Fix handling of variables, inputs, platforms, and options with spaces (#143)

* Properly handle variables, inputs, platforms, and options with spaces

Signed-off-by: Sanjula Ganepola <sanjulagane@gmail.com>

* Fix double quotes

Signed-off-by: Sanjula Ganepola <sanjulagane@gmail.com>

* Escape double quotes in act args

Signed-off-by: Sanjula Ganepola <sanjulagane@gmail.com>

* Potential fix for code scanning alert no. 1: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Rename func and update comment

Signed-off-by: Sanjula Ganepola <sanjulagane@gmail.com>

---------

Signed-off-by: Sanjula Ganepola <sanjulagane@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

src/act.ts

@@ -11,6 +11,7 @@ import { HistoryManager, HistoryStatus } from './historyManager';
 import { SecretManager } from "./secretManager";
 import { SettingsManager } from './settingsManager';
 import { StorageKey, StorageManager } from './storageManager';
+import { Utils } from "./utils";
 import { Job, Workflow, WorkflowsManager } from "./workflowsManager";
 
 export enum Event {
@@ -629,13 +630,13 @@ export class Act {
         const userOptions: string[] = [
             ...settings.secrets.map(secret => `${Option.Secret} ${secret.key}`),
             (settings.secretFiles.length > 0 ? `${Option.SecretFile} "${settings.secretFiles[0].path}"` : `${Option.SecretFile} ""`),
-            ...settings.variables.map(variable => `${Option.Var} ${variable.key}=${variable.value}`),
+            ...settings.variables.map(variable => `${Option.Var} ${variable.key}="${Utils.escapeSpecialCharacters(variable.value)}"`),
             (settings.variableFiles.length > 0 ? `${Option.VarFile} "${settings.variableFiles[0].path}"` : `${Option.VarFile} ""`),
-            ...settings.inputs.map(input => `${Option.Input} ${input.key}=${input.value}`),
+            ...settings.inputs.map(input => `${Option.Input} ${input.key}="${Utils.escapeSpecialCharacters(input.value)}"`),
             (settings.inputFiles.length > 0 ? `${Option.InputFile} "${settings.inputFiles[0].path}"` : `${Option.InputFile} ""`),
-            ...settings.runners.map(runner => `${Option.Platform} ${runner.key}=${runner.value}`),
+            ...settings.runners.map(runner => `${Option.Platform} ${runner.key}="${Utils.escapeSpecialCharacters(runner.value)}"`),
             (settings.payloadFiles.length > 0 ? `${Option.EventPath} "${settings.payloadFiles[0].path}"` : `${Option.EventPath} ""`),
-            ...settings.options.map(option => option.path ? `--${option.name}${option.default && ['true', 'false'].includes(option.default) ? "=" : " "}${option.path}` : `--${option.name}`)
+            ...settings.options.map(option => option.path ? `--${option.name}${option.default && ['true', 'false'].includes(option.default) ? "=" : " "}"${Utils.escapeSpecialCharacters(option.path)}"` : `--${option.name}`)
         ];
 
         const command = `${actCommand} ${Option.Json} ${Option.Verbose} ${commandArgs.options.join(' ')} ${userOptions.join(' ')}`;

src/utils.ts

@@ -56,4 +56,11 @@ export namespace Utils {
             }
         }
     }
+
+    /**
+     * Escape all backslashes and double quotes. 
+     */
+    export function escapeSpecialCharacters(input: string): string {
+        return input.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+    }
 }