[Environment Variables] Functions/Tags inside nested block referring to another Environment Variable do not render variable value

bbbco commented 3 years ago

Describe the bug When using Environment Variables, functions/tags inside a nested block referring to another Environment Variable that is constructed from an environment variable do not use the calculated variable value; instead the literal string is used. This only seems to impact functions, as direct references to these variables seem to still work.

To Reproduce Steps to reproduce the behavior:

Go to Base Environments

Use this environment config:

{
"first_name": "Bobby",
"last_name": "'; DROP TABLES;'",
"full_name": "{{ _.first_name }} {{ _.last_name }}",
"baseEncodedRoot": "{% base64 'encode', 'normal', _.full_name %}",
"sub": {
"baseEncodedSub": "{% base64 'encode', 'normal', _.full_name %}",
"full_name": "{{_.full_name}}"
}
}

Mouse over both _.baseEncodedRoot and _.sub.baseEncodedSub tags and notice that they are both listed as having the same value.
Click Done to exit the Manage Environments
Create a new request
Add two parameters:
- base64EncodedRootName={{ _.baseEncodedRoot }}
- base64EncodedSubName={{ _.sub.baseEncodedSub }}
Click to preview/execute request
Notice the values in the parameters are different
Notice if you decode the base64 values, the root value is the calculated value (i.e., Bobby '; DROP TABLES;'; CORRECT), whereas the sub value is the literal string of the referenced value (i.e., {{ _.first_name }} {{ _.last_name }}; INCORRECT)

Expected behavior Usage of a tag/function that refers to another variable that is constructed from other variables should be the same whether it is on the root or nested in a block.

Screenshots

Desktop (please complete the following information):

OS: [e.g. macOS 10.15.1]
Installation Method: [homebrew, built from source]
App Version: Insomnia 2021.4.1 Release date: 7/6/2021 OS: Darwin x64 19.6.0 Electron: 9.3.5 Node: 12.14.1 V8: 8.3.110.13-electron.0 Architecture: x64 node-libcurl: libcurl/7.73.0 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 libidn2/2.1.1 libssh2/1.9.0 nghttp2/1.42.0

Additional context This was first discovered while using the Default Headers plugin to construct a header. After digging into things, I realized it wasn't an issue with the default headers plugin but has to do with the way the variables are being rendered outside the Manage Environments section.

bbbco commented 3 years ago

Same thing happens if you try to do the function calculation in the root variable and refer to it in the nested object. For example:

{
  "first_name": "Bobby",
  "last_name": "'; DROP TABLES;'",
  "full_name": "{{ _.first_name }} {{ _.last_name }}",
  "baseEncodedRoot": "{% base64 'encode', 'normal', _.full_name %}",
  "sub": {
    "baseEncodedSub": "{{_.baseEncodedRoot}}"
  }
}

_.baseEncodedRoot is calculated correctly. However, _.sub.baseEncodedSub is not (the base64 function uses the literal {{ _.first_name }} {{ _.last_name }})

Also, this is not just relegated to the Base64 function. This can be swapped out for one of the hashing functions with the same results.

bbbco commented 2 years ago

This also seems to only occur on the Base Environment; the variable is rendered correctly when a Sub Environment is selected.

Kong / insomnia

[Environment Variables] Functions/Tags inside nested block referring to another Environment Variable do not render variable value #3919