search

firebase / firebase-tools

The Firebase Command Line Tools
MIT License
4.02k stars 933 forks source link

Function secrets with special characters are returned with the escape backslash #4695

Open tooga opened 2 years ago

tooga commented 2 years ago

Related issues

[REQUIRED] Version info

node:14

firebase-functions:3.21.2

firebase-tools:11.1.0

firebase-admin:10.0.2

[REQUIRED] Test case

Follow the steps to reproduce below for a test case

[REQUIRED] Steps to reproduce

1) Create a new Firebase secret: TEST_SECRET with value \\123\\123 firebase functions:secrets:set TEST_SECRET and give it a value \\123\\123

2) Create a new Firebase config variable: TEST_SECRET with value \\123\\123 firebase functions:config:set TEST_SECRET="\\123\\123"

3) Create a function that runs with the secret, and logs both secret value and config value

export const test = functions
    .runWith({ secrets: ['TEST_SECRET'] })
    .region('europe-west1')
    .https.onRequest((req, res) => {
        console.log(process.env.TEST_SECRET); // \\\\123\\\\123
        console.log(functions.config().TEST_SECRET); // \\123\\123
        res.send('OK');
    });

We can notice that the special characters in the secret that is saved to process.env get escaped, and the escaped characters are included as part of the returned string.

4) Access the secret via CLI: firebase functions:secrets:access TEST_SECRET, returned value is \\123\\123 so the secret is stored in correct format in the secret manager

[REQUIRED] Expected behavior

Secret accessed via process.env should act similarly to functions.config() and return the secret value without escaping

[REQUIRED] Actual behavior

Secret value with special characters gets escaped, so a secret that is stored as \\123\\123 is returned as \\\\123\\\\123 from the process.env. In our case, we want to pass the secret as a basic auth password, but the secret is returned incorrectly as \\\\123\\\\123 string.

google-oss-bot commented 2 years ago

I found a few problems with this issue: