Potential fix for code scanning alert no. 53: Log entries created from user input

[alessio]

Potential fix for https://github.com/alessio/shellescape/security/code-scanning/53

General fix: sanitize untrusted input before writing it to output that may be interpreted as log/terminal text. For plain-text safety, remove control characters (including CR/LF and terminal escapes) prior to formatting.

Best fix here: in cmd/escargs/escargs.go, sanitize line with shellescape.StripUnsafe before passing it to shellescape.Quote. This preserves the intended feature (shell-escaping arguments) while preventing control-character-based forging/confusion. No new imports or dependencies are needed because StripUnsafe already exists in shellescape.go.

Change needed:

• File: cmd/escargs/escargs.go
• Region: loop in main() around line 80.
• Replace fmt.Printf("%s", shellescape.Quote(line)) with output based on a sanitized variable, e.g.:
  • safeLine := shellescape.StripUnsafe(line)
  • fmt.Printf("%s", shellescape.Quote(safeLine))

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b9f5cbf-1455-4d8e-bee3-569c4e51e7ea

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch alert-autofix-53

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 39.74%. Comparing base (a5f6ee1) to head (984fafb).

Files with missing lines	Patch %	Lines
cmd/escargs/escargs.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #80      +/-   ##
==========================================
- Coverage   40.25%   39.74%   -0.52%     
==========================================
  Files           2        2              
  Lines          77       78       +1     
==========================================
  Hits           31       31              
- Misses         46       47       +1     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}