Implement variable name whitelist (#398)

GrahamCampbell · web-flow · commit 508fd44c19c1 · 2019-12-13T17:24:57.000Z
diff --git a/src/Loader/Loader.php b/src/Loader/Loader.php
@@ -8,6 +8,25 @@
 
 class Loader implements LoaderInterface
 {
+    /**
+     * The variable name whitelist.
+     *
+     * @var string[]|null
+     */
+    protected $whitelist;
+
+    /**
+     * Create a new loader instance.
+     *
+     * @param string[]|null $whitelist
+     *
+     * @return void
+     */
+    public function __construct(array $whitelist = null)
+    {
+        $this->whitelist = $whitelist;
+    }
+
     /**
      * Load the given environment file content into the repository.
      *
@@ -20,7 +39,7 @@ class Loader implements LoaderInterface
      */
     public function load(RepositoryInterface $repository, $content)
     {
-        return self::processEntries(
+        return $this->processEntries(
             $repository,
             Lines::process(Regex::split("/(\r\n|\n|\r)/", $content)->getSuccess())
         );
@@ -39,14 +58,16 @@ public function load(RepositoryInterface $repository, $content)
      *
      * @return array<string,string|null>
      */
-    private static function processEntries(RepositoryInterface $repository, array $entries)
+    private function processEntries(RepositoryInterface $repository, array $entries)
     {
         $vars = [];
 
         foreach ($entries as $entry) {
             list($name, $value) = Parser::parse($entry);
-            $vars[$name] = self::resolveNestedVariables($repository, $value);
-            $repository->set($name, $vars[$name]);
+            if ($this->whitelist === null || in_array($name, $this->whitelist, true)) {
+                $vars[$name] = self::resolveNestedVariables($repository, $value);
+                $repository->set($name, $vars[$name]);
+            }
         }
 
         return $vars;
diff --git a/tests/Dotenv/LoaderTest.php b/tests/Dotenv/LoaderTest.php
@@ -20,6 +20,18 @@ public function testLoaderWithNoReaders()
         $this->assertSame($expected, $loader->load($repository, $content));
     }
 
+    public function testLoaderWithWhitelist()
+    {
+        $adapter = new ArrayAdapter();
+        $repository = RepositoryBuilder::create()->withReaders([$adapter])->withWriters([$adapter])->make();
+        $loader = new Loader(['FOO']);
+
+        $this->assertSame(['FOO' => 'Hello'], $loader->load($repository, "FOO=\"Hello\"\nBAR=\"World!\"\n"));
+        $this->assertTrue($adapter->get('FOO')->isDefined());
+        $this->assertSame('Hello', $adapter->get('FOO')->get());
+        $this->assertFalse($adapter->get('BAR')->isDefined());
+    }
+
     public function providesAdapters()
     {
         return [
