Add command builder with escaped user input (microsoft#5982)

<!-- To check a checkbox place an "x" between the brackets. e.g: [x] -->

- [ ] I have signed the [Contributor License
Agreement](https://cla.opensource.microsoft.com/microsoft/winget-pkgs).
- [ ] I have updated the [Release Notes](../doc/ReleaseNotes.md).
- [ ] This pull request is related to an issue.

-----
- 🧱 Add a command builder with escaped user input
- ⚠️ Unfortunately, using `StartInfo.ArgumentList` is not available in
net48, hence manually implementing the escape method.
- 🧪 Added unit tests

###### Microsoft Reviewers: [Open in
CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/microsoft/winget-cli/pull/5982)

Author: AmelBawa-msft

.github/actions/spelling/expect.txt

@@ -358,6 +358,7 @@ Multideclaration
 mysource
 nativehandle
 NBLGGH
+ncreate
 NESTEDINSTALLER
 netlify
 NETSDK
@@ -560,6 +561,7 @@ systemnotsupported
 Tagit
 TARG
 taskhostw
+tcreate
 tcs
 tellp
 temppath

azure-pipelines.yml

@@ -199,6 +199,14 @@ jobs:
       TargetFolder: $(buildOutDirAnyCpu)\PowerShell\Microsoft.WinGet.Configuration\SharedDependencies\$(BuildPlatform)
       flattenFolders: true
 
+  - task: CopyFiles@2
+    displayName: 'Copy Microsoft.WinGet.UnitTests AnyCPU Files'
+    inputs:
+      SourceFolder: '$(buildOutDirAnyCpu)\Microsoft.WinGet.UnitTests\net8.0-windows10.0.26100.0'
+      TargetFolder: '$(artifactsDir)\Microsoft.WinGet.UnitTests\'
+      CleanTargetFolder: true
+      OverWrite: true
+
   - task: CopyFiles@2
     displayName: 'Copy PowerShell AnyCPU Module Files'
     inputs:
@@ -439,6 +447,18 @@ jobs:
       TargetFolder: '$(artifactsDir)\PackagedLog'
     condition: succeededOrFailed()
 
+  - task: VSTest@2
+    displayName: 'Run tests: Microsoft.WinGet.UnitTests'
+    inputs:
+      testSelector: 'testAssemblies'
+      testAssemblyVer2: 'Microsoft.WinGet.UnitTests.dll'
+      searchFolder: '$(buildOutDir)\Microsoft.WinGet.UnitTests'
+      codeCoverageEnabled: true
+      platform: '$(buildPlatform)'
+      configuration: '$(BuildConfiguration)'
+      diagnosticsEnabled: true
+    condition: succeededOrFailed()
+
   - task: VSTest@2
     displayName: 'Run tests: WinGetUtilInterop.UnitTests'
     inputs:

src/AppInstallerCLI.sln

@@ -229,6 +229,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Scripts", "Scripts", "{F49C
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ComInprocTestbed", "ComInprocTestbed\ComInprocTestbed.vcxproj", "{E5BCFF58-7D0C-4770-ABB9-AECE1027CD94}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.WinGet.UnitTests", "PowerShell\Microsoft.WinGet.UnitTests\Microsoft.WinGet.UnitTests.csproj", "{5421394F-5619-4E4B-8923-F3FB30D5EFAD}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|ARM64 = Debug|ARM64
@@ -1043,6 +1045,30 @@ Global
 		{E5BCFF58-7D0C-4770-ABB9-AECE1027CD94}.ReleaseStatic|ARM64.ActiveCfg = Release|ARM64
 		{E5BCFF58-7D0C-4770-ABB9-AECE1027CD94}.ReleaseStatic|x64.ActiveCfg = Release|x64
 		{E5BCFF58-7D0C-4770-ABB9-AECE1027CD94}.ReleaseStatic|x86.ActiveCfg = Release|Win32
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Debug|ARM64.ActiveCfg = Debug|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Debug|ARM64.Build.0 = Debug|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Debug|x64.Build.0 = Debug|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Debug|x86.Build.0 = Debug|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Fuzzing|ARM64.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Fuzzing|ARM64.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Fuzzing|x64.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Fuzzing|x64.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Fuzzing|x86.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Fuzzing|x86.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Release|ARM64.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Release|ARM64.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Release|x64.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Release|x64.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Release|x86.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.Release|x86.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.ReleaseStatic|ARM64.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.ReleaseStatic|ARM64.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.ReleaseStatic|x64.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.ReleaseStatic|x64.Build.0 = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.ReleaseStatic|x86.ActiveCfg = Release|Any CPU
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD}.ReleaseStatic|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -1080,6 +1106,7 @@ Global
 		{7139ED6E-8FBC-0B61-3E3A-AA2A23CC4D6A} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
 		{F49C4C89-447E-4D15-B38B-5A8DCFB134AF} = {7C218A3E-9BC8-48FF-B91B-BCACD828C0C9}
 		{E5BCFF58-7D0C-4770-ABB9-AECE1027CD94} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
+		{5421394F-5619-4E4B-8923-F3FB30D5EFAD} = {7C218A3E-9BC8-48FF-B91B-BCACD828C0C9}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {B6FDB70C-A751-422C-ACD1-E35419495857}

src/PowerShell/Microsoft.WinGet.Client.Engine/Commands/CliCommand.cs

@@ -33,7 +33,7 @@ public CliCommand(PSCmdlet psCmdlet)
         public void EnableSetting(string name)
         {
             Utilities.VerifyAdmin();
-            _ = this.Run("settings", $"--enable \"{name}\"");
+            _ = this.Run(new WinGetCLICommandBuilder("settings").AppendOption("enable", name));
         }
 
         /// <summary>
@@ -43,7 +43,7 @@ public void EnableSetting(string name)
         public void DisableSetting(string name)
         {
             Utilities.VerifyAdmin();
-            _ = this.Run("settings", $"--disable \"{name}\"");
+            _ = this.Run(new WinGetCLICommandBuilder("settings").AppendOption("disable", name));
         }
 
         /// <summary>
@@ -52,7 +52,7 @@ public void DisableSetting(string name)
         /// <param name="asPlainText">Return as string.</param>
         public void GetSettings(bool asPlainText)
         {
-            var result = this.Run("settings", "export");
+            var result = this.Run(new WinGetCLICommandBuilder("settings").AppendSubCommand("export"));
 
             if (asPlainText)
             {
@@ -75,24 +75,27 @@ public void GetSettings(bool asPlainText)
         public void AddSource(string name, string arg, string type, string trustLevel, bool isExplicit)
         {
             Utilities.VerifyAdmin();
-            string parameters = $"add --name \"{name}\" --arg \"{arg}\"";
+            var builder = new WinGetCLICommandBuilder("source")
+                .AppendSubCommand("add")
+                .AppendOption("name", name)
+                .AppendOption("arg", arg);
 
             if (!string.IsNullOrEmpty(type))
             {
-                parameters += $" --type \"{type}\"";
+                builder.AppendOption("type", type);
             }
 
             if (!string.IsNullOrEmpty(trustLevel))
             {
-                parameters += $" --trust-level \"{trustLevel}\"";
+                builder.AppendOption("trust-level", trustLevel);
             }
 
             if (isExplicit)
             {
-                parameters += " --explicit";
+                builder.AppendSwitch("explicit");
             }
 
-            _ = this.Run("source", parameters, 300000);
+            _ = this.Run(builder, 300000);
         }
 
         /// <summary>
@@ -102,7 +105,7 @@ public void AddSource(string name, string arg, string type, string trustLevel, b
         public void RemoveSource(string name)
         {
             Utilities.VerifyAdmin();
-            _ = this.Run("source", $"remove --name \"{name}\"");
+            _ = this.Run(new WinGetCLICommandBuilder("source").AppendSubCommand("remove").AppendOption("name", name));
         }
 
         /// <summary>
@@ -112,7 +115,7 @@ public void RemoveSource(string name)
         public void ResetSourceByName(string name)
         {
             Utilities.VerifyAdmin();
-            _ = this.Run("source", $"reset --name \"{name}\" --force");
+            _ = this.Run(new WinGetCLICommandBuilder("source").AppendSubCommand("reset").AppendOption("name", name).AppendSwitch("force"));
         }
 
         /// <summary>
@@ -121,13 +124,13 @@ public void ResetSourceByName(string name)
         public void ResetAllSources()
         {
             Utilities.VerifyAdmin();
-            _ = this.Run("source", $"reset --force");
+            _ = this.Run(new WinGetCLICommandBuilder("source").AppendSubCommand("reset").AppendSwitch("force"));
         }
 
-        private WinGetCLICommandResult Run(string command, string parameters, int timeOut = 60000)
+        private WinGetCLICommandResult Run(WinGetCLICommandBuilder builder, int timeOut = 60000)
         {
             var wingetCliWrapper = new WingetCLIWrapper();
-            var result = wingetCliWrapper.RunCommand(this, command, parameters, timeOut);
+            var result = wingetCliWrapper.RunCommand(this, builder, timeOut);
             result.VerifyExitCode();
 
             return result;

src/PowerShell/Microsoft.WinGet.Client.Engine/Commands/UserSettingsCommand.cs

@@ -42,7 +42,7 @@ public UserSettingsCommand(PSCmdlet psCmdlet)
             if (winGetSettingsFilePath == null)
             {
                 var wingetCliWrapper = new WingetCLIWrapper();
-                var settingsResult = wingetCliWrapper.RunCommand(this, "settings", "export");
+                var settingsResult = wingetCliWrapper.RunCommand(this, new WinGetCLICommandBuilder("settings").AppendSubCommand("export"));
 
                 // Read the user settings file property.
                 var userSettingsFile = Utilities.ConvertToHashtable(settingsResult.StdOut)["userSettingsFile"] ?? throw new ArgumentNullException("userSettingsFile");

src/PowerShell/Microsoft.WinGet.Client.Engine/Helpers/WinGetCLICommandBuilder.cs

@@ -0,0 +1,148 @@
+// -----------------------------------------------------------------------------
+// <copyright file="WinGetCLICommandBuilder.cs" company="Microsoft Corporation">
+//     Copyright (c) Microsoft Corporation. Licensed under the MIT License.
+// </copyright>
+// -----------------------------------------------------------------------------
+
+namespace Microsoft.WinGet.Client.Engine.Helpers
+{
+    using System.Collections.Generic;
+    using System.Text;
+
+    /// <summary>
+    /// Represents a builder for WinGet CLI commands.
+    /// </summary>
+    public class WinGetCLICommandBuilder
+    {
+        private readonly List<string> commands;
+        private readonly List<string> parameters;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="WinGetCLICommandBuilder"/> class.
+        /// </summary>
+        /// <param name="commands">The commands to initialize the builder with.</param>
+        public WinGetCLICommandBuilder(params string[] commands)
+        {
+            this.commands = new (commands);
+            this.parameters = new ();
+        }
+
+        /// <summary>
+        /// Gets the main command (e.g. [empty], settings, source).
+        /// </summary>
+        public string Command => string.Join(" ", this.commands);
+
+        /// <summary>
+        /// Gets the constructed parameters string.
+        /// </summary>
+        public string Parameters => string.Join(" ", this.parameters);
+
+        /// <summary>
+        /// Appends a switch to the command.
+        /// </summary>
+        /// <param name="switchName">The name of the switch to append.</param>
+        /// <returns>The current instance of <see cref="WinGetCLICommandBuilder"/>.</returns>
+        public WinGetCLICommandBuilder AppendSwitch(string switchName)
+        {
+            this.parameters.Add($"--{switchName}");
+            return this;
+        }
+
+        /// <summary>
+        /// Appends a sub-command to the command.
+        /// </summary>
+        /// <param name="subCommand">The sub-command to append.</param>
+        /// <returns>The current instance of <see cref="WinGetCLICommandBuilder"/>.</returns>
+        public WinGetCLICommandBuilder AppendSubCommand(string subCommand)
+        {
+            this.commands.Add(subCommand);
+            return this;
+        }
+
+        /// <summary>
+        /// Appends an option with its value to the command.
+        /// </summary>
+        /// <param name="option">The name of the option to append.</param>
+        /// <param name="value">The value of the option to append.</param>
+        /// <returns>The current instance of <see cref="WinGetCLICommandBuilder"/>.</returns>
+        public WinGetCLICommandBuilder AppendOption(string option, string? value)
+        {
+            if (value == null)
+            {
+                return this;
+            }
+
+            this.parameters.Add($"--{option} {this.Escape(value)}");
+            return this;
+        }
+
+        /// <summary>
+        /// Converts the command builder to its string representation.
+        /// </summary>
+        /// <returns>The string representation of the command.</returns>
+        public override string ToString()
+        {
+            var parametersString = this.Parameters;
+            var commandString = this.Command;
+            if (string.IsNullOrEmpty(commandString))
+            {
+                return parametersString;
+            }
+
+            if (string.IsNullOrEmpty(parametersString))
+            {
+                return commandString;
+            }
+
+            return $"{commandString} {parametersString}";
+        }
+
+        /// <summary>
+        /// Escapes a command-line argument according to Windows command-line parsing rules.
+        /// References:
+        /// - https://devblogs.microsoft.com/oldnewthing/20100917-00/?p=12833
+        /// - https://learn.microsoft.com/en-us/cpp/c-language/parsing-c-command-line-arguments.
+        /// </summary>
+        /// <param name="arg">The argument to escape.</param>
+        /// <returns>The escaped argument.</returns>
+        private string Escape(string arg)
+        {
+            if (string.IsNullOrEmpty(arg))
+            {
+                return "\"\"";
+            }
+
+            var sb = new StringBuilder(arg.Length + 2);
+            sb.Append('"');
+
+            int bs = 0;
+            foreach (char c in arg)
+            {
+                if (c == '\\')
+                {
+                    bs++;
+                }
+                else if (c == '"')
+                {
+                    sb.Append('\\', (bs * 2) + 1);
+                    sb.Append('"');
+                    bs = 0;
+                }
+                else
+                {
+                    sb.Append('\\', bs);
+                    sb.Append(c);
+                    bs = 0;
+                }
+            }
+
+            if (bs > 0)
+            {
+                sb.Append('\\', bs * 2);
+            }
+
+            sb.Append('"');
+            return sb.ToString();
+        }
+    }
+}

src/PowerShell/Microsoft.WinGet.Client.Engine/Helpers/WinGetVersion.cs

@@ -79,7 +79,7 @@ public WinGetVersion(string version)
         public static WinGetCLICommandResult RunWinGetVersionFromCLI(PowerShellCmdlet pwshCmdlet, bool fullPath = true)
         {
             var wingetCliWrapper = new WingetCLIWrapper(fullPath);
-            return wingetCliWrapper.RunCommand(pwshCmdlet, "--version");
+            return wingetCliWrapper.RunCommand(pwshCmdlet, new WinGetCLICommandBuilder().AppendSwitch("--version"));
         }
 
         /// <summary>

src/PowerShell/Microsoft.WinGet.Client.Engine/Helpers/WingetCLIWrapper.cs

@@ -67,18 +67,12 @@ public static string WinGetFullPath
         /// Runs winget command with parameters.
         /// </summary>
         /// <param name="pwshCmdlet">PowerShell cmdlet.</param>
-        /// <param name="command">Command.</param>
-        /// <param name="parameters">Parameters.</param>
+        /// <param name="builder">The command builder.</param>
         /// <param name="timeOut">Time out.</param>
         /// <returns>WinGetCommandResult.</returns>
-        public WinGetCLICommandResult RunCommand(PowerShellCmdlet pwshCmdlet, string command, string? parameters = null, int timeOut = 60000)
+        internal WinGetCLICommandResult RunCommand(PowerShellCmdlet pwshCmdlet, WinGetCLICommandBuilder builder, int timeOut = 60000)
         {
-            string args = command;
-            if (!string.IsNullOrEmpty(parameters))
-            {
-                args += ' ' + parameters;
-            }
-
+            var args = builder.ToString();
             pwshCmdlet.Write(StreamType.Verbose, $"Running {this.wingetPath} with {args}");
 
             Process p = new ()
@@ -96,14 +90,14 @@ public WinGetCLICommandResult RunCommand(PowerShellCmdlet pwshCmdlet, string com
             if (p.WaitForExit(timeOut))
             {
                 return new WinGetCLICommandResult(
-                    command,
-                    parameters,
+                    builder.Command,
+                    builder.Parameters,
                     p.ExitCode,
                     p.StandardOutput.ReadToEnd(),
                     p.StandardError.ReadToEnd());
             }
 
-            throw new WinGetCLITimeoutException(command, parameters);
+            throw new WinGetCLITimeoutException(builder.Command, builder.Parameters);
         }
     }
 }