Special characters are being escaped from the value of the environment variables

Question

Special characters are being escaped from the value of the environment variables

pranshuchittora opened this issue 3 years ago · comments

Description/Context

We are using dotenv with fastlane for automation app builds, during which we found out that the values of the env variables from .env were bad/incorrect.

Initially, we thought that there's some issue with fastlane, after doing a small POC with dotenv only we were able to reproduce the issue.

Steps to reproduce

Project Structure

├── Gemfile
├── Gemfile.lock
└── demo.rb

Gemfile.lock

GEM
  remote: https://rubygems.org/
  specs:
    dotenv (2.7.6)

PLATFORMS
  x86_64-darwin-20

DEPENDENCIES
  dotenv

BUNDLED WITH
   2.2.22

.env

MY_KEY=ABCD$FFFF;1234#EEEE

demo.rb

require 'dotenv'

Dotenv.load

print("#{ENV['MY_KEY']}\n")
print("#{ENV['MY_KEY'].length}\n")

Run demo.rb

Expected behavior

Expected output is

ABCD$FFFF;1234#EEEE
19

Actual behavior

Output is incorrect and it is escaping not only special character but also few succeeding characters as well.

ABCD;1234
9

After wrapping the value of with " " (Double Quotes). Getting a different output with few character missing

ABCD;1234#EEEE
14

When the value is wrapper inside ' ' (Single Quotes). It is outputting the correct value

ABCD$FFFF;1234#EEEE
19

System configuration

dotenv version: 2.7.6

Rails version: N/A

Ruby version: ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-darwin20]

Brandon Keepers · Answer 1 · Sat Nov 27 2021 00:12:49 GMT+0800 (China Standard Time)

The $ is being interpreted as a variable, which is expected behavior. The different behavior between no quotes and double quotes looks like a bug to me though.

See variable substitution in the README:

If a value contains a $ and it is not intended to be a variable, wrap it in single quotes.

Brandon Keepers · Answer 2 · Sun Nov 28 2021 00:29:29 GMT+0800 (China Standard Time)

The different behavior between no quotes and double quotes looks like a bug to me though.

I just looked closer into this and realize what's going on…For the unquoted value, # is the start of a comment, which explains why #EEEE is disappearing.

So the behavior you are seeing is expected and consistent with shell. Use single quotes around the value and you should be good to go.

Michoel Samuels · Answer 3 · Thu Oct 19 2023 21:48:45 GMT+0800 (China Standard Time)

This just burned me for like 4 hours.
Is there any way to opt out of variable substitution or warn when it's being used for the first time?