Merge pull request #448 from postmanlabs/issue-248

Use quoteType everywhere in curl, not just in the url
postmanlabs · Feb 26, 2021 · 2224a02 · 2224a02
2 parents c4db059 + b8cda39
commit 2224a02
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 20 deletions.
diff --git a/codegens/curl/lib/index.js b/codegens/curl/lib/index.js
@@ -23,8 +23,8 @@ self = module.exports = {
     format = options.longFormat;
     trim = options.trimRequestBody;
     silent = options.silent;
-    url = getUrlStringfromUrlObject(request.url);
     quoteType = options.quoteType === 'single' ? '\'' : '"';
+    url = getUrlStringfromUrlObject(request.url, quoteType);
 
     snippet = silent ? `curl ${form('-s', format)}` : 'curl';
 
@@ -72,14 +72,14 @@ self = module.exports = {
         if (!header.key) {
           return;
         }
-        snippet += indent + `${form('-H', format)} '${sanitize(header.key, true)}`;
+        snippet += indent + `${form('-H', format)} ${quoteType}${sanitize(header.key, true, quoteType)}`;
         // If the header value is an empty string then add a semicolon after key
         // otherwise the header would be ignored by curl
         if (header.value) {
-          snippet += `: ${sanitize(header.value)}'`;
+          snippet += `: ${sanitize(header.value, false, quoteType)}${quoteType}`;
         }
         else {
-          snippet += ';\'';
+          snippet += ';' + quoteType;
         }
       });
     }
@@ -130,12 +130,13 @@ self = module.exports = {
                 // Using the long form below without considering the longFormat option,
                 // to generate more accurate and correct snippet
                 snippet += indent + '--data-urlencode';
-                snippet += ` '${sanitize(data.key, trim)}=${sanitize(data.value, trim)}'`;
+                snippet += ` ${quoteType}${sanitize(data.key, trim, quoteType)}=` +
+                  `${sanitize(data.value, trim, quoteType)}${quoteType}`;
               }
             });
             break;
           case 'raw':
-            snippet += indent + `--data-raw '${sanitize(body.raw.toString(), trim)}'`;
+            snippet += indent + `--data-raw ${quoteType}${sanitize(body.raw.toString(), trim, quoteType)}${quoteType}`;
             break;
           case 'graphql':
             // eslint-disable-next-line no-case-declarations
@@ -147,35 +148,38 @@ self = module.exports = {
             catch (e) {
               graphqlVariables = {};
             }
-            snippet += indent + `--data-raw '${sanitize(JSON.stringify({
+            snippet += indent + `--data-raw ${quoteType}${sanitize(JSON.stringify({
               query: query,
               variables: graphqlVariables
-            }), trim)}'`;
+            }), trim, quoteType)}${quoteType}`;
             break;
           case 'formdata':
             _.forEach(body.formdata, function (data) {
               if (!(data.disabled)) {
                 if (data.type === 'file') {
                   snippet += indent + `${form('-F', format)}`;
-                  snippet += ` '${sanitize(data.key, trim)}=@"${sanitize(data.src, trim, true, true)}"'`;
+                  snippet += ` ${quoteType}${sanitize(data.key, trim, quoteType)}=` +
+                    `${sanitize(`@"${sanitize(data.src, trim, '"', true)}"`, trim, quoteType, quoteType === '"')}`;
+                  snippet += quoteType;
                 }
                 else {
                   snippet += indent + `${form('-F', format)}`;
-                  snippet += ` '${sanitize(data.key, trim)}="${sanitize(data.value, trim, true, true)}"`;
+                  snippet += ` ${quoteType}${sanitize(data.key, trim, quoteType)}=` +
+                    sanitize(`"${sanitize(data.value, trim, '"', true)}"`, trim, quoteType, quoteType === '"');
                   if (data.contentType) {
                     snippet += `;type=${data.contentType}`;
                   }
-                  snippet += '\'';
+                  snippet += quoteType;
                 }
               }
             });
             break;
           case 'file':
             snippet += indent + '--data-binary';
-            snippet += ` '@${sanitize(body[body.mode].src, trim)}'`;
+            snippet += ` ${quoteType}@${sanitize(body[body.mode].src, trim)}${quoteType}`;
             break;
           default:
-            snippet += `${form('-d', format)} ''`;
+            snippet += `${form('-d', format)} ${quoteType}${quoteType}`;
         }
       }
     }

diff --git a/codegens/curl/lib/util.js b/codegens/curl/lib/util.js
@@ -5,11 +5,11 @@ var self = module.exports = {
      *
      * @param {String} inputString
      * @param {Boolean} [trim] - indicates whether to trim string or not
-     * @param {Boolean} [doubleQuotes] - indicates whether to escape double quotes(") and backslash(\\)
+     * @param {Boolean} [quoteType] - indicates which quoteType has to be escaped
      * @param {Boolean} [backSlash] - indicates whether to escape backslash(\\)
      * @returns {String}
      */
-  sanitize: function (inputString, trim, doubleQuotes, backSlash) {
+  sanitize: function (inputString, trim, quoteType, backSlash) {
     if (typeof inputString !== 'string') {
       return '';
     }
@@ -18,12 +18,14 @@ var self = module.exports = {
       inputString = inputString.replace(/\\/g, '\\\\');
     }
 
-    if (doubleQuotes) {
+    if (quoteType === '"') {
       inputString = inputString.replace(/"/g, '\\"');
     }
+    else if (quoteType === '\'') {
+      // for curl escaping of single quotes inside single quotes involves changing of ' to '\''
+      inputString = inputString.replace(/'/g, "'\\''"); // eslint-disable-line quotes
+    }
 
-    // for curl escaping of single quotes inside single quotes involves changing of ' to '\''
-    inputString = inputString.replace(/'/g, "'\\''"); // eslint-disable-line quotes
     return trim ? inputString.trim() : inputString;
   },
 
@@ -126,12 +128,13 @@ var self = module.exports = {
   /**
  *
  * @param {*} urlObject The request sdk request.url object
+ * @param {boolean} quoteType The user given quoteType
  * @returns {String} The final string after parsing all the parameters of the url including
  * protocol, auth, host, port, path, query, hash
  * This will be used because the url.toString() method returned the URL with non encoded query string
  * and hence a manual call is made to getQueryString() method with encode option set as true.
  */
-  getUrlStringfromUrlObject: function (urlObject) {
+  getUrlStringfromUrlObject: function (urlObject, quoteType) {
     var url = '';
     if (!urlObject) {
       return url;
@@ -161,7 +164,7 @@ var self = module.exports = {
       url += '#' + urlObject.hash;
     }
 
-    return self.sanitize(url);
+    return self.sanitize(url, false, quoteType);
   },
 
   /**

diff --git a/codegens/curl/test/unit/convert.test.js b/codegens/curl/test/unit/convert.test.js
@@ -466,6 +466,39 @@ describe('curl convert function', function () {
       });
     });
 
+    it('should generate valid snippets when quoteType is "double"', function () {
+      // url = https://a"b'c.com/'d/"e
+      var request = new sdk.Request({
+        'method': 'POST',
+        'body': {
+          'mode': 'formdata',
+          'formdata': [
+            {
+              'key': 'json',
+              'value': '{"hello": "world"}',
+              'contentType': 'application/json',
+              'type': 'text'
+            }
+          ]
+        },
+        'url': {
+          'raw': "https://a\"b'c.com/'d/\"e", // eslint-disable-line quotes
+          'host': [
+            'a"b\'c',
+            'com'
+          ]
+        }
+      });
+      convert(request, {quoteType: 'double'}, function (error, snippet) {
+        if (error) {
+          expect.fail(null, null, error);
+        }
+
+        expect(snippet).to.include('"a\\"b\'c.com"');
+        expect(snippet).to.include('"json=\\"{\\\\\\"hello\\\\\\": \\\\\\"world\\\\\\"}\\";type=application/json"');
+      });
+    });
+
     describe('getUrlStringfromUrlObject function', function () {
       var rawUrl, urlObject, outputUrlString;