From 8f6e9ea8d0a78fd2b21d9b9408ae6231194e1aec Mon Sep 17 00:00:00 2001
From: Michael Franklin <michael.franklin@petermac.org>
Date: Mon, 13 Jul 2020 12:23:17 +1000
Subject: [PATCH] Sanitise param meta + other values

---
 tests/test_common.py | 17 +++++++++++++++++
 wdlgen/util.py       |  7 ++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 tests/test_common.py

diff --git a/tests/test_common.py b/tests/test_common.py
new file mode 100644
index 0000000..e2556be
--- /dev/null
+++ b/tests/test_common.py
@@ -0,0 +1,17 @@
+import unittest
+
+from wdlgen import ParameterMeta
+
+
+class TestParamMeta(unittest.TestCase):
+    def test_quote_sanitise(self):
+        meta = ParameterMeta(foo='"bar"').get_string()
+        self.assertEqual('foo: "\\"bar\\""', meta)
+
+    def test_nl_sanitise(self):
+        meta = ParameterMeta(foo="bar\nbaz").get_string()
+        self.assertEqual('foo: "bar\\nbaz"', meta)
+
+    def test_backslackquote_sanitise(self):
+        meta = ParameterMeta(foo='bar\\"').get_string()
+        self.assertEqual('foo: "bar\\\\\\""', meta)
diff --git a/wdlgen/util.py b/wdlgen/util.py
index a417261..24ba098 100644
--- a/wdlgen/util.py
+++ b/wdlgen/util.py
@@ -14,7 +14,12 @@ def convert_python_value_to_wdl_literal(val) -> str:
     if isinstance(val, bool):
         return "true" if val else "false"
     if isinstance(val, str):
-        return f'"{val}"'
+        # sanitise string here
+        sanitised = val\
+            .replace("\\", "\\\\")\
+            .replace("\n", "\\n")\
+            .replace('"', '\\"')
+        return f'"{sanitised}"'
 
     return str(val)