- changed status to open
Issue with os.ExpandEnv
User names or passwords or really any value that includes a $ sign inside of a value will cause this to break.
I feel that a different token would prevent this from occurring.
Comments (3)
-
-
reporter I think that it should be a different value that is harder to happen in a automatically generated password. Something like ${ENV_VAR}.
If you don't want to change it, at least documentation that $ is a reserved character in the password. This was a nasty bug for us that ate an hour because we thought it was the firewalls from our server to the client, or the SSH tunnel etc.. there were a lot of other options before we realized that only half the password was being sent.
-
I think that it should be a different value that is harder to happen in a automatically generated password. Something like ${ENV_VAR}.
Unfortunately, we can't specify that per the Golang os.ExpandEnv documentation: https://godoc.org/os#ExpandEnv While it does support ${ENV_VAR}, it also supports $ENV_VAR. I think documenting it would fix the issue. Would you be willing to submit a pull request to add that documentation?
- Log in to comment
Are you saying that using ExpandEnv should use a different token to indicate a variable? This may just need to be documented more clearly.