WIP: Improved sanitization of barewords before eval

mo

@@ -195,7 +195,7 @@ moCallFunction() {
     moArgs=()
     for (( m=0; m<${#MO_FUNCTION_ARGS[@]}; m++ )); do
         MO_FUNCTION_ARGS[$m]="$(moParse "(${MO_FUNCTION_ARGS[$m]})" "$3" "$3" true)"
-        moQuote moQuoted "${MO_FUNCTION_ARGS[$m]}"
+        moSanitize moQuoted "${MO_FUNCTION_ARGS[$m]}"
         moArgs+=($moQuoted)
     done
 
@@ -542,11 +542,17 @@ moUnescape() {
 # $2 - Content to quote
 #
 # Returns nothing.
-moQuote() {
-    #echo "FOR:       $1" >&2
-    #echo "UNQUOTED: >$2<" >&2
-    #echo "QUOTED:   >\"${2//\"/\\\"}\"<" >&2
-    local "$1" && moIndirect "$1" "\"${2//\"/\\\"}\""
+moSanitize() {
+    local moSanitized="${2//\\/\\\\}"         # Escape backslashes
+    moSanitized="${moSanitized//\$/\\\$}" # Escape dollar signs
+    moSanitized="${moSanitized//\"/\\\"}" # Escape double quotes
+    moSanitized="${moSanitized//\`/\\\`}" # Escape backticks
+    #moSanitized="${moSanitized//\*/\\*}"  # Escape asterisks
+    #moSanitized="${moSanitized//\}/\}}"  # Escape closing curly braces
+    #moSanitized="${moSanitized//\$\{/\$\{}"  # Escape opening curly braces
+    #moSanitized="${moSanitized//\{\!/\\!}"  # Escape exclamation marks
+    local "$1" && moIndirect "$1" "\"$moSanitized\""
+    #local "$1" && moIndirect "$1" "\"${2//\"/\\\"}\""
 }
 
 

run-tests

@@ -7,7 +7,7 @@ cd "${0%/*}" || exit 1
 PASS=0
 FAIL=0
 
-for TEST in tests/*.expected; do
+for TEST in tests/$1*.expected; do
     export BASE="${TEST%.expected}"
     export MO_FALSE_IS_EMPTY=
 
@@ -23,6 +23,9 @@ for TEST in tests/*.expected; do
             . "${BASE}.env"
             echo "Do not read this input" | mo "${BASE}.template"
         fi
+    ) | (
+        cat > "${BASE}.actual";
+        cat "${BASE}.actual"
     ) | diff -U5 - "${TEST}" > "${BASE}.diff"
 
     statusCode=$?
@@ -34,6 +37,7 @@ for TEST in tests/*.expected; do
         echo "ok"
         PASS=$(( PASS + 1 ))
         rm "${BASE}.diff"
+        rm "${BASE}.actual"
     fi
 done