Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v0.11.0 Introduces parsing error for strings containing more than one $ symbol #485

Closed
JaredBrown138 opened this issue Aug 30, 2023 · 6 comments
Closed

v0.11.0 Introduces parsing error for strings containing more than one $ symbol #485

JaredBrown138 opened this issue Aug 30, 2023 · 6 comments
Assignees
@sergeyklay
Labels
bug Something isn't working

Comments

@JaredBrown138
Copy link

The latest version seems to have introduced parsing errors when there is more that one $ present in a env string being loaded. I caught this with one of my development SECRET_KEYS configs that failed after installing the latest version. I haven't been able to nail down the exact conditions of when it occurs as sometimes having two $ in a string works, other times it fails at 3.

Traceback (most recent call last):
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 420, in _get_value
    value = self.ENVIRON[var_name]
            ~~~~~~~~~~~~^^^^^^^^^^
  File "<frozen os>", line 679, in __getitem__
KeyError: 'r'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Users\User\Desktop\DEV\project\manage.py", line 21, in <module>
    main()
  File "C:\Users\User\Desktop\DEV\project\manage.py", line 17, in main
    execute_from_command_line(sys.argv)
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\core\management\__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\core\management\__init__.py", line 436, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\core\management\base.py", line 412, in run_from_argv
    self.execute(*args, **cmd_options)
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\core\management\commands\runserver.py", line 74, in execute
    super().execute(*args, **options)
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\core\management\base.py", line 458, in execute
    output = self.handle(*args, **options)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\core\management\commands\runserver.py", line 81, in handle
    if not settings.DEBUG and not settings.ALLOWED_HOSTS:
           ^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\conf\__init__.py", line 102, in __getattr__
    self._setup(name)
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\conf\__init__.py", line 89, in _setup
    self._wrapped = Settings(settings_module)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\django\conf\__init__.py", line 217, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\User\AppData\Local\Programs\Python\Python311\Lib\importlib\__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1206, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1178, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1149, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 690, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "C:\Users\User\Desktop\DEV\project\project\settings.py", line 12, in <module>
    SECRET_KEY = env.str("SECRET_KEY")
                 ^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 223, in str
    value = self.get_value(var, cast=str, default=default)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 386, in get_value
    return self._get_value(
           ^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 439, in _get_value
    value = self.VAR.sub(repl, value)
            ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 432, in repl
    return self.get_value(
           ^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 386, in get_value
    return self._get_value(
           ^^^^^^^^^^^^^^^^
  File "C:\Users\User\.virtualenvs\project-lUbmLYSO\Lib\site-packages\environ\environ.py", line 424, in _get_value
    raise ImproperlyConfigured(error_msg) from exc
django.core.exceptions.ImproperlyConfigured: Set the r environment variable

As it is just a local development key I don't mind sharing it:
django-insecure-3g!&1-%o7u$r$@s$1doy16^n8hjjazdsn2h)#!vw*ufkn1c&0e

Reverting to v0.10.0 fixes the issue.

I also generated a new secret key and modified it to have two $ and it fails with "Set the fe environment variable":

o-8+9g&ifvf8t(+a6awjf87fvq6n9heb+eopcqb(-b1+-yt*l$34$fe

There is also more strange behavior like including some non-alphanumeric values after the $ allows it to work:
This breaks: this$isa$test this does not: this$@isa$@test
@M3te0r
Copy link

M3te0r commented Aug 30, 2023

Hi, I also just tried to upgrade to v0.11.0 and have the same error with a secret generated with get_random_secret_key()

@elnygren
Copy link

also looks like interpolate=True by default so v0.11.0 is a breaking change 😓 (had this same issue today)

@joke2k
Copy link
Owner

joke2k commented Aug 30, 2023

Hey there,

Yes the new release has this unplanned breaking change.
We are working to create a patch for it.

Sorry about that.

@sergeyklay sergeyklay self-assigned this Aug 30, 2023
@sergeyklay sergeyklay added the bug Something isn't working label Aug 30, 2023
This was referenced Aug 30, 2023
Closed
Merged
Merged
@sergeyklay
Copy link
Collaborator

This breaking change was reverted. The v0.11.1 version has just been released. I apologize for the inconvenience

@mfisco
Copy link

mfisco commented Aug 30, 2023

Hi, I appreciate you getting the patch out so quickly! Unfortunately, I'm still having trouble with v0.11.1.

If there's a $ symbol followed by one or more letters (uppercase or lowercase), it still raises an exception. For example, you could reproduce it using the following as a secret key:

SECRET_KEY=ABCDEFG_1234567890_N0T@R3ALV@L$S3CR3TK3Y@HELLOWORLD

Which raises the exception:

...
django.core.exceptions.ImproperlyConfigured: Set the S3CR3TK3Y environment variable

And as @JaredBrown138 had mentioned, reverting to v0.10.0 does fix the issue.

@sergeyklay sergeyklay mentioned this issue Aug 31, 2023
Closed
@sergeyklay
Copy link
Collaborator

django-environ v0.11.2 with a fix has been released, thank you for reporting

https://github.com/joke2k/django-environ/releases/tag/v0.11.2

@David-Wobrock David-Wobrock mentioned this issue Sep 5, 2023
Open
@potasiak potasiak mentioned this issue Nov 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sergeyklay sergeyklay

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@joke2k @sergeyklay @M3te0r @elnygren @JaredBrown138 @mfisco