", \"path\": \"/var/sandeep\", }' /tmp/sandeep//tmp/example.yaml"
>>>
>>>
>>> shlex.split(var)
['/usr/bin/ansible-playbook', '--timeout=60', '--module-path', '/var/sandeep/playbooks/', '--extra-vars', '{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }', '/tmp/sandeep//tmp/example.yaml']
def create_extra(text, extra_dict):
extra = "'{{ \\"text\\": \\"{}\\", ".format(text)
for key, value in extra_dict.items():
if isinstance(value, list):
extra += '\\"{}\\": ['.format(key)
for item in value:
extra += '\\"{}\\", '.format(item)
extra += '], '
elif isinstance(value, dict):
extra += '\\"{}\\": {{'.format(key)
for item_key, item_value in value.items():
extra += '\\"{}\\": \\"{}\\", '.format(item_key, item_value)
extra += "}, "
else:
extra += '\\"{}\\": \\"{}\\", '.format(key, value)
extra += "}'"
#print("extra: %s" % extra)
return extra
extra_dict = {'addition': ["1", "2", "3"],
'deletion': [],
'update': 'update',
'path' : '/var/sandeep'
}
temp = create_extra("DUMMY", extra_dict)
"""create_extra function formats and return string"""
cmd = ('"/usr/bin/ansible-playbook ' +
'--timeout=60 ' +
'--module-path /var/sandeep/playbooks/ ' +
'--extra-vars {} {}/{}"'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
print(cmd)
print(shlex.split(cmd))
output of print(cmd)
"/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars '{ \"text\": \"DUMMY\", \"addition\": [\"1\", \"2\", \"3\", ], \"deletion\": [], \"update\": \"update\", \"path\": \"/var/sandeep\", }' /tmp/sandeep//tmp/example.yaml"
Expected results:
['/usr/bin/ansible-playbook', '--timeout=60', '--module-path', '/var/sandeep/playbooks/', '--extra-vars', '{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }', '/tmp/sandeep//tmp/example.yaml']
Actual Results:
['/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars \'{ "text": "DUMMY", "addition": ["1", "2", "3", ], "deletion": [], "update": "update", "path": "/var/sandeep", }\' /tmp/sandeep//tmp/example.yaml']
我是不是遗漏了什么?
shlex 输出完全正确,因为字符串中包含文字 " 个字符。
cmd = ('"/usr/bin/ansible-playbook ' +
# ^- that right there
'--timeout=60 ' +
'--module-path /var/sandeep/playbooks/ ' +
'--extra-vars {} {}/{}"'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
# and this right here -^
如您的 print(cmd) 所示:
"/usr/bin/ansible-playbook --timeout=60 --module-path /var/sandeep/playbooks/ --extra-vars whatever /tmp/sandeep//tmp/example.yaml"
...您的字符串以 " 开头并以 " 结尾,这使得它在被 shell.[=20 解析时成为单个文字字符串=]
只要去掉那些字符,问题就不会再发生了:
cmd = ('/usr/bin/ansible-playbook ' +
'--timeout=60 ' +
'--module-path /var/sandeep/playbooks/ ' +
'--extra-vars {} {}/{}'.format(temp, "/tmp/sandeep", "/tmp/example.yaml"))
print(cmd)
print(shlex.split(cmd))
但是,您有 其他 个严重错误,因为字符串连接本质上不适合构建命令行。与其尝试采用这种方法,不如直接构建一个数组:
cmd = ['/usr/bin/ansible-playbook',
'--timeout=60',
'--module-path', '/var/sandeep/playbooks/',
'--extra-vars', temp, os.path.join('/tmp/sandeep', '/tmp/example.yml')]
...然后 temp 或其他带有空格或文字引号的变量的值将不再破坏您的代码或允许注入任意参数。