Bug: Escaping of $ (dollar sign) when exporting variables in sh() - Githubissues

riotkit-org / riotkit-do

RKD - RiotKit DO. Task executor - balance between Makefile and Gradle. Written in Python. Powerful tool for every DevOps. Automates production tasks as well as local development tasks

Apache License 2.0

10 stars 2 forks source link

Bug: Escaping of $ (dollar sign) when exporting variables in sh() #47

Closed blackandred closed 4 years ago

blackandred commented 4 years ago

The dollar sign is not properly escaped, so it is evaluated. Best case to reproduce is to try to pass eg. htpasswd generate password to command inside sh() via environment variables - it's impossible.

blackandred commented 4 years ago

Fix added - still need tests coverage for that case.

blackandred commented 4 years ago

Done.

blackandred commented 4 years ago

Fix revereted. Not a bug.

Use case:

        :hello:
            environment:
                FIRST: "First"
                SECOND: "Second"
                THIRD: "Escaped one"
                ALL: ${FIRST} ${SECOND} \${THIRD}
            steps: |
                echo "${ALL}"

First Second ${THIRD}

blackandred commented 4 years ago

Proper fix should be: All variables coming from os.environ should have escaped $