Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I think I've uncovered a corner-case bug with quotes.
Specifically, if an env var string starts with a quote mark, that leading quote gets stripped.
It's not a common situation, but this came up when tinkering with CSP rules, which provides a reasonable example.
In my Python code, I'm parsing env vars with this setup:
config = ConfigManager( [ ConfigOSEnv(), ConfigEnvFileEnv(".env"), ] ) ... CSP_SCRIPT_SRC = config("CSP_SCRIPT_SRC", default='unimportant for this example', parser=str)
My .env file has the following:
.env
CSP_SCRIPT_SRC="'self' www.googletagmanager.com"
And the parsed value ends up being self' www.googletagmanager.com -- which is invalid as a CSP rule because it needs to be 'self' with quotes
self' www.googletagmanager.com
'self'
However, if I add a space between the opening " and ' in my .env file, the over-stripping doesn't occur:
CSP_SCRIPT_SRC=" 'self' www.googletagmanager.com"
Parsed value: 'self' www.googletagmanager.com
'self' www.googletagmanager.com
The text was updated successfully, but these errors were encountered:
Fix env file parsing related to quotes (#230)
a508d6d
This should support these cases more correctly: ``` KEY="'val'" -> {"KEY": "'val'"} KEY="'val' something else" -> {"KEY": "'val' something else"} ```
f1bca3d
ce39260
I think I've uncovered a corner-case bug with quotes.
Specifically, if an env var string starts with a quote mark, that leading quote gets stripped.
It's not a common situation, but this came up when tinkering with CSP rules, which provides a reasonable example.
In my Python code, I'm parsing env vars with this setup:
My
.env
file has the following:CSP_SCRIPT_SRC="'self' www.googletagmanager.com"
And the parsed value ends up being
self' www.googletagmanager.com
-- which is invalid as a CSP rule because it needs to be'self'
with quotesHowever, if I add a space between the opening " and ' in my
.env
file, the over-stripping doesn't occur:CSP_SCRIPT_SRC=" 'self' www.googletagmanager.com"
Parsed value:
'self' www.googletagmanager.com
The text was updated successfully, but these errors were encountered: