Attempt to escape things in on OS dependant way

Ruby Shellwords#shellescape "Escapes a string so that it can be safely
used in a Bourne shell command line".  This is fine for a UNIX like
operating system, but windows does not complies with this.

Attempt to fix CI by manually "escaping" strings on windows (i.e. quote
them and escape quotes with a backslash), and relying on shellescape for
other operating systems.

Author: smortex

lib/puppet/parser/functions/docker_run_flags.rb

@@ -5,17 +5,28 @@
 # docker_run_flags.rb
 #
 module Puppet::Parser::Functions
+  newfunction(:'docker::escape', type: :rvalue) do |args|
+    subject = args[0]
+
+    #scope = closure_scope
+    if self['facts'] && self['facts']['kernel'] == 'windows'
+      %("#{subject.gsub('"', '\\"')}")
+    else
+      subject.shellescape
+    end
+  end
+
   # Transforms a hash into a string of docker flags
   newfunction(:docker_run_flags, type: :rvalue) do |args|
     opts = args[0] || {}
     flags = []
 
     if opts['username']
-      flags << "-u '#{opts['username'].shellescape}'"
+      flags << "-u '#{call_function('docker::escape', [opts['username']])}'"
     end
 
     if opts['hostname']
-      flags << "-h '#{opts['hostname'].shellescape}'"
+      flags << "-h '#{call_function('docker::escape', [opts['hostname']])}'"
     end
 
     if opts['restart']
@@ -24,9 +35,9 @@ module Puppet::Parser::Functions
 
     if opts['net']
       if opts['net'].is_a? String
-        flags << "--net #{opts['net'].shellescape}"
+        flags << "--net #{call_function('docker::escape', [opts['net']])}"
       elsif opts['net'].is_a? Array
-        flags << "--net #{opts['net'].join(' --net ').shellescape}"
+        flags << "--net #{call_function('docker::escape', [opts['net'].join(' --net ')])}" # FIXME: escaping is buggy
       end
     end
 
@@ -72,7 +83,7 @@ module Puppet::Parser::Functions
 
     multi_flags = ->(values, fmt) {
       filtered = [values].flatten.compact
-      filtered.map { |val| (fmt + params_join_char) % val.shellescape }
+      filtered.map { |val| (fmt + params_join_char) % call_function('docker::escape', [val]) }
     }
 
     [

spec/unit/lib/puppet/parser/functions/docker_run_flags_spec.rb

@@ -6,10 +6,22 @@
     compiler = Puppet::Parser::Compiler.new(node)
     scope    = Puppet::Parser::Scope.new(compiler)
     allow(scope).to receive(:environment).and_return(nil)
+    allow(scope).to receive(:[]).with('facts').and_return({'kernel' => kernel})
     scope
   end
 
-  it 'env with special chars' do
-    expect(scope.function_docker_run_flags([{ 'env' => [%.MYSQL_PASSWORD='"$()[]{}<>.], 'extra_params' => [] }])).to match(/^-e MYSQL_PASSWORD\\=\\'\\"\\\$\\\(\\\)\\\[\\\]\\\{\\\}\\<\\> \\$/)
+  context "on POSIX system" do
+    let(:kernel) { 'Linux' }
+
+    it 'escapes special chars' do
+      expect(scope.function_docker_run_flags([{ 'env' => [%.MYSQL_PASSWORD='"$()[]{}<>.], 'extra_params' => [] }])).to match(/^-e MYSQL_PASSWORD\\=\\'\\"\\\$\\\(\\\)\\\[\\\]\\\{\\\}\\<\\> \\$/)
+    end
+  end
+
+  context "on windows" do
+    let(:kernel) { 'windows' }
+    it 'escapes special chars' do
+      expect(scope.function_docker_run_flags([{ 'env' => [%.MYSQL_PASSWORD='"$()[]{}<>.], 'extra_params' => [] }])).to match(/^-e "MYSQL_PASSWORD='\\"\$\(\)\[\]\{\}<>" \\$/)
+    end
   end
 end