Bug 1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`
Summary: When `&` character is set as an environment variable in a build config it is ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.0
Assignee: Alice Rum
QA Contact: wewang
URL:
Whiteboard:
: 2026297 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-01-20 08:13 UTC by Rejeeb
Modified: 2023-09-15 00:58 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:54:57 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift builder pull 215 0 None closed Bug 1918153: incorrect escaping of HTML symbols in envars 2021-02-14 01:46:48 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:55:13 UTC

Description Rejeeb 2021-01-20 08:13:17 UTC
Description of problem:

When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`.

Version-Release number of selected component (if applicable):

OpenShift 4.6
(Replicated in OpenShift 3.11 also)

How reproducible:

100%

Steps to Reproduce:

[quicklab@master-0 ~]$ cat bc.yaml 
kind: BuildConfig
apiVersion: build.openshift.io/v1
metadata:
  name: docker-build
spec:
  successfulBuildsHistoryLimit: 5
  failedBuildsHistoryLimit: 5
  strategy:
    type: Docker
    dockerStrategy:
      env:
        - name: IncorrectURLFromENV
          value: 'http://abc.com/q?key1=value1&key2=value2'
      dockerfilePath: Dockerfile
  postCommit: {}
  source:
    type: Git
    git:
      uri: 'https://github.com/rejeeb786/test.git'
    contextDir: /
  triggers:
    - type: Generic
      generic:
        secretReference:
          name: test-git-generic-webhook-secret
    - type: GitHub
      github:
        secretReference:
          name: test-git-github-webhook-secret
    - type: ConfigChange
  runPolicy: Serial

--

[quicklab@master-0 ~]$ oc apply -f bc.yaml 
buildconfig.build.openshift.io/docker-build created

[quicklab@master-0 ~]$ oc get bc
NAME           TYPE      FROM      LATEST
docker-build   Docker    Git       1

--
[quicklab@master-0 ~]$ oc logs -f bc/docker-build
..
Step 2/10 : ENV "IncorrectURLFromENV" "http://abc.com/q?key1=value1\u0026key2=value2"
 ---> Running in 63b246ce3d54
 ---> 362d895c407b
Removing intermediate container 63b246ce3d54
Step 3/10 : MAINTAINER aPaaS : Rejeeb
 ---> Running in 77b827d138ce
 ---> 2e4ceefc9e62
Removing intermediate container 77b827d138ce
Step 4/10 : USER root
 ---> Running in c4e2910a9b7b
 ---> 9eace4f158b2
Removing intermediate container c4e2910a9b7b
Step 5/10 : ENV CorrectURLFromDockerFile 'https://abc123.com/q?key1=value1&key2=value2'
 ---> Running in f0e651620907
 ---> a847bc25b978
Removing intermediate container f0e651620907
Step 6/10 : EXPOSE 5000
 ---> Running in 0da3820519d0
 ---> dd511e943271
Removing intermediate container 0da3820519d0
Step 7/10 : ENTRYPOINT bash
 ---> Running in 96c0587d8213
 ---> d784fa5777b1
Removing intermediate container 96c0587d8213
Step 8/10 : CMD sleep 20
 ---> Running in c862958225a3
 ---> b7e1888b1a0a
Removing intermediate container c862958225a3
Step 9/10 : ENV "OPENSHIFT_BUILD_NAME" "docker-build-1" "OPENSHIFT_BUILD_NAMESPACE" "aq" "OPENSHIFT_BUILD_SOURCE" "https://github.com/rejeeb786/test.git" "OPENSHIFT_BUILD_COMMIT" "b83aaf78858b7a8e970a52a07e06dfb3bb7e7ecc"
 ---> Running in fb7778ae7207
 ---> a9a35f589689
Removing intermediate container fb7778ae7207
..
--

Actual results:

+ As we could see in step 2:
``Step 2/10 : ENV "IncorrectURLFromENV" "http://abc.com/q?key1=value1\u0026key2=value2"``
Even though the environment variable contains `&`, it is converted as `\u0026`.

+ However, in step 5, we could see that the environment variable passed from DockerFile is not converted:
``Step 5/10 : ENV CorrectURLFromDockerFile 'https://abc123.com/q?key1=value1&key2=value2'``

Expected results:

+ Characters should not get converted as it changes the value of the environment variable.

Comment 9 errata-xmlrpc 2021-02-24 15:54:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Comment 10 Otávio Fernandes 2022-01-06 13:29:04 UTC
*** Bug 2026297 has been marked as a duplicate of this bug. ***

Comment 11 Red Hat Bugzilla 2023-09-15 00:58:40 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days


Note You need to log in before you can comment on or make changes to this bug.