Ensure Docker env vars are quoted (!31) · Merge requests · GitLab.org / security-products / analyzers / integration-test

Adam Cohen requested to merge properly-quote-docker-env-vars into main Jul 12, 2022

What is the purpose of this MR

This MR ensure that the variables passed to the Docker image are quoted, which allows consumers to set variables that have newlines in them. For example, before this fix, the following test would fail because of the newlines in the ADDITIONAL_CA_CERT_BUNDLE variable:

        context "and setting ADDITIONAL_CA_CERT_BUNDLE" do
          let(:variables) do
            { ADDITIONAL_CA_CERT_BUNDLE: <<-HERE
-----BEGIN CERTIFICATE-----
MIIFgzCCBSigAwIBAgIQBiPZw4be7paOmVGMBVHSLDAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
...
sSwAYSAKFTsYqEWJLHbP9zi2dCvHtH4=
-----END CERTIFICATE-----
HERE
 }
          end

          describe "CycloneDX SBOMs" do
            let(:relative_sbom_paths) { ["gl-sbom-maven-gradle.cdx.json"] }

            it_behaves_like "non-empty CycloneDX files"
            it_behaves_like "recorded CycloneDX files"
            it_behaves_like "valid CycloneDX files"
          end
        end

Testing

Tested in this pipeline with this example.

Edited Jul 13, 2022 by Adam Cohen

Ensure Docker env vars are quoted

What is the purpose of this MR

Testing

Merge request reports