Bug 1918153

Summary:	When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`
Product:	OpenShift Container Platform	Reporter:	Rejeeb <rabdulra>
Component:	Build	Assignee:	Alice Rum <irum>
Status:	CLOSED ERRATA	QA Contact:	wewang <wewang>
Severity:	high	Docs Contact:
Priority:	high
Version:	4.6	CC:	adam.kaplan, aos-bugs, gmontero, irum, josantos
Target Milestone:	---
Target Release:	4.7.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-02-24 15:54:57 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Rejeeb 2021-01-20 08:13:17 UTC

Description of problem:

When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`.

Version-Release number of selected component (if applicable):

OpenShift 4.6
(Replicated in OpenShift 3.11 also)

How reproducible:

100%

Steps to Reproduce:

[quicklab@master-0 ~]$ cat bc.yaml 
kind: BuildConfig
apiVersion: build.openshift.io/v1
metadata:
  name: docker-build
spec:
  successfulBuildsHistoryLimit: 5
  failedBuildsHistoryLimit: 5
  strategy:
    type: Docker
    dockerStrategy:
      env:
        - name: IncorrectURLFromENV
          value: 'http://abc.com/q?key1=value1&key2=value2'
      dockerfilePath: Dockerfile
  postCommit: {}
  source:
    type: Git
    git:
      uri: 'https://github.com/rejeeb786/test.git'
    contextDir: /
  triggers:
    - type: Generic
      generic:
        secretReference:
          name: test-git-generic-webhook-secret
    - type: GitHub
      github:
        secretReference:
          name: test-git-github-webhook-secret
    - type: ConfigChange
  runPolicy: Serial

--

[quicklab@master-0 ~]$ oc apply -f bc.yaml 
buildconfig.build.openshift.io/docker-build created

[quicklab@master-0 ~]$ oc get bc
NAME           TYPE      FROM      LATEST
docker-build   Docker    Git       1

--
[quicklab@master-0 ~]$ oc logs -f bc/docker-build
..
Step 2/10 : ENV "IncorrectURLFromENV" "http://abc.com/q?key1=value1\u0026key2=value2"
 ---> Running in 63b246ce3d54
 ---> 362d895c407b
Removing intermediate container 63b246ce3d54
Step 3/10 : MAINTAINER aPaaS : Rejeeb
 ---> Running in 77b827d138ce
 ---> 2e4ceefc9e62
Removing intermediate container 77b827d138ce
Step 4/10 : USER root
 ---> Running in c4e2910a9b7b
 ---> 9eace4f158b2
Removing intermediate container c4e2910a9b7b
Step 5/10 : ENV CorrectURLFromDockerFile 'https://abc123.com/q?key1=value1&key2=value2'
 ---> Running in f0e651620907
 ---> a847bc25b978
Removing intermediate container f0e651620907
Step 6/10 : EXPOSE 5000
 ---> Running in 0da3820519d0
 ---> dd511e943271
Removing intermediate container 0da3820519d0
Step 7/10 : ENTRYPOINT bash
 ---> Running in 96c0587d8213
 ---> d784fa5777b1
Removing intermediate container 96c0587d8213
Step 8/10 : CMD sleep 20
 ---> Running in c862958225a3
 ---> b7e1888b1a0a
Removing intermediate container c862958225a3
Step 9/10 : ENV "OPENSHIFT_BUILD_NAME" "docker-build-1" "OPENSHIFT_BUILD_NAMESPACE" "aq" "OPENSHIFT_BUILD_SOURCE" "https://github.com/rejeeb786/test.git" "OPENSHIFT_BUILD_COMMIT" "b83aaf78858b7a8e970a52a07e06dfb3bb7e7ecc"
 ---> Running in fb7778ae7207
 ---> a9a35f589689
Removing intermediate container fb7778ae7207
..
--

Actual results:

+ As we could see in step 2:
``Step 2/10 : ENV "IncorrectURLFromENV" "http://abc.com/q?key1=value1\u0026key2=value2"``
Even though the environment variable contains `&`, it is converted as `\u0026`.

+ However, in step 5, we could see that the environment variable passed from DockerFile is not converted:
``Step 5/10 : ENV CorrectURLFromDockerFile 'https://abc123.com/q?key1=value1&key2=value2'``

Expected results:

+ Characters should not get converted as it changes the value of the environment variable.

Comment 9 errata-xmlrpc 2021-02-24 15:54:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Comment 10 Otávio Fernandes 2022-01-06 13:29:04 UTC

*** Bug 2026297 has been marked as a duplicate of this bug. ***

Comment 11 Red Hat Bugzilla 2023-09-15 00:58:40 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days