Quotes being stripped from stack file

p10tyr commented 7 months ago

⚠️ Please verify that this bug has NOT been reported before.

[X] I checked and didn't find similar issue

🛡️ Security Policy

[X] I agree to have read this project Security Policy

Description

I have migrated from one server to another, the old one was portainer and I thought I may as well use dockge because it doesn't hijack all my data

on the old server, I had a WordPress site with a db password that has a $ in the env on portainer

When I created the stack I noticed the $ seems to have highlighted differently so I enclosed it in double quotes

save the file and on disk it is quoted
docker environment throws error something $thing not recognised so will use blank string
check stack file. still quoted
reload dockge page quotes are gone

I don't know where the bug is because the stack looks ok.. there definitely is a problem with the GUI stripping out the quotes

the fix for me was to remove the $ from the password. this is not ideal as it is a security issue

👟 Reproduction steps

version: "3.8"
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
      - 80:80
    environment:
      WORDPRESS_DB_HOST: mysql-db-1:3306
      WORDPRESS_DB_PASSWORD: "simple$password"

👀 Expected behavior

version: "3.8"
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
      - 80:80
    environment:
      WORDPRESS_DB_HOST: mysql-db-1:3306
      WORDPRESS_DB_PASSWORD: "simple$password"

😓 Actual Behavior

version: "3.8"
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
      - 80:80
    environment:
      WORDPRESS_DB_HOST: mysql-db-1:3306
      WORDPRESS_DB_PASSWORD: simple$password  << $password treated as variable??

Dockge Version

latest

💻 Operating System and Arch

debian

🌐 Browser

edge

🐋 Docker Version

latest

🟩 NodeJS Version

No response

📝 Relevant log output

No response

oderwat commented 6 months ago

I tried Dockge and ran straight into this problem. All quotes seem to get removed when it (re-)loads the docker-compose file into its editor. Sadly, this makes it completely unusable for any of our normal stacks. I wonder if we do something wrong, because I doubt that something basic like this is not implemented correctly?

Edit: I solved my problem by creating the strings using the .env file and use them as variables. This was kind of appropriate because they were "secret" anyway.

I want to add that I think one can also escape them by using $$ instead of the single $

bverkron commented 4 months ago

I wonder if we do something wrong, because I doubt that something basic like this is not implemented correctly?

You are not doing anything wrong. This is a known issue but it was closed prematurely and not reopened. https://github.com/louislam/dockge/issues/118#issuecomment-2050885636

Edit: I solved my problem by creating the strings using the .env file and use them as variables. This was kind of appropriate because they were "secret" anyway.

The work around is helpful in some cases but impractical in others unfortunately. I think the title of this issue should be updated @p10tyr to reflect that it's an issue with quotes being stripped and not with escaping strings. I have examples like this where quotes get stripped and it's nothing to do with special characters or escaping.

    environment:
      TYPE: "PURPUR"
      EXTRA_ARGS: "--world-dir ./worlds/"

After the GUI reloads the stack it gets turned into the following

    environment:
      TYPE: PURPUR
      EXTRA_ARGS: --world-dir ./worlds/

Doesn't matter if it's single or double quotes. For some cases like this the stacks still work but for other cases it breaks the parsing / intake of the environment variables and causes errors in the stack / containers.

louislam / dockge