coder
diff --git a/‎src/main/kotlin/com/coder/gateway/sdk/CoderCLIManager.kt
Lines changed: 5 additions & 0 deletions b/‎src/main/kotlin/com/coder/gateway/sdk/CoderCLIManager.kt
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/test/groovy/CoderCLIManagerTest.groovy
Lines changed: 16 additions & 0 deletions b/‎src/test/groovy/CoderCLIManagerTest.groovy
Lines changed: 16 additions & 0 deletions
@@ -201,8 +201,13 @@ class CoderCLIManager @JvmOverloads constructor(
      * Escape a command argument by wrapping it in double quotes and escaping
      * any slashes and double quotes in the argument.  For example, echo "te\st"
      *  becomes "echo \"te\\st\"".
+     *
+     * Throws if the argument is invalid.
      */
     private fun escape(s: String): String {
+        if (s.contains("\n")) {
+            throw Exception("argument cannot contain newlines")
+        }
         return "\"" + s.replace(escapeRegex, """\\$1""") + "\""
     }
 
 
@@ -453,6 +453,22 @@ class CoderCLIManagerTest extends Specification {
         ]
     }
 
+    def "fails if header command is malformed"() {
+        given:
+        def ccm = new CoderCLIManager(new URL("https://test.coder.invalid"), tmpdir)
+
+        when:
+        ccm.configSsh(["foo", "bar"].collect { DataGen.workspace(it) }, headerCommand)
+
+        then:
+        thrown(Exception)
+
+        where:
+        headerCommand << [
+            "new\nline",
+        ]
+    }
+
     @IgnoreIf({ os.windows })
     def "parses version"() {
         given: