Fix interaction between environment variable interpolation in constants and shell escaping (#860).
This commit is contained in:
parent
92ed7573d4
commit
38bc4fbfe2
3
NEWS
3
NEWS
@ -1,3 +1,6 @@
|
||||
1.8.12.dev0
|
||||
* #860: Fix interaction between environment variable interpolation in constants and shell escaping.
|
||||
|
||||
1.8.11
|
||||
* #815: Add optional Healthchecks auto-provisioning via "create_slug" option.
|
||||
* #851: Fix lack of file extraction when using "extract --strip-components all" on a path with a
|
||||
|
@ -50,12 +50,15 @@ def apply_constants(value, constants, shell_escape=False):
|
||||
value[index] = apply_constants(list_value, constants, shell_escape)
|
||||
elif isinstance(value, dict):
|
||||
for option_name, option_value in value.items():
|
||||
shell_escape = (
|
||||
shell_escape
|
||||
or option_name.startswith('before_')
|
||||
or option_name.startswith('after_')
|
||||
or option_name == 'on_error'
|
||||
value[option_name] = apply_constants(
|
||||
option_value,
|
||||
constants,
|
||||
shell_escape=(
|
||||
shell_escape
|
||||
or option_name.startswith('before_')
|
||||
or option_name.startswith('after_')
|
||||
or option_name == 'on_error'
|
||||
),
|
||||
)
|
||||
value[option_name] = apply_constants(option_value, constants, shell_escape)
|
||||
|
||||
return value
|
||||
|
2
setup.py
2
setup.py
@ -1,6 +1,6 @@
|
||||
from setuptools import find_packages, setup
|
||||
|
||||
VERSION = '1.8.11'
|
||||
VERSION = '1.8.12.dev0'
|
||||
|
||||
|
||||
setup(
|
||||
|
@ -50,6 +50,16 @@ def test_apply_constants_with_empty_constants_passes_through_value():
|
||||
({'before_backup': '{inject}'}, {'before_backup': "'echo hi; naughty-command'"}),
|
||||
({'after_backup': '{inject}'}, {'after_backup': "'echo hi; naughty-command'"}),
|
||||
({'on_error': '{inject}'}, {'on_error': "'echo hi; naughty-command'"}),
|
||||
(
|
||||
{
|
||||
'before_backup': '{env_pass}',
|
||||
'postgresql_databases': [{'name': 'users', 'password': '{env_pass}'}],
|
||||
},
|
||||
{
|
||||
'before_backup': "'${PASS}'",
|
||||
'postgresql_databases': [{'name': 'users', 'password': '${PASS}'}],
|
||||
},
|
||||
),
|
||||
(3, 3),
|
||||
(True, True),
|
||||
(False, False),
|
||||
@ -63,6 +73,7 @@ def test_apply_constants_makes_string_substitutions(value, expected_value):
|
||||
'int': 3,
|
||||
'bool': True,
|
||||
'inject': 'echo hi; naughty-command',
|
||||
'env_pass': '${PASS}',
|
||||
}
|
||||
|
||||
assert module.apply_constants(value, constants) == expected_value
|
||||
|
Loading…
Reference in New Issue
Block a user