From 2a31e29aa2dc4c7e55e31d4c90278f7f2a05effb Mon Sep 17 00:00:00 2001 From: yyhuni Date: Tue, 30 Dec 2025 17:32:09 +0800 Subject: [PATCH] fix: Add shell quoting for command arguments - Use shlex.quote() to escape special characters in argument values - Fixes: 'unrecognized arguments' error when values contain spaces - Example: target_name='example.com scan' now correctly quoted --- backend/apps/engine/services/task_distributor.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/apps/engine/services/task_distributor.py b/backend/apps/engine/services/task_distributor.py index 09c1b46d..53d8ebae 100644 --- a/backend/apps/engine/services/task_distributor.py +++ b/backend/apps/engine/services/task_distributor.py @@ -242,11 +242,13 @@ class TaskDistributor: Returns: 命令列表(如 ['python', '-m', 'script', '--arg=value']) """ + import shlex + # 日志文件路径(容器内) log_file = f"{self.logs_mount}/container_{script_module.split('.')[-1]}.log" - # 构建参数列表 - args = [f"--{k}={v}" for k, v in script_args.items()] + # 构建参数列表(使用 shlex.quote 转义特殊字符) + args = [f"--{k}={shlex.quote(str(v))}" for k, v in script_args.items()] # 完整命令:日志轮转 + 执行脚本 command = [