From d6be9cdf7cd2e8e74ea2252df325f8ca623caa15 Mon Sep 17 00:00:00 2001
From: Tobias Macey <tmacey@boundlessnotions.com>
Date: Thu, 19 Nov 2015 16:04:51 -0500
Subject: [PATCH] Added shell_escape to shell escape dependencies

---
 pre_commit/languages/node.py   |  8 ++++++--
 pre_commit/languages/python.py |  8 ++++++--
 pre_commit/languages/ruby.py   | 10 +++++++---
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/pre_commit/languages/node.py b/pre_commit/languages/node.py
index 962ab2e6..129a1515 100644
--- a/pre_commit/languages/node.py
+++ b/pre_commit/languages/node.py
@@ -5,6 +5,7 @@ import sys
 
 from pre_commit.languages import helpers
 from pre_commit.util import clean_path_on_failure
+from pre_commit.util import shell_escape
 
 
 ENVIRONMENT_DIR = 'node_env'
@@ -44,8 +45,11 @@ def install_environment(repo_cmd_runner,
         with in_env(repo_cmd_runner, version) as node_env:
             node_env.run("cd '{prefix}' && npm install -g")
             if additional_dependencies:
-                node_env.run("cd '{prefix}' && npm install -g " +
-                             ' '.join(additional_dependencies))
+                node_env.run("cd '{prefix}' && npm install -g {deps}".format(
+                    ' '.join(
+                        [shell_escape(dep) for dep in additional_dependencies]
+                    )
+                ))
 
 
 def run_hook(repo_cmd_runner, hook, file_args):
diff --git a/pre_commit/languages/python.py b/pre_commit/languages/python.py
index 6da5e357..1acdcead 100644
--- a/pre_commit/languages/python.py
+++ b/pre_commit/languages/python.py
@@ -9,6 +9,7 @@ import virtualenv
 
 from pre_commit.languages import helpers
 from pre_commit.util import clean_path_on_failure
+from pre_commit.util import shell_escape
 
 
 ENVIRONMENT_DIR = 'py_env'
@@ -60,8 +61,11 @@ def install_environment(repo_cmd_runner,
         with in_env(repo_cmd_runner, version) as env:
             env.run("cd '{prefix}' && pip install .")
             if additional_dependencies:
-                env.run("cd '{prefix}' && pip install " +
-                        (' ').join(additional_dependencies))
+                env.run("cd '{prefix}' && pip install  {deps}".format(
+                    ' '.join(
+                        shell_escape(dep) for dep in additional_dependencies
+                    )
+                ))
 
 
 def run_hook(repo_cmd_runner, hook, file_args):
diff --git a/pre_commit/languages/ruby.py b/pre_commit/languages/ruby.py
index 8602daac..b80d8194 100644
--- a/pre_commit/languages/ruby.py
+++ b/pre_commit/languages/ruby.py
@@ -8,6 +8,7 @@ from pre_commit.languages import helpers
 from pre_commit.util import CalledProcessError
 from pre_commit.util import clean_path_on_failure
 from pre_commit.util import resource_filename
+from pre_commit.util import shell_escape
 from pre_commit.util import tarfile_open
 
 
@@ -95,9 +96,12 @@ def install_environment(repo_cmd_runner,
             )
             if additional_dependencies:
                 ruby_env.run(
-                    'cd {prefix} && gem install --no-document ' +
-                    ' '.join(additional_dependencies)
-                )
+                    'cd {prefix} && gem install --no-document  {deps}'.format(
+                        ' '.join(
+                            shell_escape(dep) for dep in
+                            additional_dependencies
+                        )
+                    ))
 
 
 def run_hook(repo_cmd_runner, hook, file_args):