search

joke2k / django-environ

Django-environ allows you to utilize 12factor inspired environment variables to configure your Django application.
https://django-environ.rtfd.org
MIT License
3.01k stars 318 forks source link

v0.11.1: $-symbol issue #490

Closed sergeyklay closed 1 year ago

sergeyklay commented 1 year ago

Hi, I appreciate you getting the patch out so quickly! Unfortunately, I'm still having trouble with v0.11.1.

If there's a $ symbol followed by one or more letters (uppercase or lowercase), it still raises an exception. For example, you could reproduce it using the following as a secret key: 

SECRET_KEY=ABCDEFG_1234567890_N0T@R3ALV@L$S3CR3TK3Y@HELLOWORLD

Which raises the exception:

...
django.core.exceptions.ImproperlyConfigured: Set the S3CR3TK3Y environment variable

And as @JaredBrown138 had mentioned, reverting to v0.10.0 does fix the issue.

Originally posted by @mfisco in https://github.com/joke2k/django-environ/issues/485#issuecomment-1699978864

sergeyklay commented 1 year ago

I can reproduce this:


# t.py

import environ
import os

env = environ.Env(
   FOO=(str, 'bar'),
)

BASE_DIR = os.path.dirname(os.path.abspath(__file__))
environ.Env.read_env(os.path.join(BASE_DIR, 't.env'))

print(f"FOO=\"{env('FOO')}\"")
print(f"SECRET_KEY=\"{env('SECRET_KEY')}\"")
# t.env

SECRET_KEY=ABCDEFG_1234567890_N0T@R3ALV@L$S3CR3TK3Y@HELLOWORLD
FOO="bar"
Traceback (most recent call last):
  File "/Users/serghei/work/django-environ/environ/environ.py", line 419, in _get_value
    value = self.ENVIRON[var_name]
            ~~~~~~~~~~~~^^^^^^^^^^
  File "<frozen os>", line 679, in __getitem__
KeyError: 'S3CR3TK3Y'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/serghei/work/django-environ/t.py", line 18, in <module>
    print(f"SECRET_KEY=\"{env('SECRET_KEY')}\"")
                          ^^^^^^^^^^^^^^^^^
  File "/Users/serghei/work/django-environ/environ/environ.py", line 208, in __call__
    return self.get_value(
           ^^^^^^^^^^^^^^^
  File "/Users/serghei/work/django-environ/environ/environ.py", line 385, in get_value
    return self._get_value(
           ^^^^^^^^^^^^^^^^
  File "/Users/serghei/work/django-environ/environ/environ.py", line 437, in _get_value
    value = self.VAR.sub(repl, value)
            ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/serghei/work/django-environ/environ/environ.py", line 430, in repl
    return self.get_value(
           ^^^^^^^^^^^^^^^
  File "/Users/serghei/work/django-environ/environ/environ.py", line 385, in get_value
    return self._get_value(
           ^^^^^^^^^^^^^^^^
  File "/Users/serghei/work/django-environ/environ/environ.py", line 423, in _get_value
    raise ImproperlyConfigured(error_msg) from exc
environ.compat.ImproperlyConfigured: Set the S3CR3TK3Y environment variable
masarliev commented 1 year ago

475 breaks it. Who needs comments in env variables?

leetncamp commented 1 year ago

I also am experiencing an issue with value that contains the $ symbol. In my case I'm working with the key "SECRET_KEY" but the error is: ImproperlyConfigured: Set the s environment variable. Note that the character after $ is an s: 4m$s+u

At a different point in the stack frame, I see this error: Environment variable 'SECRET_KEY' recursively references itself (eventually)

In my settings.py file, I'm loading SECRET_KEY using: SECRET_KEY = env('SECRET_KEY')

The error only happens if your Django setting name and your key name are the same E.g. using SECRET_KEY = env('DJANGO_SECRET_KEY') in settings.py and changing key name in the .env file to DJANGO_SECRET_KEY prevents the error.

shughes-uk commented 1 year ago

This caused issues for us too 😓 . If your staging environment secret key does not have a dollar sign, and your production environment does, it causes extra issues. This feels important enough for most people to support yanking the affected versions?

simonkern commented 1 year ago

I can confirm this issue as well.