pkg/cliwrappers: shell-escape log messages

The commands we execute may include shell control characters
(most commonly whitespace). If we log the arguments separated by space,
the log messages will look confusing and will not be copy-paste-able
into a terminal.

Shell-quote the arguments that need quoting to make the log messages
copy-paste-able. Use a similar approach as alessio/shellescape [1]
or shlex [2] from the Python standard library.

Compared to those, use a slighly nicer escape style for single quotes.
Our approach:

    it's => 'it'\''s'

Their approach:

    it's => 'it'"'"'s'

[1]: https://github.com/alessio/shellescape/blob/59ee74454256aaf5478a6283be4c480c13fd3152/shellescape.go#L26-L42
[2]: https://github.com/python/cpython/blob/485699216f2186c63f85fc546301e5edbe6b2f22/Lib/shlex.py#L320-L338

Assisted-by: Claude
Signed-off-by: Adam Cmiel <acmiel@redhat.com>

Author: chmeliik

pkg/cliwrappers/buildah.go

@@ -225,7 +225,7 @@ func (b *BuildahCli) Build(args *BuildahBuildArgs) error {
 	// Context directory must be the last argument
 	buildahArgs = append(buildahArgs, args.ContextDir)
 
-	buildahLog.Debugf("Running command:\nbuildah %s", strings.Join(buildahArgs, " "))
+	buildahLog.Debugf("Running command:\n%s", shellJoin("buildah", buildahArgs...))
 
 	_, _, _, err := b.Executor.ExecuteWithOutput("buildah", buildahArgs...)
 	if err != nil {
@@ -263,7 +263,7 @@ func (b *BuildahCli) Push(args *BuildahPushArgs) (string, error) {
 		buildahArgs = append(buildahArgs, args.Destination)
 	}
 
-	buildahLog.Debugf("Running command:\nbuildah %s", strings.Join(buildahArgs, " "))
+	buildahLog.Debugf("Running command:\n%s", shellJoin("buildah", buildahArgs...))
 
 	retryer := NewRetryer(func() (string, string, int, error) {
 		return b.Executor.ExecuteWithOutput("buildah", buildahArgs...)
@@ -300,7 +300,7 @@ func (b *BuildahCli) Pull(args *BuildahPullArgs) error {
 
 	buildahArgs := []string{"pull", args.Image}
 
-	buildahLog.Debugf("Running command:\nbuildah %s", strings.Join(buildahArgs, " "))
+	buildahLog.Debugf("Running command:\n%s", shellJoin("buildah", buildahArgs...))
 
 	retryer := NewRetryer(func() (string, string, int, error) {
 		return b.Executor.ExecuteWithOutput("buildah", buildahArgs...)
@@ -338,7 +338,7 @@ func (b *BuildahCli) Inspect(args *BuildahInspectArgs) (string, error) {
 
 	buildahArgs := []string{"inspect", "--type", args.Type, args.Name}
 
-	buildahLog.Debugf("Running command:\nbuildah %s", strings.Join(buildahArgs, " "))
+	buildahLog.Debugf("Running command:\n%s", shellJoin("buildah", buildahArgs...))
 
 	stdout, stderr, _, err := b.Executor.Execute("buildah", buildahArgs...)
 	if err != nil {
@@ -384,7 +384,7 @@ type BuildahVersionInfo struct {
 func (b *BuildahCli) Version() (BuildahVersionInfo, error) {
 	buildahArgs := []string{"version", "--json"}
 
-	buildahLog.Debugf("Running command:\nbuildah %s", strings.Join(buildahArgs, " "))
+	buildahLog.Debugf("Running command:\n%s", shellJoin("buildah", buildahArgs...))
 
 	stdout, stderr, _, err := b.Executor.Execute("buildah", buildahArgs...)
 	if err != nil {

pkg/cliwrappers/hermeto.go

@@ -4,7 +4,6 @@ package cliwrappers
 
 import (
 	"errors"
-	"strings"
 
 	"github.com/konflux-ci/konflux-build-cli/pkg/logger"
 )
@@ -79,7 +78,7 @@ func (hc *HermetoCli) FetchDeps(params *HermetoFetchDepsParams) error {
 		params.OutputDir,
 	)
 
-	log.Debugf("Executing hermeto %s", strings.Join(args, " "))
+	log.Debugf("Executing %s", shellJoin("hermeto", args...))
 	_, _, _, err := hc.Executor.ExecuteWithOutput("hermeto", args...)
 	return err
 }
@@ -108,7 +107,7 @@ func (hc *HermetoCli) GenerateEnv(params *HermetoGenerateEnvParams) error {
 		params.Output,
 	}
 
-	log.Debugf("Executing hermeto %s", strings.Join(args, " "))
+	log.Debugf("Executing %s", shellJoin("hermeto", args...))
 	_, _, _, err := hc.Executor.ExecuteWithOutput("hermeto", args...)
 	return err
 }
@@ -131,7 +130,7 @@ func (hc *HermetoCli) InjectFiles(params *HermetoInjectFilesParams) error {
 		params.ForOutputDir,
 	}
 
-	log.Debugf("Executing hermeto %s", strings.Join(args, " "))
+	log.Debugf("Executing %s", shellJoin("hermeto", args...))
 	_, _, _, err := hc.Executor.ExecuteWithOutput("hermeto", args...)
 	return err
 }

pkg/cliwrappers/oras.go

@@ -2,7 +2,6 @@ package cliwrappers
 
 import (
 	"fmt"
-	"strings"
 
 	l "github.com/konflux-ci/konflux-build-cli/pkg/logger"
 )
@@ -66,7 +65,7 @@ func (b *OrasCli) Push(args *OrasPushArgs) (string, string, error) {
 	}
 	orasArgs = append(orasArgs, args.DestinationImage, args.FileName)
 
-	orasLog.Debugf("Running command:\noras %s", strings.Join(orasArgs, " "))
+	orasLog.Debugf("Running command:\n%s", shellJoin("oras", orasArgs...))
 
 	stdout, stderr, _, err := b.Executor.ExecuteWithOutput("oras", orasArgs...)
 

pkg/cliwrappers/shell_quote.go

@@ -0,0 +1,29 @@
+package cliwrappers
+
+import (
+	"regexp"
+	"strings"
+)
+
+// Use an explicit ASCII set instead of \w, which in Go matches Unicode letters.
+// Non-ASCII characters should be quoted to avoid locale-dependent shell behavior.
+var shellUnsafe = regexp.MustCompile(`[^a-zA-Z0-9_%+,-./:=@]`)
+
+// Quotes command arguments as needed and joins them with spaces.
+// The output should be human-readable and copy-paste-able into a POSIX shell.
+// Try to avoid using this to execute shell commands, the intended use case is logging.
+func shellJoin(cmdName string, args ...string) string {
+	cmd := make([]string, len(args)+1)
+	cmd[0] = shellQuote(cmdName)
+	for i, arg := range args {
+		cmd[i+1] = shellQuote(arg)
+	}
+	return strings.Join(cmd, " ")
+}
+
+func shellQuote(arg string) string {
+	if arg == "" || shellUnsafe.MatchString(arg) {
+		return "'" + strings.ReplaceAll(arg, "'", "'\\''") + "'"
+	}
+	return arg
+}

pkg/cliwrappers/shell_quote_test.go

@@ -0,0 +1,72 @@
+package cliwrappers
+
+import "testing"
+
+func TestShellQuote(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{"simple", "hello", "hello"},
+		{"with space", "hello world", "'hello world'"},
+		{"with single quote", "it's", `'it'\''s'`},
+		{"empty string", "", "''"},
+		{"non-ascii", "čau", "'čau'"},
+		{"dollar sign", "$HOME", "'$HOME'"},
+		{"backtick", "`cmd`", "'`cmd`'"},
+		{"pipe", "a|b", "'a|b'"},
+		{"semicolon", "a;b", "'a;b'"},
+		{"ampersand", "a&b", "'a&b'"},
+		{"parentheses", "(cmd)", "'(cmd)'"},
+		{"safe chars", "a-b_c+d,e.f/g:h=i@j%k", "a-b_c+d,e.f/g:h=i@j%k"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := shellQuote(tt.input)
+			if got != tt.expected {
+				t.Errorf("shellQuote(%q) = %q, want %q", tt.input, got, tt.expected)
+			}
+		})
+	}
+}
+
+func TestShellJoin(t *testing.T) {
+	tests := []struct {
+		name     string
+		cmd      string
+		args     []string
+		expected string
+	}{
+		{
+			"simple command",
+			"buildah", []string{"build", "-t", "myimage"},
+			"buildah build -t myimage",
+		},
+		{
+			"arg with space",
+			"buildah", []string{"build", "--build-arg", "FOO=hello world"},
+			"buildah build --build-arg 'FOO=hello world'",
+		},
+		{
+			"no args",
+			"buildah", nil,
+			"buildah",
+		},
+		{
+			"multiple special args",
+			"echo", []string{"it's", "a $var", ""},
+			`echo 'it'\''s' 'a $var' ''`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := shellJoin(tt.cmd, tt.args...)
+			if got != tt.expected {
+				t.Errorf("ShellJoin(%q, %v) = %q, want %q", tt.cmd, tt.args, got, tt.expected)
+			}
+		})
+	}
+}

pkg/cliwrappers/skopeo.go

@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"strings"
 
 	l "github.com/konflux-ci/konflux-build-cli/pkg/logger"
 )
@@ -80,7 +79,7 @@ func (s *SkopeoCli) Copy(args *SkopeoCopyArgs) error {
 	dockerPrefix := "docker://"
 	scopeoArgs = append(scopeoArgs, dockerPrefix+args.SourceImage, dockerPrefix+args.DestinationImage)
 
-	skopeoLog.Debugf("Running command:\nskopeo %s", strings.Join(scopeoArgs, " "))
+	skopeoLog.Debugf("Running command:\n%s", shellJoin("skopeo", scopeoArgs...))
 
 	retryer := NewRetryer(func() (string, string, int, error) {
 		return s.Executor.Execute("skopeo", scopeoArgs...)
@@ -136,7 +135,7 @@ func (s *SkopeoCli) Inspect(args *SkopeoInspectArgs) (string, error) {
 	dockerPrefix := "docker://"
 	scopeoArgs = append(scopeoArgs, dockerPrefix+args.ImageRef)
 
-	skopeoLog.Debugf("Running command:\nskopeo %s", strings.Join(scopeoArgs, " "))
+	skopeoLog.Debugf("Running command:\n%s", shellJoin("skopeo", scopeoArgs...))
 
 	retryer := NewRetryer(func() (string, string, int, error) {
 		return s.Executor.Execute("skopeo", scopeoArgs...)