-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[--env-file] Space between = and " will cause the value to be parsed as an unquoted string #53461
Comments
Thanks for the bug report! Feel free to submit a PR with your requested changes, and someone will review it. |
Sorry, I'm not interested in contributing C++ code to NodeJS at the moment. I just noticed a lot of quirks with... well basically almost all dotenv parsers out there and am currently comparing them for fun. There are many more quirks in NodeJS's dotenv parser, but the others are for a bit more unusual situations. Having a space before the quote isn't that unusual though, I think. The other quirks that I'm just now writing down (copied form that document) are (in case you're interested): This dialect supports strings quoited in double quotes ( If the second quote is missing only the current line is used as the value for Quotes start with Keys may contain anything except spaces ( FOO#=1
BAR
=2 Is equivalent with this JSON: { "FOO#": "1", "BAR\n": "2" } Lines with syntax errors (i.e. no Leading |
No problem! The parser specification hasn't been done yet, but it's being discussed at #49148. @IlyasShabi i know you worked on writing a specification, any insight? (Thanks!) |
Dotenv skips the white space var dotenv = require("dotenv")
console.log(dotenv.parse("a= 'b'"))
// {a: "b"} For the other case: var dotenv = require("dotenv")
console.log(dotenv.parse(`
FOO#=1
BAR
=2
`))
// {BAR: "2"} |
IIUC, this is your list of quirks:
|
Nice bug report. I'll fix it. |
While this implementation is not behaving quite like the npm dotenv package I'm not sure if emulating that behavior 100% is even a good idea. That package parses this: FOO
=BAR As: { "FOO": "BAR" } Is that a good idea? Just for fun I'm looking at different dotenv implementations, write down how they work and try to implement a compatible parser in Rust (except for deliberate differences where e.g. I won't import a Unicode database to resolve named Unicode escape sequences (Python dotenv-cli), don't emulate obvious mangled encoding handling (Python dotenv-cli), and don't implement what I consider arbitrary code execution vulnerabilities (Ruby dotenv)). Here is what I have written down so far, in case you are interested in maybe comparing the sections about NodeJS and JavaScript dotenv: https://github.com/panzi/punktum#nodejs-dialect Looking at all the dotenv implementations I don't know what I'd expect anymore, except that white space around keys and values isn't significant. |
I am not claiming that it's a good idea, but as far as I can tell, it is what's been happening thus far. And deviating from that convention ad-hoc, without a proper specification, IMO doesn't seem like a good idea either. |
Just for fun I wrote my own implementation of the JavaScript dotenv parser in C++, trying to be 100% compatible. I haven't found an edge case where it produces the any different output to the original. I've licensed it under MIT, if you want you can just copy-paste it into NodeJS. If you prefer any other open source license I can do that, too. See: https://github.com/panzi/cpp-dotenv I'm not a C++ pro, so things might not be 100% ideal. Also I write the environment into an DOS line ending support needs testing. And might be possible to somehow implement without always allocating a new string. |
I found yet another edge case where my (and the NodeJS) implementation behaved differently than the JavaScript implementation and fixed it in my code. Would you like to use that code in NodeJS? I didn't submit it as a pull request because I assume building a huge project like NodeJS might be a hassle and that's just some fun thing I did in my spare time. Maybe I'll do that anyway at some point, but only if there is interest in this. |
I would like to work on it if it is still up for grabs |
IIRC @anonrig said he'd work on it, so you'd have to ask him. |
If you don't just use my code you can still look at the source comments about correctly emulating the behavior of the regular expression of the original (without using regular expressions in C++). |
Fix to ignore spaces between '=' and quoted string in env file to avoid quotes in env values Fixes: nodejs#53461 Signed-off-by: Mohit Malhotra <dev.mohitmalhotra@gmail.com>
Fixed by #53786 |
Fix to ignore spaces between '=' and quoted string in env file Fixes: nodejs#53461 Signed-off-by: Mohit Malhotra <dev.mohitmalhotra@gmail.com>
Fix to ignore spaces between '=' and quoted string in env file Fixes: nodejs#53461 Signed-off-by: Mohit Malhotra <dev.mohitmalhotra@gmail.com> PR-URL: nodejs#53786 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Meaning if you have this in your
.env
file:This command:
node --env-file=.env -e 'console.log({ FOO: process.env.FOO })'
Will print this:
I.e. the variable value includes the quotes. (The spaces aren't included in the value, though.) I think this is unexpected.
If this is not intentional there needs to be white space skipping before this line:
node/src/node_dotenv.cc
Line 153 in 9495a2b
The text was updated successfully, but these errors were encountered: