ci/lib: do not interpret escape sequences in `group ()` arguments

We use printf to set up sections with GitLab CI, which requires us to
print a bunch of escape sequences via printf. The group name is
controlled by the user and is expanded directly into the formatting
string, which may cause problems in case the argument contains escape
sequences or formatting directives.

Fix this potential issue by using formatting directives to pass variable
data.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/ci/lib.sh b/ci/lib.sh
index de3a95cea19dc36dcb86c2f005431737dd883e90..803f56bc821e3daa7daeba0c1769dbce0a7006e7 100755 (executable)
--- a/ci/lib.sh
+++ b/ci/lib.sh
@@ -18,7 +18,8 @@ elif test true = "$GITLAB_CI"
 then
        begin_group () {
                need_to_end_group=t
-               printf "\e[0Ksection_start:$(date +%s):$(echo "$1" | tr ' ' _)[collapsed=true]\r\e[0K$1\n"
+               printf '\e[0Ksection_start:%s:%s[collapsed=true]\r\e[0K%s\n' \
+                       "$(date +%s)" "$(echo "$1" | tr ' ' _)" "$1"
                trap "end_group '$1'" EXIT
                set -x
        }
@@ -27,7 +28,8 @@ then
                test -n "$need_to_end_group" || return 0
                set +x
                need_to_end_group=
-               printf "\e[0Ksection_end:$(date +%s):$(echo "$1" | tr ' ' _)\r\e[0K\n"
+               printf '\e[0Ksection_end:%s:%s\r\e[0K\n' \
+                       "$(date +%s)" "$(echo "$1" | tr ' ' _)"
                trap - EXIT
        }
 else