This PR prevents invoking toString() on util.Properties instances from including potentially secret values, see https://github.com/xp-framework/core/issues/312#issuecomment-1217969070. Also, the class now implements lang.Value so its toString() method will be correctly called from e.g. util.Objects::stringOf().
Before
# Create properties containing an expanded value
$ cat > test.ini
[global]
db.pass={$env.DB_PASS}
# Export the environment variable
$ export DB_PASS=secret!
# Unfortunately, our secret is shown!
$ xp -w '$p= new \util\Properties("test.ini"); $p->reset(); return $p->toString()'
util.Properties(test.ini)@{[global => [db.pass => "secret!"]]}
After
$ xp -w '$p= new \util\Properties("test.ini"); $p->reset(); return $p->toString()'
util.Properties(test.ini)@{[global => [db.pass => "${env.DB_PASS}"]]}
thekid
commented
2 years ago
This PR prevents invoking toString() on
util.Propertiesinstances from including potentially secret values, see https://github.com/xp-framework/core/issues/312#issuecomment-1217969070. Also, the class now implementslang.Valueso itstoString()method will be correctly called from e.g.util.Objects::stringOf().Before
After