python · e-q · Jun 2, 2026
diff --git a/run_release.py b/run_release.py
@@ -45,6 +45,11 @@
 DOWNLOADS_SERVER = "downloads.nyc1.psf.io"
 DOCS_SERVER = "docs.nyc1.psf.io"
 
+
+def quote_remote_shell(value: object) -> str:
+    return shlex.quote(str(value))
+
+
 WHATS_NEW_TEMPLATE = """
 *****************************
   What's new in Python {version}
@@ -755,7 +760,7 @@ def upload_files_to_server(db: ReleaseShelf, server: str) -> None:
     ftp_client = MySFTPClient.from_transport(transport)
     assert ftp_client is not None, f"SFTP client to {server} is None"
 
-    client.exec_command(f"rm -rf {destination}")
+    client.exec_command(f"rm -rf {quote_remote_shell(destination)}")
 
     with contextlib.suppress(OSError):
         ftp_client.mkdir(str(destination))
@@ -810,28 +815,29 @@ def execute_command(command: str) -> None:
             raise ReleaseException(channel.recv_stderr(1000))
 
     def copy_and_set_permissions(source_glob: str, destination: str) -> None:
-        execute_command(f"mkdir -p {destination}")
-        execute_command(f"cp {source_glob} {destination}")
+        quoted_destination = quote_remote_shell(destination)
+        execute_command(f"mkdir -p {quoted_destination}")
+        execute_command(f"cp {source_glob} {quoted_destination}")
         # Skip chgrp/chmod if already correct: another RM may have created
         # the directory, and only the owner can change group or permissions.
         execute_command(
-            f"find {destination} -maxdepth 0 ! -group downloads "
+            f"find {quoted_destination} -maxdepth 0 ! -group downloads "
             f"-exec chgrp downloads {{}} +"
         )
         execute_command(
-            f"find {destination} -maxdepth 0 ! -perm 775 -exec chmod 775 {{}} +"
+            f"find {quoted_destination} -maxdepth 0 ! -perm 775 -exec chmod 775 {{}} +"
         )
         execute_command(
-            f"find {destination} -type f ! -perm 664 -exec chmod 664 {{}} +"
+            f"find {quoted_destination} -type f ! -perm 664 -exec chmod 664 {{}} +"
         )
 
-    copy_and_set_permissions(f"{source}/downloads/*", destination)
+    copy_and_set_permissions(f"{quote_remote_shell(source)}/downloads/*", destination)
 
     # Docs
     release_tag = db["release"]
     if release_tag.is_final or release_tag.is_release_candidate:
         copy_and_set_permissions(
-            f"{source}/docs/*",
+            f"{quote_remote_shell(source)}/docs/*",
             f"/srv/www.python.org/ftp/python/doc/{release_tag}",
         )
 
@@ -870,13 +876,20 @@ def execute_command(command: str) -> None:
             raise ReleaseException(channel.recv_stderr(1000))
 
     docs_filename = f"python-{release_tag}-docs-html"
-    execute_command(f"mkdir -p {destination}")
-    execute_command(f"unzip {source}/docs/{docs_filename}.zip -d {destination}")
-    execute_command(f"mv /{destination}/{docs_filename}/* {destination}")
-    execute_command(f"rm -rf /{destination}/{docs_filename}")
-    execute_command(f"chgrp -R docs {destination}")
-    execute_command(f"chmod -R 775 {destination}")
-    execute_command(f"find {destination} -type f -exec chmod 664 {{}} \\;")
+    quoted_destination = quote_remote_shell(destination)
+    execute_command(f"mkdir -p {quoted_destination}")
+    execute_command(
+        f"unzip {quote_remote_shell(f'{source}/docs/{docs_filename}.zip')} "
+        f"-d {quoted_destination}"
+    )
+    execute_command(
+        f"mv {quote_remote_shell(f'/{destination}/{docs_filename}')}/* "
+        f"{quoted_destination}"
+    )
+    execute_command(f"rm -rf {quote_remote_shell(f'/{destination}/{docs_filename}')}")
+    execute_command(f"chgrp -R docs {quoted_destination}")
+    execute_command(f"chmod -R 775 {quoted_destination}")
+    execute_command(f"find {quoted_destination} -type f -exec chmod 664 {{}} \\;")
 
 
 @functools.cache
@@ -1088,12 +1101,19 @@ def run_add_to_python_dot_org(db: ReleaseShelf) -> None:
 
     # Do the interactive flow to get an identity for Sigstore
     issuer = sigstore.oidc.Issuer(sigstore.oidc.DEFAULT_OAUTH_ISSUER_URL)
-    identity_token = issuer.identity_token()
+    identity_token = str(issuer.identity_token())
 
     print("Adding files to python.org...")
-    stdin, stdout, stderr = client.exec_command(
-        f"AUTH_INFO={auth_info} SIGSTORE_IDENTITY_TOKEN={identity_token} python3 add_to_pydotorg.py {db['release']}"
+    command = " ".join(
+        [
+            f"AUTH_INFO={quote_remote_shell(auth_info)}",
+            f"SIGSTORE_IDENTITY_TOKEN={quote_remote_shell(identity_token)}",
+            "python3",
+            "add_to_pydotorg.py",
+            quote_remote_shell(db["release"]),
+        ]
     )
+    stdin, stdout, stderr = client.exec_command(command)
     stderr_text = stderr.read().decode()
     if stderr_text:
         raise paramiko.SSHException(f"Failed to execute the command: {stderr_text}")

diff --git a/tests/test_run_release.py b/tests/test_run_release.py
@@ -248,3 +248,196 @@ def test_update_whatsnew_toctree(tmp_path: Path) -> None:
     # Assert
     new_contents = toctree__file.read_text()
     assert "   3.15.rst\n   3.14.rst\n" in new_contents
+
+
+def test_run_add_to_python_dot_org_quotes_remote_environment(monkeypatch) -> None:
+    commands = []
+
+    class FakeSFTPClient:
+        def put(self, source: str, destination: str) -> None:
+            pass
+
+        def close(self) -> None:
+            pass
+
+    class FakeSSHClient:
+        def load_system_host_keys(self) -> None:
+            pass
+
+        def set_missing_host_key_policy(self, policy) -> None:
+            pass
+
+        def connect(self, *args, **kwargs) -> None:
+            pass
+
+        def get_transport(self):
+            return object()
+
+        def exec_command(self, command: str):
+            commands.append(command)
+            return None, io.BytesIO(b"ok"), io.BytesIO()
+
+    class FakeIssuer:
+        def __init__(self, issuer_url: str) -> None:
+            self.issuer_url = issuer_url
+
+        def identity_token(self) -> str:
+            return "token; touch /tmp/pwned"
+
+    monkeypatch.setattr(run_release.paramiko, "SSHClient", FakeSSHClient)
+    monkeypatch.setattr(
+        run_release.MySFTPClient,
+        "from_transport",
+        staticmethod(lambda transport: FakeSFTPClient()),
+    )
+    monkeypatch.setattr(run_release.sigstore.oidc, "Issuer", FakeIssuer)
+
+    db = {
+        "auth_info": "user:key; echo pwned",
+        "release": Tag("3.15.0a1"),
+        "ssh_key": None,
+        "ssh_user": "release-manager",
+    }
+
+    run_release.run_add_to_python_dot_org(cast(ReleaseShelf, db))
+
+    assert commands == [
+        "AUTH_INFO='user:key; echo pwned' "
+        "SIGSTORE_IDENTITY_TOKEN='token; touch /tmp/pwned' "
+        "python3 add_to_pydotorg.py 3.15.0a1"
+    ]
+
+
+def test_upload_files_to_server_quotes_remote_cleanup_path(
+    monkeypatch, tmp_path: Path
+) -> None:
+    commands = []
+
+    class FakeSFTPClient:
+        def mkdir(self, path: str) -> None:
+            pass
+
+        def put_dir(self, source: Path, target: str, progress) -> None:
+            pass
+
+        def close(self) -> None:
+            pass
+
+    class FakeSSHClient:
+        def load_system_host_keys(self) -> None:
+            pass
+
+        def set_missing_host_key_policy(self, policy) -> None:
+            pass
+
+        def connect(self, *args, **kwargs) -> None:
+            pass
+
+        def get_transport(self):
+            return object()
+
+        def exec_command(self, command: str) -> None:
+            commands.append(command)
+
+    @contextlib.contextmanager
+    def fake_alive_bar(total: int):
+        yield lambda *args, **kwargs: None
+
+    release = Tag("3.15.0a1")
+    artifacts_path = tmp_path / str(release)
+    (artifacts_path / "downloads").mkdir(parents=True)
+
+    monkeypatch.setattr(run_release.paramiko, "SSHClient", FakeSSHClient)
+    monkeypatch.setattr(
+        run_release.MySFTPClient,
+        "from_transport",
+        staticmethod(lambda transport: FakeSFTPClient()),
+    )
+    monkeypatch.setattr(run_release, "alive_bar", fake_alive_bar)
+
+    db = {
+        "git_repo": tmp_path,
+        "release": release,
+        "ssh_key": None,
+        "ssh_user": "release-manager; touch /tmp/pwned #",
+    }
+
+    run_release.upload_files_to_server(
+        cast(ReleaseShelf, db), run_release.DOWNLOADS_SERVER
+    )
+
+    assert commands == [
+        "rm -rf '/home/psf-users/release-manager; touch /tmp/pwned #/3.15.0a1'"
+    ]
+
+
+def test_release_file_placement_quotes_remote_paths(monkeypatch) -> None:
+    commands = []
+
+    class FakeChannel:
+        def exec_command(self, command: str) -> None:
+            commands.append(command)
+
+        def recv_exit_status(self) -> int:
+            return 0
+
+        def recv_stderr(self, size: int) -> bytes:
+            return b""
+
+    class FakeTransport:
+        def open_session(self) -> FakeChannel:
+            return FakeChannel()
+
+    class FakeSSHClient:
+        def load_system_host_keys(self) -> None:
+            pass
+
+        def set_missing_host_key_policy(self, policy) -> None:
+            pass
+
+        def connect(self, *args, **kwargs) -> None:
+            pass
+
+        def get_transport(self) -> FakeTransport:
+            return FakeTransport()
+
+    monkeypatch.setattr(run_release.paramiko, "SSHClient", FakeSSHClient)
+
+    db = {
+        "release": Tag("3.15.0rc1"),
+        "ssh_key": None,
+        "ssh_user": "release-manager; touch /tmp/pwned #",
+    }
+
+    run_release.place_files_in_download_folder(cast(ReleaseShelf, db))
+    run_release.unpack_docs_in_the_docs_server(cast(ReleaseShelf, db))
+
+    assert commands == [
+        "mkdir -p /srv/www.python.org/ftp/python/3.15.0",
+        "cp '/home/psf-users/release-manager; touch /tmp/pwned #/3.15.0rc1'/downloads/* "
+        "/srv/www.python.org/ftp/python/3.15.0",
+        "find /srv/www.python.org/ftp/python/3.15.0 -maxdepth 0 ! -group downloads "
+        "-exec chgrp downloads {} +",
+        "find /srv/www.python.org/ftp/python/3.15.0 -maxdepth 0 ! -perm 775 "
+        "-exec chmod 775 {} +",
+        "find /srv/www.python.org/ftp/python/3.15.0 -type f ! -perm 664 "
+        "-exec chmod 664 {} +",
+        "mkdir -p /srv/www.python.org/ftp/python/doc/3.15.0rc1",
+        "cp '/home/psf-users/release-manager; touch /tmp/pwned #/3.15.0rc1'/docs/* "
+        "/srv/www.python.org/ftp/python/doc/3.15.0rc1",
+        "find /srv/www.python.org/ftp/python/doc/3.15.0rc1 -maxdepth 0 ! -group downloads "
+        "-exec chgrp downloads {} +",
+        "find /srv/www.python.org/ftp/python/doc/3.15.0rc1 -maxdepth 0 ! -perm 775 "
+        "-exec chmod 775 {} +",
+        "find /srv/www.python.org/ftp/python/doc/3.15.0rc1 -type f ! -perm 664 "
+        "-exec chmod 664 {} +",
+        "mkdir -p /srv/docs.python.org/release/3.15.0rc1",
+        "unzip '/home/psf-users/release-manager; touch /tmp/pwned #/3.15.0rc1/docs/"
+        "python-3.15.0rc1-docs-html.zip' -d /srv/docs.python.org/release/3.15.0rc1",
+        "mv //srv/docs.python.org/release/3.15.0rc1/python-3.15.0rc1-docs-html/* "
+        "/srv/docs.python.org/release/3.15.0rc1",
+        "rm -rf //srv/docs.python.org/release/3.15.0rc1/python-3.15.0rc1-docs-html",
+        "chgrp -R docs /srv/docs.python.org/release/3.15.0rc1",
+        "chmod -R 775 /srv/docs.python.org/release/3.15.0rc1",
+        "find /srv/docs.python.org/release/3.15.0rc1 -type f -exec chmod 664 {} \\;",
+    ]