Use "…"→$'…' for escaping, and restyle code

This change addresses [the code review](https://github.com/nickel-lang/organist/pull/222/files/c4cfe488040f5630dfe78104f5648d506e9d334b): - Use `$'…'` (dollar-sign with *single*-quotes) instead of `"…"` (*double*-quotes) for escape shell argument (`file.target`) in `regenerate_one`, to handle paths with characters such as `"`, `'`, `*`, `\`, `\n` (newline), `\t` (tab), `$`. - Rename `NoTraveral` to `NoParentTraveral` for more accurate naming. - Rewrite implementations of contracts `RelativePath` and `NoParentTraveral` in idiomatic nickel.
nickel-lang · Oct 26, 2024 · f21c7e7 · f21c7e7
1 parent c4cfe48
commit f21c7e7
Showing 1 changed file with 14 additions and 9 deletions.
diff --git a/lib/files.ncl b/lib/files.ncl
@@ -1,12 +1,17 @@
 let nix = import "./nix-interop/nix.ncl" in
 let RelativePath =
-  std.contract.from_predicate (fun x => !(x |> std.string.characters |> std.array.at 0 == "/"))
+  std.contract.from_predicate (fun x =>
+    x
+    |> std.string.characters
+    |> std.array.first != "/"
+  )
 in
-let NoTraversal =
-  std.contract.from_predicate
-    (
-      fun x => !(x |> std.string.split "/" |> std.array.any (fun part => part == ".."))
-    )
+let NoParentTraversal =
+  std.contract.from_predicate (fun x =>
+    x
+    |> std.string.split "/"
+    |> std.array.all ((!=) "..")
+  )
 in
 let File = {
   target
@@ -16,7 +21,7 @@ let File = {
       "%
     | std.string.NonEmpty # avoids ""
     | RelativePath # avoids "/etc/passwd"
-    | NoTraversal # avoids "../../../../../../../etc/passwd"
+    | NoParentTraversal # avoids "../../../../../../../etc/passwd"
     | optional,
   content
     | doc m%"
@@ -86,9 +91,9 @@ let regenerate_files | Files -> nix.derivation.Derivation
         let shell_escape = fun path =>
           path
           |> std.string.replace "\\" "\\\\"
-          |> std.string.replace m%"""% m%"\""%
+          |> std.string.replace m%"'"% m%"\'"%
         in
-        nix-s%"regenerate_function "%{copy_command}" "%{file_descr.file}" "%{shell_escape file_descr.target}""%
+        nix-s%"regenerate_function '%{copy_command}' '%{file_descr.file}' $'%{shell_escape file_descr.target}'"%
       in
     let regenerate_files = nix-s%"
       %{regenerate_function}