os.putEnv accepts invalid key #782

juancarlospaco · 2021-07-14T23:11:00Z

os.putEnv accepts keys containing '='. This works, but should not:

import std/os
putEnv "a=b", "BUG"

>>> import os
>>> os.putenv("a=b", "BUG")

ValueError: illegal environment variable name

TODO

check whether other env APIs have a similar bug

May or may not read/write/delete the wrong env vars, can be silently destructive to other env vars.

~~Best practices say that env var key names must be 1 non-empty ASCII string in the range [a-zA-Z0-9_] (DotEnv project docs).~~

The text was updated successfully, but these errors were encountered:

timotheecour · 2021-07-19T21:58:55Z

this issue is only partially correct

the only thing to fix here is to use c_putenv as done in nim-lang#18530, after which putEnv "a=b", "BUG" will correctly raise

getEnv("foo=bar") should not raise (and doesn't raise currently, nor does it raise in python)

Best practices say that env var key names must be 1 non-empty ASCII string in the range [a-zA-Z0-9_] (DotEnv project docs).

std/os shouldn't impose restrictions, the underlying OS call to c_setenv will already fail for invalid input

juancarlospaco · 2021-07-19T22:01:19Z

this issue is only partially correct

Ok, feel free to edit it. 👍

juancarlospaco added bug Something isn't working stdlib cmdline medium priority easy labels Jul 14, 2021

juancarlospaco mentioned this issue Jul 19, 2021

Replace calls to putenv with setenv nim-lang/Nim#18530

Merged

timotheecour changed the title ~~os.putEnv, os.getEnv accepts invalid~~ os.putEnv accepts invalid key Jul 19, 2021

juancarlospaco mentioned this issue Jul 30, 2021

envPairs works in vm, nims nim-lang/Nim#18615

Merged