From 0f6776388c86943f54df8835aa9aea159a543a9d Mon Sep 17 00:00:00 2001
From: Chris Jerdonek <chris.jerdonek@gmail.com>
Date: Mon, 11 Feb 2019 08:45:38 -0800
Subject: [PATCH] Change format_command() to use shlex.quote().

---
 news/6290.feature               |  2 ++
 src/pip/_internal/utils/misc.py | 11 ++---------
 tests/unit/test_utils.py        |  2 +-
 3 files changed, 5 insertions(+), 10 deletions(-)
 create mode 100644 news/6290.feature

diff --git a/news/6290.feature b/news/6290.feature
new file mode 100644
index 000000000..86ba68e02
--- /dev/null
+++ b/news/6290.feature
@@ -0,0 +1,2 @@
+Command arguments in ``subprocess`` log messages are now quoted using
+``shlex.quote()``.
diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
index 3053ca4b2..3140c09c5 100644
--- a/src/pip/_internal/utils/misc.py
+++ b/src/pip/_internal/utils/misc.py
@@ -23,7 +23,7 @@ from pip._vendor import pkg_resources
 #       why we ignore the type on this import.
 from pip._vendor.retrying import retry  # type: ignore
 from pip._vendor.six import PY2
-from pip._vendor.six.moves import input
+from pip._vendor.six.moves import input, shlex_quote
 from pip._vendor.six.moves.urllib import parse as urllib_parse
 from pip._vendor.six.moves.urllib.parse import unquote as urllib_unquote
 
@@ -655,14 +655,7 @@ def format_command_args(args):
     """
     Format command arguments for display.
     """
-    parts = []
-    for arg in args:
-        if ' ' in arg or '\n' in arg or '"' in arg or "'" in arg:
-            arg = '"%s"' % arg.replace('"', '\\"')
-        parts.append(arg)
-    command = ' '.join(parts)
-
-    return command
+    return ' '.join(shlex_quote(arg) for arg in args)
 
 
 def call_subprocess(
diff --git a/tests/unit/test_utils.py b/tests/unit/test_utils.py
index 41b3b0e09..9348dd771 100644
--- a/tests/unit/test_utils.py
+++ b/tests/unit/test_utils.py
@@ -728,7 +728,7 @@ class TestGetProg(object):
 @pytest.mark.parametrize('args, expected', [
     (['pip', 'list'], 'pip list'),
     (['foo', 'space space', 'new\nline', 'double"quote', "single'quote"],
-     'foo "space space" "new\nline" "double\\"quote" "single\'quote"'),
+     """foo 'space space' 'new\nline' 'double"quote' 'single'"'"'quote'"""),
 ])
 def test_format_command_args(args, expected):
     actual = format_command_args(args)