Added shell_escape to shell escape dependencies

blarghmatey · blarghmatey · commit d6be9cdf7cd2 · 2015-11-19T16:15:40.000-05:00
diff --git a/pre_commit/languages/node.py b/pre_commit/languages/node.py
@@ -5,6 +5,7 @@
 
 from pre_commit.languages import helpers
 from pre_commit.util import clean_path_on_failure
+from pre_commit.util import shell_escape
 
 
 ENVIRONMENT_DIR = 'node_env'
@@ -44,8 +45,11 @@ def install_environment(repo_cmd_runner,
         with in_env(repo_cmd_runner, version) as node_env:
             node_env.run("cd '{prefix}' && npm install -g")
             if additional_dependencies:
-                node_env.run("cd '{prefix}' && npm install -g " +
-                             ' '.join(additional_dependencies))
+                node_env.run("cd '{prefix}' && npm install -g {deps}".format(
+                    ' '.join(
+                        [shell_escape(dep) for dep in additional_dependencies]
+                    )
+                ))
 
 
 def run_hook(repo_cmd_runner, hook, file_args):
diff --git a/pre_commit/languages/python.py b/pre_commit/languages/python.py
@@ -9,6 +9,7 @@
 
 from pre_commit.languages import helpers
 from pre_commit.util import clean_path_on_failure
+from pre_commit.util import shell_escape
 
 
 ENVIRONMENT_DIR = 'py_env'
@@ -60,8 +61,11 @@ def install_environment(repo_cmd_runner,
         with in_env(repo_cmd_runner, version) as env:
             env.run("cd '{prefix}' && pip install .")
             if additional_dependencies:
-                env.run("cd '{prefix}' && pip install " +
-                        (' ').join(additional_dependencies))
+                env.run("cd '{prefix}' && pip install  {deps}".format(
+                    ' '.join(
+                        shell_escape(dep) for dep in additional_dependencies
+                    )
+                ))
 
 
 def run_hook(repo_cmd_runner, hook, file_args):
diff --git a/pre_commit/languages/ruby.py b/pre_commit/languages/ruby.py
@@ -8,6 +8,7 @@
 from pre_commit.util import CalledProcessError
 from pre_commit.util import clean_path_on_failure
 from pre_commit.util import resource_filename
+from pre_commit.util import shell_escape
 from pre_commit.util import tarfile_open
 
 
@@ -95,9 +96,12 @@ def install_environment(repo_cmd_runner,
             )
             if additional_dependencies:
                 ruby_env.run(
-                    'cd {prefix} && gem install --no-document ' +
-                    ' '.join(additional_dependencies)
-                )
+                    'cd {prefix} && gem install --no-document  {deps}'.format(
+                        ' '.join(
+                            shell_escape(dep) for dep in
+                            additional_dependencies
+                        )
+                    ))
 
 
 def run_hook(repo_cmd_runner, hook, file_args):
