Skip to content

Commit 4129207

Browse files
felixfonteinfelixfontein
authored
Merge pull request #1959 from felixfontein/complex-value
Complex values in dotenv, and exec-env: do not print sensitive value in error message
2 parents 2ade87b + 4bd0a14 commit 4129207

File tree

3 files changed

+17
-11
lines changed

3 files changed

+17
-11
lines changed

cmd/sops/main.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -241,8 +241,8 @@ func main() {
241241

242242
var env []string
243243
for _, item := range tree.Branches[0] {
244-
if dotenv.IsComplexValue(item.Value) {
245-
return cli.NewExitError(fmt.Errorf("cannot use complex value in environment: %s", item.Value), codes.ErrorGeneric)
244+
if stores.IsComplexValue(item.Value) {
245+
return cli.NewExitError(fmt.Errorf("cannot use complex value in environment; offending key %s", item.Key), codes.ErrorGeneric)
246246
}
247247
if _, ok := item.Key.(sops.Comment); ok {
248248
continue

stores/dotenv/store.go

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -138,8 +138,8 @@ func (store *Store) EmitEncryptedFile(in sops.Tree) ([]byte, error) {
138138
func (store *Store) EmitPlainFile(in sops.TreeBranches) ([]byte, error) {
139139
buffer := bytes.Buffer{}
140140
for _, item := range in[0] {
141-
if IsComplexValue(item.Value) {
142-
return nil, fmt.Errorf("cannot use complex value in dotenv file: %s", item.Value)
141+
if stores.IsComplexValue(item.Value) {
142+
return nil, fmt.Errorf("cannot use complex value in dotenv file; offending key %s", item.Key)
143143
}
144144
var line string
145145
if comment, ok := item.Key.(sops.Comment); ok {
@@ -176,14 +176,9 @@ func (store *Store) EmitExample() []byte {
176176
return bytes
177177
}
178178

179+
// Deprecated: use stores.IsComplexValue() instead!
179180
func IsComplexValue(v interface{}) bool {
180-
switch v.(type) {
181-
case []interface{}:
182-
return true
183-
case sops.TreeBranch:
184-
return true
185-
}
186-
return false
181+
return stores.IsComplexValue(v)
187182
}
188183

189184
// HasSopsTopLevelKey checks whether a top-level "sops" key exists.

stores/stores.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -535,6 +535,17 @@ func HasSopsTopLevelKey(branch sops.TreeBranch) bool {
535535
return false
536536
}
537537

538+
// IsComplexValue returns true if the given value is an array or dictionary/hash.
539+
func IsComplexValue(v interface{}) bool {
540+
switch v.(type) {
541+
case []interface{}:
542+
return true
543+
case sops.TreeBranch:
544+
return true
545+
}
546+
return false
547+
}
548+
538549
// ValToString converts a simple value to a string.
539550
// It does not handle complex values (arrays and mappings).
540551
func ValToString(v interface{}) string {

0 commit comments

Comments
 (0)