Giters

louislam / dockge

A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager

Home Page:https://dockge.kuma.pet

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

String escape problem

p10tyr opened this issue Β· comments

commented

⚠️ Please verify that this bug has NOT been reported before.

  • I checked and didn't find similar issue

πŸ›‘οΈ Security Policy

Description

I have migrated from one server to another, the old one was portainer and I thought I may as well use dockge because it doesn't hijack all my data

on the old server, I had a WordPress site with a db password that has a $ in the env on portainer

When I created the stack I noticed the $ seems to have highlighted differently so I enclosed it in double quotes

  • save the file and on disk it is quoted
  • docker environment throws error something $thing not recognised so will use blank string
  • check stack file. still quoted
  • reload dockge page quotes are gone

I don't know where the bug is because the stack looks ok.. there definitely is a problem with the GUI stripping out the quotes

the fix for me was to remove the $ from the password. this is not ideal as it is a security issue

πŸ‘Ÿ Reproduction steps

version: "3.8"
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
      - 80:80
    environment:
      WORDPRESS_DB_HOST: mysql-db-1:3306
      WORDPRESS_DB_PASSWORD: "simple$password"

πŸ‘€ Expected behavior

version: "3.8"
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
      - 80:80
    environment:
      WORDPRESS_DB_HOST: mysql-db-1:3306
      WORDPRESS_DB_PASSWORD: "simple$password"

πŸ˜“ Actual Behavior

version: "3.8"
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
      - 80:80
    environment:
      WORDPRESS_DB_HOST: mysql-db-1:3306
      WORDPRESS_DB_PASSWORD: simple$password  << $password treated as variable??

Dockge Version

latest

πŸ’» Operating System and Arch

debian

🌐 Browser

edge

πŸ‹ Docker Version

latest

🟩 NodeJS Version

No response

πŸ“ Relevant log output

No response

commented

I tried Dockge and ran straight into this problem. All quotes seem to get removed when it (re-)loads the docker-compose file into its editor. Sadly, this makes it completely unusable for any of our normal stacks. I wonder if we do something wrong, because I doubt that something basic like this is not implemented correctly?

Edit: I solved my problem by creating the strings using the .env file and use them as variables. This was kind of appropriate because they were "secret" anyway.

I want to add that I think one can also escape them by using $$ instead of the single $