Skip to content

fix(http-client-python): avoid shell-quote leak in package-pprint-name#11177

Merged
iscai-msft merged 3 commits into
microsoft:mainfrom
iscai-msft:fix/setup-py-pprint-name-quotes
Jul 6, 2026
Merged

fix(http-client-python): avoid shell-quote leak in package-pprint-name#11177
iscai-msft merged 3 commits into
microsoft:mainfrom
iscai-msft:fix/setup-py-pprint-name-quotes

Conversation

@iscai-msft

Copy link
Copy Markdown
Member

Shell-escaping quotes for package-pprint-name were baked into the option value in addDefaultOptions. When venv creation fails and the emitter falls back to Pyodide, that already-quoted value is passed as a literal kwarg, producing an invalid setup.py (PACKAGE_PPRINT_NAME = ""..."") that black cannot parse. Quoting is now applied only when building the native Python shell command via quoteShellArg.

Shell-escaping quotes for package-pprint-name were baked into the option
value in addDefaultOptions. When venv creation fails and the emitter falls
back to Pyodide, that already-quoted value is passed as a literal kwarg,
producing an invalid setup.py (PACKAGE_PPRINT_NAME = ""..."") that black
cannot parse. Quoting is now applied only when building the native Python
shell command via quoteShellArg.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@microsoft-github-policy-service microsoft-github-policy-service Bot added the emitter:client:python Issue for the Python client emitter: @typespec/http-client-python label Jul 6, 2026
@pkg-pr-new

pkg-pr-new Bot commented Jul 6, 2026

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/@typespec/http-client-python@11177

commit: 5b6eb0b

Comment thread packages/http-client-python/emitter/src/utils.ts Fixed
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

All changed packages have been documented.

  • @typespec/http-client-python
Show changes

@typespec/http-client-python - fix ✏️

Fix Python SDK generation failure when package-pprint-name contains spaces. The shell-escaping quotes were baked into the option value and leaked into the Pyodide runtime, producing an invalid setup.py (e.g. PACKAGE_PPRINT_NAME = ""Azure Web PubSub Chat Service"") that black could not parse. Quoting is now applied only when building the native Python shell command.

iscai-msft and others added 2 commits July 6, 2026 15:18
Address CodeQL 'Incomplete string escaping' by escaping backslash
characters before double quotes, so a trailing or pre-quote backslash
cannot break out of the quoted argument.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@azure-sdk-automation

azure-sdk-automation Bot commented Jul 6, 2026

Copy link
Copy Markdown

You can try these changes here

🛝 Playground 🌐 Website 🛝 VSCode Extension

Comment thread packages/http-client-python/emitter/src/node-runner.ts
@iscai-msft iscai-msft enabled auto-merge July 6, 2026 20:11
@iscai-msft iscai-msft added this pull request to the merge queue Jul 6, 2026
Merged via the queue into microsoft:main with commit 21ee38d Jul 6, 2026
40 of 41 checks passed
@iscai-msft iscai-msft deleted the fix/setup-py-pprint-name-quotes branch July 6, 2026 21:10
tadelesh pushed a commit that referenced this pull request Jul 9, 2026
#11177)

Shell-escaping quotes for package-pprint-name were baked into the option
value in addDefaultOptions. When venv creation fails and the emitter
falls back to Pyodide, that already-quoted value is passed as a literal
kwarg, producing an invalid setup.py (PACKAGE_PPRINT_NAME = ""..."")
that black cannot parse. Quoting is now applied only when building the
native Python shell command via quoteShellArg.

---------

Co-authored-by: iscai-msft <isabellavcai@gmail.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

emitter:client:python Issue for the Python client emitter: @typespec/http-client-python

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants