bugfix: fix an int parsing bug in godotenv.Marshal #235
Conversation
There was a problem hiding this comment.
I'm sorry, but while I agree there is a problem with current code. The way Atoi behaves with the + is indeed a surprise I would not expect something like this.
So yes, there is a problem with the +
But your solution also nuke the possibility for an integer to be negative.
Think about a variable set to -1 to inhibit a behavior, like a timeout or a max size
You may want to change the regexp to allow a possible leading -
But it would be a adding a fix on a solution that is not good. Regexp are slow also.
So, OK there is a problem with a leading +
First, let's add test for this, then add test for -1.
Then create a isInt method that will check if the first character is a + by using
strings.HasPrefix(n, "+")
If true, isInt will return false, if not strconv.Atoi can be used
godotenv.go
Outdated
| @@ -163,9 +163,10 @@ func Write(envMap map[string]string, filename string) error { | |||
| // Each line is in the format: KEY="VALUE" where VALUE is backslash-escaped. | |||
| func Marshal(envMap map[string]string) (string, error) { | |||
| lines := make([]string, 0, len(envMap)) | |||
| var isInt = regexp.MustCompile(`^[0-9]+$`).MatchString | |||
There was a problem hiding this comment.
The regexp variable should be put outside the Marshall method, so at the package level.
Parsing a regexp has a cost, and here is would be done on each call to Marshall
There was a problem hiding this comment.
Yep, you're completely right, I will deal with the possibility of negative numbers get rid of regex.
|
Also, if you want to check a variable only contain number, you can use strings.Trim and provide the 0123456789 as argument. If there is something remaining it's not a number whatever it's length. But you might have to use strings.TrimPrefix first to remove the - |
|
Sorry, I've noticed an error, just after the push, let me fix it in the next commit |
|
I've made the changes (though, not exactly as you've suggested).
I've added a test to check various inputs, all goes through smoothly. I think this should work, but please, if I've made a mistake, point it out. Thanks! |
|
good idea, unfortunately you will have an issue with unicode.IsDigit unicode is wider than what we think I think you should replace your code with only a portion of what is in unicode.IsDigit https://cs.opensource.google/go/go/+/refs/tags/go1.23.0:src/unicode/digit.go;l=8 so simply this |
|
That was a great catch, thanks! Well, it looks like everything is in order. Should I squash my commits together to keep the history clean? |
godotenv.go
Outdated
| func isInt(s string) bool { | ||
| s = strings.TrimPrefix(s, "-") | ||
|
|
||
| if len(s) == 0 { | ||
| return false | ||
| } | ||
|
|
||
| for _, r := range s { | ||
| if '0' <= r && r <= '9' { | ||
| continue | ||
| } | ||
| return false | ||
| } | ||
|
|
||
| return true | ||
| } |
There was a problem hiding this comment.
Please format the file with gofmt, there is something strange with the code now
There was a problem hiding this comment.
Yeah, something weird was going on, fixed that
| @@ -159,13 +158,30 @@ func Write(envMap map[string]string, filename string) error { | |||
| return file.Sync() | |||
| } | |||
|
|
|||
| func isInt(s string) bool { | |||
There was a problem hiding this comment.
Please add a comment about the function purpose, people may be surprised about the fact you didn't use strings.Atoi
- the fact it supports big numbers with more than X digits
- the fact a number starting with + is not a valid number (and more likely to be a phone)
There was a problem hiding this comment.
Added the comment, though it doesn't seem necessary (other internal functions don't have them), but let's let it be.
|
|
||
| // valid values | ||
| checkAndCompare("-123", true) | ||
| checkAndCompare("123", true) |
There was a problem hiding this comment.
Please add a test about a very long number that would break max int64
It's part of your code change
If you encounter a value like
+1234567890, in my case it was a phone number, thestrconv.Atoiwill actually remove the+sign and won't throw an error.That's how it looks like:
Additionally, if you have a very long value, the
strconv.Atoiwill throw an error:value out of range, which is correct, but we shouldn't care, it's all numbers - just store it. And when reading back we get all values instringanyway.Of course, in the case of godotenv this behavior may cause some issues (it did in my case), you can see my proposition for a fix in the commit.
After the change, only values containing numbers and nothing else will be treated as integers (without quotes), everything else will be in quotations.
Though using regex is not the most optimal solution, it was the first one, that came to me (and it's quite concise), but of course, it could be replaced with a better solution.