azure devops - Escape string for use in PowerShell task passed as batch script parameter - Stack Overflow

admin管理员组

文章数量:1406942

I need to escape special characters of a password in a YAML file of an Azure DevOps pipeline. The password is part of the connection string of a (Oracle) database connection. It is thus stored as a secret within the pipeline variables.

The password is used in a PowerShell@2 task which creates an argument string for a Windows Batch script.

I know how to escape the password for use in YAML but it doesn't seem to work in the combination with the arg-list for the Batch script. Obviously I cannot post the password, but here is an example string with all characters that I have figured out as problematic:

aa<a$\a#a$aa!a

For the use in YAML PowerShell@2 tasks I supply the password string as (note the backtick for the 2nd $ sign):

aa<a$\a#a`$aa!a

YAML file snippet of the pipeline:

variables:
  db_pw: $(database_password)

jobs:
- job: Job_1
  displayName: Agent job
  [...]
  - task: PowerShell@2
    displayName: Run Tests and Code Coverage
    inputs:
      targetType: 'inline'
      script: |
        $db_user = 'my_user'
        $db_conn = 'my_host'
        $argstr = @("run $db_user/$(db_pw)@$db_conn", [...])
        $cmdPath = (Get-Command my_script.bat).Source 
        Start-Process -FilePath $cmdPath -ArgumentList $argstr -Wait -NoNewWindow
  [...]

Results in this error:

The filename, directory name, or volume label syntax is incorrect.

Things I have tried:

• Put the string in single quotes
• Put the string in double quotes
• Escape the problematic characters (<, #, !, \) with appropriate escape characters
• Remove/add backticks for the $ sign(s)
• Combinations of all mentioned points

I need to escape special characters of a password in a YAML file of an Azure DevOps pipeline. The password is part of the connection string of a (Oracle) database connection. It is thus stored as a secret within the pipeline variables.

The password is used in a PowerShell@2 task which creates an argument string for a Windows Batch script.

I know how to escape the password for use in YAML but it doesn't seem to work in the combination with the arg-list for the Batch script. Obviously I cannot post the password, but here is an example string with all characters that I have figured out as problematic:

aa<a$\a#a$aa!a

For the use in YAML PowerShell@2 tasks I supply the password string as (note the backtick for the 2nd $ sign):

aa<a$\a#a`$aa!a

YAML file snippet of the pipeline:

variables:
  db_pw: $(database_password)

jobs:
- job: Job_1
  displayName: Agent job
  [...]
  - task: PowerShell@2
    displayName: Run Tests and Code Coverage
    inputs:
      targetType: 'inline'
      script: |
        $db_user = 'my_user'
        $db_conn = 'my_host'
        $argstr = @("run $db_user/$(db_pw)@$db_conn", [...])
        $cmdPath = (Get-Command my_script.bat).Source 
        Start-Process -FilePath $cmdPath -ArgumentList $argstr -Wait -NoNewWindow
  [...]

Results in this error:

The filename, directory name, or volume label syntax is incorrect.

Things I have tried:

• Put the string in single quotes
• Put the string in double quotes
• Escape the problematic characters (<, #, !, \) with appropriate escape characters
• Remove/add backticks for the $ sign(s)
• Combinations of all mentioned points

• powershell
• azure-devops
• azure-pipelines

Share Follow edited Mar 4 at 9:37 jonrsharpe 122k3030 gold badges268268 silver badges476476 bronze badges asked Mar 4 at 9:12 Markus LMarkus L 1,02622 gold badges2222 silver badges4040 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

Using inline scripts in Azure DevOps tasks means you are generating the body of the script to be executed, so everything in it must be properly escaped.

The workaround is not setting the password directly in the script.

Set an environment variables at the task level instead of directly using a pipeline variable:

Example:

jobs:
- job: Job_1
  displayName: Agent job
  [...]
  - task: PowerShell@2
    displayName: Run Tests and Code Coverage
    inputs:
      targetType: 'inline'
      script: |
        # ...
        $argstr = @("run $db_user/${Env:myDbPassword}@$db_conn", [...])
        # ...
    env:
      myDbPassword: $(database_password) # <------------------ Environment variable set here

本文标签： azure devopsEscape string for use in PowerShell task passed as batch script parameterStack Overflow