MCPcopy Create free account
hub / github.com/Dstack-TEE/dstack / parse_env

Function parse_env

dstack-util/src/parse_env_file.rs:49–93  ·  view source on GitHub ↗
(env_json: &[u8], allowed: &BTreeSet<String>)

Source from the content-addressed store, hash-verified

47}
48
49pub fn parse_env(env_json: &[u8], allowed: &BTreeSet<String>) -> Result<BTreeMap<String, String>> {
50 const MAX_ITEMS: usize = 1024;
51 const MAX_TOTAL_SIZE: usize = 1024 * 1024;
52
53 let data: Data = serde_json::from_slice(env_json).context("Failed to parse env")?;
54
55 if data.env.len() > MAX_ITEMS {
56 bail!("Too many environment variables: {}", data.env.len());
57 }
58
59 const KEY_REGEX: &str = r"^[a-zA-Z_][a-zA-Z0-9_]*$";
60 let key_regex = regex::Regex::new(KEY_REGEX)
61 .context("Failed to compile environment key validation regex")?;
62
63 let mut env = BTreeMap::new();
64 let mut total_size = 0;
65
66 for Pair { key, value } in data.env {
67 if !allowed.contains(&key) {
68 warn!("Skipping unauthorized environment variable: {key}");
69 continue;
70 }
71 // Check key length (common Linux limit is 255)
72 if key.len() > 255 {
73 bail!("Environment variable name too long: {}", key);
74 }
75
76 // Check value length (common Linux limit is around 128KB)
77 if value.len() > 128 * 1024 {
78 bail!("Environment variable value too long for key: {}", key);
79 }
80
81 // validate key
82 if !key_regex.is_match(&key) {
83 bail!("Invalid env key: {}", key);
84 }
85
86 total_size += key.len() + value.len();
87 if total_size > MAX_TOTAL_SIZE {
88 bail!("Environment variables total size too large");
89 }
90 env.insert(key, value);
91 }
92 Ok(env)
93}
94
95pub fn convert_env_to_str(parsed_env: &BTreeMap<String, String>) -> String {
96 #[allow(clippy::format_collect)]

Callers 1

decrypt_env_varsMethod · 0.85

Calls 2

containsMethod · 0.80
lenMethod · 0.45

Tested by

no test coverage detected