Ensure command is safe

finestructure · finestructure · commit e188665e7d1c · 2023-03-14T07:52:18.000+01:00
diff --git a/Package.resolved b/Package.resolved
diff --git a/Package.swift b/Package.swift
@@ -14,7 +14,7 @@ let package = Package(
         .library(name: "ShellOut", targets: ["ShellOut"])
     ],
     dependencies: [
-        .package(url: "https://github.com/SwiftPackageIndex/ShellQuote", from: "1.0.0"),
+        .package(url: "https://github.com/SwiftPackageIndex/ShellQuote", from: "1.0.1"),
     ],
     targets: [
         .target(
diff --git a/Sources/ShellOut.swift b/Sources/ShellOut.swift
@@ -39,8 +39,10 @@ import ShellQuote
     environment: [String : String]? = nil,
     quoteArguments: Bool = true
 ) throws -> String {
+    guard !ShellQuote.hasUnsafeContent(command) else {
+        throw ShellOutCommand.Error(message: "Command must not contain characters that require quoting.")
+    }
     let arguments = quoteArguments ? arguments.map(ShellQuote.quote) : arguments
-    print("*** arguments: ", arguments)
     let command = "cd \(path.escapingSpaces) && \(command) \(arguments.joined(separator: " "))"
 
     return try process.launchBash(
@@ -407,6 +409,13 @@ extension ShellOutError: LocalizedError {
     }
 }
 
+extension ShellOutCommand {
+    // TODO: consolidate with ShellOutError
+    struct Error: Swift.Error {
+        var message: String
+    }
+}
+
 // MARK: - Private
 
 private extension Process {
