Execute command directly without using shell

   use Shellwords.shellwords for splitting origin_cmd instead of .split(' ')

lib/gitlab_shell.rb

 require 'open3'
+require 'shellwords'
 
 require_relative 'gitlab_net'
 
@@ -40,9 +41,9 @@ class GitlabShell
   protected
 
   def parse_cmd
-    args = @origin_cmd.split(' ')
-    @git_cmd = args.shift
-    @repo_name = args.shift
+    args = Shellwords.shellwords(@origin_cmd)
+    @git_cmd = args[0]
+    @repo_name = args[1]
   end
 
   def git_cmds
@@ -51,17 +52,16 @@ class GitlabShell
 
   def process_cmd
     repo_full_path = File.join(repos_path, repo_name)
-    cmd = "#{@git_cmd} #{repo_full_path}"
-    $logger.info "gitlab-shell: executing git command <#{cmd}> for #{log_username}."
-    exec_cmd(cmd)
+    $logger.info "gitlab-shell: executing git command <#{@git_cmd} #{repo_full_path}> for #{log_username}."
+    exec_cmd(@git_cmd,repo_full_path)
   end
 
   def validate_access
     api.allowed?(@git_cmd, @repo_name, @key_id, '_any')
   end
 
-  def exec_cmd args
-    Kernel::exec args
+  def exec_cmd *args
+    Kernel::exec *args
   end
 
   def api

spec/gitlab_shell_spec.rb

@@ -60,7 +60,7 @@ describe GitlabShell do
       end
 
       it "should execute the command" do
-        subject.should_receive(:exec_cmd).with("git-upload-pack #{File.join(repository_path, 'gitlab-ci.git')}")
+        subject.should_receive(:exec_cmd).with("git-upload-pack", File.join(repository_path, 'gitlab-ci.git'))
       end
 
       it "should set the GL_ID environment variable" do
@@ -89,7 +89,7 @@ describe GitlabShell do
       end
 
       it "should execute the command" do
-        subject.should_receive(:exec_cmd).with("git-receive-pack #{File.join(repository_path, 'gitlab-ci.git')}")
+        subject.should_receive(:exec_cmd).with("git-receive-pack", File.join(repository_path, 'gitlab-ci.git'))
       end
 
       it "should log the command execution" do