Fix interaction between environment variable interpolation in constants and shell escaping (#860).

This commit is contained in:
Dan Helfman 2024-04-30 09:36:26 -07:00
parent 92ed7573d4
commit 38bc4fbfe2
4 changed files with 24 additions and 7 deletions

3
NEWS
View file

@ -1,3 +1,6 @@
1.8.12.dev0
* #860: Fix interaction between environment variable interpolation in constants and shell escaping.
1.8.11 1.8.11
* #815: Add optional Healthchecks auto-provisioning via "create_slug" option. * #815: Add optional Healthchecks auto-provisioning via "create_slug" option.
* #851: Fix lack of file extraction when using "extract --strip-components all" on a path with a * #851: Fix lack of file extraction when using "extract --strip-components all" on a path with a

View file

@ -50,12 +50,15 @@ def apply_constants(value, constants, shell_escape=False):
value[index] = apply_constants(list_value, constants, shell_escape) value[index] = apply_constants(list_value, constants, shell_escape)
elif isinstance(value, dict): elif isinstance(value, dict):
for option_name, option_value in value.items(): for option_name, option_value in value.items():
shell_escape = ( value[option_name] = apply_constants(
shell_escape option_value,
or option_name.startswith('before_') constants,
or option_name.startswith('after_') shell_escape=(
or option_name == 'on_error' shell_escape
or option_name.startswith('before_')
or option_name.startswith('after_')
or option_name == 'on_error'
),
) )
value[option_name] = apply_constants(option_value, constants, shell_escape)
return value return value

View file

@ -1,6 +1,6 @@
from setuptools import find_packages, setup from setuptools import find_packages, setup
VERSION = '1.8.11' VERSION = '1.8.12.dev0'
setup( setup(

View file

@ -50,6 +50,16 @@ def test_apply_constants_with_empty_constants_passes_through_value():
({'before_backup': '{inject}'}, {'before_backup': "'echo hi; naughty-command'"}), ({'before_backup': '{inject}'}, {'before_backup': "'echo hi; naughty-command'"}),
({'after_backup': '{inject}'}, {'after_backup': "'echo hi; naughty-command'"}), ({'after_backup': '{inject}'}, {'after_backup': "'echo hi; naughty-command'"}),
({'on_error': '{inject}'}, {'on_error': "'echo hi; naughty-command'"}), ({'on_error': '{inject}'}, {'on_error': "'echo hi; naughty-command'"}),
(
{
'before_backup': '{env_pass}',
'postgresql_databases': [{'name': 'users', 'password': '{env_pass}'}],
},
{
'before_backup': "'${PASS}'",
'postgresql_databases': [{'name': 'users', 'password': '${PASS}'}],
},
),
(3, 3), (3, 3),
(True, True), (True, True),
(False, False), (False, False),
@ -63,6 +73,7 @@ def test_apply_constants_makes_string_substitutions(value, expected_value):
'int': 3, 'int': 3,
'bool': True, 'bool': True,
'inject': 'echo hi; naughty-command', 'inject': 'echo hi; naughty-command',
'env_pass': '${PASS}',
} }
assert module.apply_constants(value, constants) == expected_value assert module.apply_constants(value, constants) == expected_value