Use shlex.quote for shell argument escaping on POSIX#1198
Open
Asher- wants to merge 3 commits intooraios:mainfrom
Open
Use shlex.quote for shell argument escaping on POSIX#1198Asher- wants to merge 3 commits intooraios:mainfrom
Asher- wants to merge 3 commits intooraios:mainfrom
Conversation
…kit-lsp sourcekit-lsp was launched with no arguments, giving it no location to store its background index. Without --scratch-path, textDocument/references always returns empty because there is no index store for cross-file symbol resolution. - Pass --scratch-path <repo>/.build/sourcekit-lsp when launching - Increase local indexing delay from 5s to 10s (real projects need more time) - Add retry logic for local runs when references are empty, not just CI Fixes root cause of issue oraios#876. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On macOS, bare sourcekit-lsp resolves to Command Line Tools version which has limited indexing capabilities. xcrun without DEVELOPER_DIR also resolves to CLT. Setting DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer gives the full Xcode sourcekit-lsp with proper background indexing support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
quote_arg only wrapped arguments containing spaces in double quotes, leaving shell metacharacters ($, backtick, ;, |, &, etc.) unescaped. On POSIX systems, use shlex.quote() which properly handles all special characters. Retain the original Windows behavior since Windows cmd.exe does not interpret single-quoted strings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
quote_arg()only wrapped arguments containing spaces in double quotes. Shell metacharacters ($, backtick,;,|,&, etc.) were left unescaped. If any path or argument in the LS command list contains these characters, arbitrary shell command execution could occur.Fix
On POSIX systems, use
shlex.quote()which properly handles all special characters via single-quoting. Retain the original Windows behavior since Windowscmd.exedoes not interpret single-quoted strings.Verification