add proper support for carriage return

markijbema · markijbema · commit db9ababe263c · 2025-10-23T16:48:20.000+02:00
diff --git a/webview-ui/src/utils/__tests__/command-validation.spec.ts b/webview-ui/src/utils/__tests__/command-validation.spec.ts
@@ -14,28 +14,30 @@ import {
 	containsDangerousSubstitution,
 	protectNewlinesInQuotes,
 	NEWLINE_PLACEHOLDER,
+	CARRIAGE_RETURN_PLACEHOLDER,
 } from "../command-validation"
 
 describe("protectNewlinesInQuotes", () => {
-	const placeholder = NEWLINE_PLACEHOLDER
+	const newlinePlaceholder = NEWLINE_PLACEHOLDER
+	const crPlaceholder = CARRIAGE_RETURN_PLACEHOLDER
 
 	describe("basic quote handling", () => {
 		it("protects newlines in double quotes", () => {
 			const input = 'echo "hello\nworld"'
-			const expected = `echo "hello${placeholder}world"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "hello${newlinePlaceholder}world"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("protects newlines in single quotes", () => {
 			const input = "echo 'hello\nworld'"
-			const expected = `echo 'hello${placeholder}world'`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo 'hello${newlinePlaceholder}world'`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("does not protect newlines outside quotes", () => {
 			const input = "echo hello\necho world"
 			const expected = "echo hello\necho world"
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 	})
 
@@ -45,91 +47,91 @@ describe("protectNewlinesInQuotes", () => {
 			const input = `echo '"'A\n'"'`
 			// The newline after A is NOT inside quotes, so it should NOT be protected
 			const expected = `echo '"'A\n'"'`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles alternating quotes correctly", () => {
 			// echo "hello"world"test" -> hello is quoted, world is not, test is quoted
 			const input = `echo "hello\n"world\n"test\n"`
-			const expected = `echo "hello${placeholder}"world\n"test${placeholder}"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "hello${newlinePlaceholder}"world\n"test${newlinePlaceholder}"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles single quote after double quote", () => {
 			const input = `echo "hello"'world\n'`
-			const expected = `echo "hello"'world${placeholder}'`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "hello"'world${newlinePlaceholder}'`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles double quote after single quote", () => {
 			const input = `echo 'hello'"world\n"`
-			const expected = `echo 'hello'"world${placeholder}"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo 'hello'"world${newlinePlaceholder}"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 	})
 
 	describe("escaped quotes", () => {
 		it("handles escaped double quotes in double-quoted strings", () => {
 			const input = 'echo "hello\\"world\n"'
-			const expected = `echo "hello\\"world${placeholder}"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "hello\\"world${newlinePlaceholder}"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("does not treat backslash as escape in single quotes", () => {
 			// In single quotes, backslash is literal (except for \' in some shells)
 			const input = "echo 'hello\\'world\n'"
 			// The \\ is literal, the ' ends the quote, so world\n is outside quotes
 			const expected = "echo 'hello\\'world\n'"
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 	})
 
 	describe("edge cases", () => {
 		it("handles unclosed quotes", () => {
 			const input = 'echo "unclosed\n'
-			const expected = `echo "unclosed${placeholder}`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "unclosed${newlinePlaceholder}`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles empty string", () => {
-			expect(protectNewlinesInQuotes("", placeholder)).toBe("")
+			expect(protectNewlinesInQuotes("", newlinePlaceholder, crPlaceholder)).toBe("")
 		})
 
 		it("handles string with no quotes", () => {
 			const input = "echo hello\nworld"
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(input)
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(input)
 		})
 
 		it("handles multiple newlines in quotes", () => {
 			const input = 'echo "line1\nline2\nline3"'
-			const expected = `echo "line1${placeholder}line2${placeholder}line3"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "line1${newlinePlaceholder}line2${newlinePlaceholder}line3"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles carriage returns", () => {
 			const input = 'echo "hello\rworld"'
-			const expected = `echo "hello${placeholder}world"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "hello${crPlaceholder}world"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles CRLF", () => {
 			const input = 'echo "hello\r\nworld"'
-			const expected = `echo "hello${placeholder}${placeholder}world"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `echo "hello${crPlaceholder}${newlinePlaceholder}world"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 	})
 
 	describe("real-world git commit examples", () => {
 		it("protects newlines in git commit message", () => {
 			const input = `git commit -m "feat: title\n\n- point a\n- point b"`
-			const expected = `git commit -m "feat: title${placeholder}${placeholder}- point a${placeholder}- point b"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `git commit -m "feat: title${newlinePlaceholder}${newlinePlaceholder}- point a${newlinePlaceholder}- point b"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 
 		it("handles complex git command with multiple quoted sections", () => {
 			const input = `git add . && git commit -m "feat: title\n\n- point a" && echo "done\n"`
-			const expected = `git add . && git commit -m "feat: title${placeholder}${placeholder}- point a" && echo "done${placeholder}"`
-			expect(protectNewlinesInQuotes(input, placeholder)).toBe(expected)
+			const expected = `git add . && git commit -m "feat: title${newlinePlaceholder}${newlinePlaceholder}- point a" && echo "done${newlinePlaceholder}"`
+			expect(protectNewlinesInQuotes(input, newlinePlaceholder, crPlaceholder)).toBe(expected)
 		})
 	})
 })
diff --git a/webview-ui/src/utils/command-validation.ts b/webview-ui/src/utils/command-validation.ts
@@ -3,11 +3,13 @@ import { parse } from "shell-quote"
 type ShellToken = string | { op: string } | { command: string }
 
 /**
- * Placeholder used to protect newlines within quoted strings during command parsing.
- * This constant is used by the protectNewlinesInQuotes function to temporarily replace
+ * Placeholders used to protect newlines within quoted strings during command parsing.
+ * These constants are used by the protectNewlinesInQuotes function to temporarily replace
  * newlines that appear inside quotes, preventing them from being treated as command separators.
+ * We use separate placeholders for \n and \r to preserve the original line ending type.
  */
 export const NEWLINE_PLACEHOLDER = "___NEWLINE___"
+export const CARRIAGE_RETURN_PLACEHOLDER = "___CARRIAGE_RETURN___"
 
 /**
  * # Command Denylist Feature - Longest Prefix Match Strategy
@@ -130,8 +132,9 @@ export function containsDangerousSubstitution(source: string): boolean {
 }
 
 /**
- * Protect newlines inside quoted strings by replacing them with a placeholder.
+ * Protect newlines inside quoted strings by replacing them with placeholders.
  * This handles proper shell quoting rules where quotes can be concatenated.
+ * Uses separate placeholders for \n and \r to preserve the original line ending type.
  *
  * Examples:
  * - "hello\nworld" -> newline is protected (inside double quotes)
@@ -140,10 +143,15 @@ export function containsDangerousSubstitution(source: string): boolean {
  * - "hello"world -> world is NOT quoted
  *
  * @param command - The command string to process
- * @param placeholder - The placeholder string to use for protected newlines
- * @returns The command with newlines in quotes replaced by placeholder
+ * @param newlinePlaceholder - The placeholder string to use for \n characters
+ * @param carriageReturnPlaceholder - The placeholder string to use for \r characters
+ * @returns The command with newlines in quotes replaced by placeholders
  */
-export function protectNewlinesInQuotes(command: string, placeholder: string): string {
+export function protectNewlinesInQuotes(
+	command: string,
+	newlinePlaceholder: string,
+	carriageReturnPlaceholder: string,
+): string {
 	let result = ""
 	let i = 0
 
@@ -165,9 +173,13 @@ export function protectNewlinesInQuotes(command: string, placeholder: string): s
 					result += quoteChar
 					i++
 					break
-				} else if (quoteChar === "\n" || quoteChar === "\r") {
-					// Replace newline inside double quotes
-					result += placeholder
+				} else if (quoteChar === "\n") {
+					// Replace \n inside double quotes
+					result += newlinePlaceholder
+					i++
+				} else if (quoteChar === "\r") {
+					// Replace \r inside double quotes
+					result += carriageReturnPlaceholder
 					i++
 				} else {
 					result += quoteChar
@@ -189,9 +201,13 @@ export function protectNewlinesInQuotes(command: string, placeholder: string): s
 					result += quoteChar
 					i++
 					break
-				} else if (quoteChar === "\n" || quoteChar === "\r") {
-					// Replace newline inside single quotes
-					result += placeholder
+				} else if (quoteChar === "\n") {
+					// Replace \n inside single quotes
+					result += newlinePlaceholder
+					i++
+				} else if (quoteChar === "\r") {
+					// Replace \r inside single quotes
+					result += carriageReturnPlaceholder
 					i++
 				} else {
 					result += quoteChar
@@ -222,10 +238,11 @@ export function protectNewlinesInQuotes(command: string, placeholder: string): s
 export function parseCommand(command: string): string[] {
 	if (!command?.trim()) return []
 
-	// First, protect newlines inside quoted strings by replacing them with a placeholder
+	// First, protect newlines inside quoted strings by replacing them with placeholders
 	// This prevents splitting multi-line quoted strings (e.g., git commit -m "multi\nline")
-	const quotedStringPlaceholder = "___NEWLINE_IN_QUOTE___"
-	const protectedCommand = protectNewlinesInQuotes(command, quotedStringPlaceholder)
+	const newlinePlaceholder = "___NEWLINE_IN_QUOTE___"
+	const carriageReturnPlaceholder = "___CR_IN_QUOTE___"
+	const protectedCommand = protectNewlinesInQuotes(command, newlinePlaceholder, carriageReturnPlaceholder)
 
 	// Split by newlines (handle different line ending formats)
 	// This regex splits on \r\n (Windows), \n (Unix), or \r (old Mac)
@@ -241,8 +258,12 @@ export function parseCommand(command: string): string[] {
 		allCommands.push(...lineCommands)
 	}
 
-	// Restore newlines in quoted strings
-	return allCommands.map((cmd) => cmd.replace(new RegExp(quotedStringPlaceholder, "g"), "\n"))
+	// Restore newlines and carriage returns in quoted strings
+	return allCommands.map((cmd) =>
+		cmd
+			.replace(new RegExp(newlinePlaceholder, "g"), "\n")
+			.replace(new RegExp(carriageReturnPlaceholder, "g"), "\r"),
+	)
 }
 
 /**
