Conversation
dotnet-policy-service
bot
added
the
Community
|
@dotnet-policy-service agree |
martinrrm
left a comment
martinrrm
left a comment
There was a problem hiding this comment.
this change is affecting two existing tests:
and
I believe this is a breaking change that we need to talk more about
| private static string NormalizeSourceName(string sourceName) | ||
| { | ||
| // Replace invalid env var chars with underscore | ||
| return Regex.Replace(sourceName, @"[^A-Za-z0-9_]", "_"); |
There was a problem hiding this comment.
This excludes a whole lot of allowed environment variable characters, basically all valid characters that are not English language letters. I tried both accented latin characters, as well as one non-latin character, and at least on Windows there's no problems using them as environment variables.
There was a problem hiding this comment.
Well we could also use a filter the other way around, so lets say that all characters that match "#@%!-*" etc, are replaced as '_'
That would at least solve the issue with allowed environment variable characters that are currently not in this set and it would solve the linked issue
dotnet-policy-service
bot
added
the
Status:No recent activity
|
This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 30 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch. |
3 participants
Bug
Fixes: NuGet/Home#14562
Description
This PR fixes a bug where environment variable credential lookup fails if the package source key in
nuget.configcontains characters that are invalid in environment variable names (such as-, space,@, etc.).Currently, only
.is normalized to_when constructing the environment variable name, but other invalid characters are not handled. For example:foo-barNuGetPackageSourceCredentials_foo_bar_Username,NuGetPackageSourceCredentials_foo_bar_ClearTextPasswordNuGetPackageSourceCredentials_foo-bar_Username(invalid, cannot be set as an environment variable)This PR adds normalization logic so that all non-alphanumeric characters are replaced with
_before environment variable lookup.Example behavior
foo.barNuGetPackageSourceCredentials_foo_bar_*NuGetPackageSourceCredentials_foo_bar_*(unchanged)foo-barNuGetPackageSourceCredentials_foo-bar_*(invalid)NuGetPackageSourceCredentials_foo_bar_*my source!NuGetPackageSourceCredentials_my source!*(invalid)NuGetPackageSourceCredentials_my_source_*This change aligns behavior with the documentation and makes environment variable credentials usable with any source name.
PR Checklist