Attempts at string escaping

2025-02-04 07:20:39 +00:00 · 2022-02-02 12:53:21 +00:00 · 2022-02-02 12:53:21 +00:00 · f6508dfcad
parent 0bc3d9f31c
commit f6508dfcad
1 changed files with 23 additions and 3 deletions
--- a/lib/logic/api_maps/hetzner.dart
+++ b/lib/logic/api_maps/hetzner.dart
@ -130,17 +130,34 @@ class HetznerApi extends ApiMap {
      hostname = 'selfprivacy-server';
    }

+    print("hostname: $hostname");
+
    /// add ssh key when you need it: e.g. "ssh_keys":["kherel"]
    /// check the branch name, it could be "development" or "master".
+    /// 
+    final userdataString = "#cloud-config\\nruncmd:\\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/master/nixos-infect | PROVIDER=hetzner NIX_CHANNEL=nixos-21.05 DOMAIN='$domainName' LUSER='${escapeQuotes(rootUser.login)}' PASSWORD='${escapeQuotes(rootUser.password)}' CF_TOKEN=$cloudFlareKey DB_PASSWORD=${escapeQuotes(dbPassword)} API_TOKEN=$apiToken HOSTNAME=${escapeQuotes(hostname)} bash 2>&1 | tee /tmp/infect.log";
+    print(userdataString);

-    var data = jsonDecode(
-        '''{"name":"$hostname","server_type":"cx11","start_after_create":false,"image":"ubuntu-20.04", "volumes":[$dbId], "networks":[], "user_data":"#cloud-config\\nruncmd:\\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/master/nixos-infect | PROVIDER=hetzner NIX_CHANNEL=nixos-21.05 DOMAIN='$domainName' LUSER='${escapeSingleQuotes(rootUser.login)}' PASSWORD='${escapeSingleQuotes(rootUser.password)}' CF_TOKEN=$cloudFlareKey DB_PASSWORD=${escapeSingleQuotes(dbPassword)} API_TOKEN=$apiToken HOSTNAME=${escapeSingleQuotes(hostname)} bash 2>&1 | tee /tmp/infect.log","labels":{},"automount":true, "location": "fsn1"}''');
+    final data = {
+      "name": hostname,
+      "server_type": "cx11",
+      "start_after_create": false,
+      "image": "ubuntu-20.04",
+      "volumes": [dbId],
+      "networks": [],
+      "user_data": userdataString,
+      "labels": {},
+      "automount": true,
+      "location": "fsn1"
+    };
+    print("Decoded data: $data");

    Response serverCreateResponse = await client.post(
      '/servers',
      data: data,
    );

+    print(serverCreateResponse.data);
    client.close();
    return HetznerServerDetails(
      id: serverCreateResponse.data['server']['id'],
@ -240,7 +257,10 @@ class HetznerApi extends ApiMap {
  }
 }

-String escapeSingleQuotes(String str) {
+String escapeQuotes(String str) {
  // replace all single quotes with escaped single quotes for bash strong quotes (i.e. '\'' )
+  print("Escaping single quotes for bash: $str");
+  print("Escaping result: ${str.replaceAll(RegExp(r"'"), "'\\''")}");
+  // also escape all double quotes for json
  return str.replaceAll(RegExp(r"'"), "'\\''");
 }