44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e34e644493674ca709b64a47206763d5d4bd60c
privacy.sexy/src/infrastructure/CodeRunner/Execution/CommandDefinition/Commands/PowerShellInvoke/EncodedPowerShellInvokeCmdCommandCreator.ts
undergroundwires a3343205b1 Fix win execution with whitespace in username #351 
This commit addresses the issue where scripts fail to execute on Windows
environments with usernames containing spaces. The problem stemmed from
PowerShell and cmd shell's handling of spaces in quoted arguments.

The solution involves encoding PowerShell commands before execution,
which mitigates the quoting issues previously causing script failures.
This approach is now integrated into the execution flow, ensuring that
commands are correctly handled irrespective of user names or other
variables that may include spaces.

Changes:

- Implement encoding for PowerShell commands to handle spaces in usernames
  and other similar scenarios.
- Update script documentation URLs to reflect changes in directory
  structure.

Fixes #351
2024-05-07 13:57:19 +02:00

33 lines
2.2 KiB
TypeScript
Raw Blame History

import type { PowerShellInvokeShellCommandCreator } from './PowerShellInvokeShellCommandCreator';
/**
Encoding PowerShell commands resolve issues with quote handling.
There are known problems with PowerShell's handling of double quotes in command line arguments:
- Quote stripping in PowerShell command line arguments: https://web.archive.org/web/20240507102706/https://stackoverflow.com/questions/6714165/powershell-stripping-double-quotes-from-command-line-arguments
- privacy.sexy double quotes issue when calling PowerShell from command line: https://web.archive.org/web/20240507102841/https://github.com/undergroundwires/privacy.sexy/issues/351
- Challenges with single quotes in PowerShell command line: https://web.archive.org/web/20240507102047/https://stackoverflow.com/questions/20958388/command-line-escaping-single-quote-for-powershell
Using the `EncodedCommand` parameter is recommended by Microsoft for handling
complex quoting scenarios. This approach helps avoid issues by encoding the entire
command as a Base64 string:
- Microsoft's documentation on using the `EncodedCommand` parameter: https://web.archive.org/web/20240507102733/https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_powershell_exe?view=powershell-5.1#-encodedcommand-base64encodedcommand
*/
export class EncodedPowerShellInvokeCmdCommandCreator
implements PowerShellInvokeShellCommandCreator {
public createCommandToInvokePowerShell(powerShellScript: string): string {
return generateEncodedPowershellCommand(powerShellScript);
}
}
function generateEncodedPowershellCommand(powerShellScript: string): string {
const encodedCommand = encodeForPowershellExecution(powerShellScript);
return `PowerShell -EncodedCommand ${encodedCommand}`;
}
function encodeForPowershellExecution(script: string): string {
// The string must be formatted using UTF-16LE character encoding, see: https://web.archive.org/web/20240507102733/https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_powershell_exe?view=powershell-5.1#-encodedcommand-base64encodedcommand
const buffer = Buffer.from(script, 'utf16le');
return buffer.toString('base64');
}
Reference in New Issue View Git Blame Copy Permalink