search

microsoft / vscode-docker

Docker Extension for Visual Studio Code
https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker
Other
1.19k stars 508 forks source link

docker-run does not escape characters correctly in generated command for win cmd.exe #4153

Closed JanKowalik closed 7 months ago

JanKowalik commented 8 months ago

This might be an edge case but I will report it here anyway. I want to pass a JSON string to a dockerized app via an env variable defined in VSCode task. It works for normal text, but whenever it contains some token or password like value with characters considered special by win cmd.exe, then it crashes. Below is how I execute it with VSCode config files. This will crash regardless of the app code.

launch.json

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Run app in docker",
            "type": "docker",
            "request": "launch",
            "preLaunchTask": "docker-run: debug",
            "python": {
                "pathMappings": [
                    {
                        "localRoot": "${workspaceFolder}",
                        "remoteRoot": "/app"
                    }
                ],
                "projectType": "flask"
            }
        }
    ]
}

tasks.json

{
    "version": "2.0.0",
    "tasks": [
        {
            "type": "docker-build",
            "label": "docker-build",
            "platform": "python",
            "dockerBuild": {
                "tag": "myapp:latest",
                "dockerfile": "${workspaceFolder}/Dockerfile",
                "context": "${workspaceFolder}",
                "pull": true
            }
        },
        {
            "type": "docker-run",
            "label": "docker-run: debug",
            "dependsOn": [
                "docker-build"
            ],
            "dockerRun": {
                "env": {
                    "FLASK_APP": "index.py",
                    "FLASK_ENV": "development",
                    "TOKEN": "${input:token}",
                },
                "envFiles": ["${workspaceFolder}/.env"],
                "ports": [
                    {"containerPort": 8050, "hostPort": 8000}
                ]
            },
            "python": {
                "args": [
                    "run",
                    "--no-debugger",
                    "--no-reload",
                    "--host",
                    "0.0.0.0",
                    "--port",
                    "8050"
                ],
                "module": "flask"
            }
        }
    ],
    "inputs": [
        {
            "id": "token",
            "type": "promptString",
            "description": "token"
        }
    ]
}

The following token input will make it crash: {"ABC": "mytoken&pass"}

The error:

> docker container run --detach --tty --name "dash-dev" --publish "8000:8050" --mount "type=bind,source=c:\Users\JanKowalik\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy,destination=/debugpy,readonly" --label "com.microsoft.created-by=visual-studio-code" --env "FLASK_APP=index.py" --env "FLASK_ENV=development" --env "TOKEN={\"ABC\": \"mytoken&pass\"}" --env-file "C:\Users\JanKowalik\development\src\dash/.env" --entrypoint "python3" myapp:latest <

"docker container run" requires at least 1 argument.
See 'docker container run --help'.

Usage:  docker container run [OPTIONS] IMAGE [COMMAND] [ARG...]

Create and run a new container from an image
The system cannot find the path specified.
Process exited with code 1

It runs successfully when the token input does not include & Moreover from my tests it runs successfully when the token is just: mytoken&pass

VSCode version: 1.84.0 Docker extension version: 1.27.0

bwateratmsft commented 8 months ago

I'd recommend encoding it ahead-of-time and decoding it in the application. Probably as base-64, that's usually how tokens are encoded.

Does that work for you?

bwateratmsft commented 8 months ago

It's also worth trying taking out the space, so inputting just {"ABC":"mytoken&pass"} instead of {"ABC": "mytoken&pass"}

JanKowalik commented 8 months ago

Hi, thank you for your responses.

I only need this to work for development environment. When deployed, it executes in Azure and the values are provided via web service configuration (appsettings) it does not have any issue with it there. Therefore I am reluctant to add additional base64 decoding function just to make VSCode dev env happy. I would put it in a .env file and pass it that way but these are sensitive values that I don't want to store on local file system.

I understand that possibly encoding it as base64 is a better solution in the long run, so I might reconsider.

I will try to remove spaces and see if it works then.

Thanks again

bwateratmsft commented 7 months ago

This issue has been closed because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!

JanKowalik commented 7 months ago

I know the ticket has been closed now, but I just got back to it and tested with spaces removed. This doesn't help unfortunately.

Therefore either the bug is fixed in the extension's docker-run task or the content has to be encoded with base 64.

bwateratmsft commented 7 months ago

Ok, I've reopened the issue.

JanKowalik commented 7 months ago

@bwateratmsft Let me know if you need any more details from me. Thank you

dbreshears commented 7 months ago

Agreed, this is definitely an edge case that I don't believe we can prioritize and think the base64 encoding is the best option.