mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2026-05-29 04:53:17 +02:00
fix(dotenv): introduce safe parsing of .env files (#13778)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
* fix(dotenv): expect explicit yes before loading .env file * fix(dotenv): implement secure parsing for .env files and add comprehensive tests * feat(dotenv): check for .env file size to prevent DoS * fix(dotenv): forbid setting special variables * fix(dotenv): FIFO shouldn't be read twice * fix(dotenv): unknown vars should expand to empty * fix(dotenv): reject extremely large named pipes * docs(dotenv): update to new parsing system * fix(dotenv): add support for escaped dollars * chore(dotenv): only declare local variables once * fix(dotenv): apply review suggestions * docs(dotenv): update test instructions Co-authored-by: Carlo Sala <carlosalag@protonmail.com>
This commit is contained in:
Marc Cornellà
GitHub
parent
c90141ed77
commit
d170d18746
10 changed files with 1219 additions and 12 deletions
9
plugins/dotenv/.zunit.yml
Normal file
9
plugins/dotenv/.zunit.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
tap: false
|
||||
directories:
|
||||
tests: tests
|
||||
output: tests/_output
|
||||
support: tests/_support
|
||||
time_limit: 0
|
||||
fail_fast: false
|
||||
allow_risky: false
|
||||
verbose: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue