getsops/sops
1
0
Fork 0
mirror of https://github.com/getsops/sops.git synced 2026-02-05 12:45:21 +01:00
Code Issues Activity

Merge pull request #1959 from felixfontein/complex-value

Browse Source 
Complex values in dotenv, and exec-env: do not print sensitive value in error message
This commit is contained in:
Felix Fontein
2025-09-28 15:12:15 +02:00
committed by GitHub
parent 2ade87bd6f 4bd0a14e1f
commit 4129207875
3 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/sops/main.go
View File

@@ -241,8 +241,8 @@ func main() {
var env []string
for _, item := range tree.Branches[0] {
if dotenv.IsComplexValue(item.Value) {
return cli.NewExitError(fmt.Errorf("cannot use complex value in environment: %s", item.Value), codes.ErrorGeneric)
if stores.IsComplexValue(item.Value) {
return cli.NewExitError(fmt.Errorf("cannot use complex value in environment; offending key %s", item.Key), codes.ErrorGeneric)
}
if _, ok := item.Key.(sops.Comment); ok {
continue

13
stores/dotenv/store.go
View File

@@ -138,8 +138,8 @@ func (store *Store) EmitEncryptedFile(in sops.Tree) ([]byte, error) {
func (store *Store) EmitPlainFile(in sops.TreeBranches) ([]byte, error) {
buffer := bytes.Buffer{}
for _, item := range in[0] {
if IsComplexValue(item.Value) {
return nil, fmt.Errorf("cannot use complex value in dotenv file: %s", item.Value)
if stores.IsComplexValue(item.Value) {
return nil, fmt.Errorf("cannot use complex value in dotenv file; offending key %s", item.Key)
}
var line string
if comment, ok := item.Key.(sops.Comment); ok {
@@ -176,14 +176,9 @@ func (store *Store) EmitExample() []byte {
return bytes
}
// Deprecated: use stores.IsComplexValue() instead!
func IsComplexValue(v interface{}) bool {
switch v.(type) {
case []interface{}:
return true
case sops.TreeBranch:
return true
}
return false
return stores.IsComplexValue(v)
}
// HasSopsTopLevelKey checks whether a top-level "sops" key exists.

11
stores/stores.go
View File

@@ -535,6 +535,17 @@ func HasSopsTopLevelKey(branch sops.TreeBranch) bool {
return false
}
// IsComplexValue returns true if the given value is an array or dictionary/hash.
func IsComplexValue(v interface{}) bool {
switch v.(type) {
case []interface{}:
return true
case sops.TreeBranch:
return true
}
return false
}
// ValToString converts a simple value to a string.
// It does not handle complex values (arrays and mappings).
func ValToString(v interface{}) string {