`as <user>` and `within <dir>` fail when user, dir, or command contain reserved characters

[mattbrictson]

The as and within DSL do not fully escape their arguments before executing remote commands.

Furthermore, the as DSL is implemented using sh -c, which only works if the command be passed to -c is properly escaped. Even if the username does not special characters, if the command itself contain special characters, the sh -c will fail in spectacular fashion.

Here are some examples, as provided by @grosser in #453 (comment)

within can't handle spaces in the path

require 'sshkit'

include SSHKit::DSL

on 'server' do
  within 'space here' do
    puts capture "pwd"
  end
end

pwd stderr: bash: line 0: cd: space: No such file or directory

as cannot handle spaces in the username

on 'bastion1.use1.zdsystest.com' do
  as 'space here' do
    puts capture "echo 1"
  end
end

if ! sudo -u space here whoami > /dev/null; then echo "You cannot switch to user 'space here' using sudo, please check the sudoers file" 1>&2; false; fi stderr: sudo: unknown user: space

as cannot handle reserved characters (e.g. ') in the command

on 'bastion1.use1.zdsystest.com' do
  as 'nobody' do
    puts capture :echo, "'"
  end
end

echo stderr: bash: -c: line 0: unexpected EOF while looking for matching `''

The same problems are present for as(group:...).

[mattbrictson]

Fixed by #453