commit 861768eb2c9fe65e188fd967acde52bfc548ee61
parent c04bf3c03bb695758c15914040424ff941fa37d8
Author: triesap <tyson@radroots.org>
Date: Tue, 7 Apr 2026 02:02:00 +0000
cli: reject unknown env file keys
- reject unsupported .env variables during cli config parsing
- keep the supported env file surface explicit to match myc behavior
- add a runtime config unit test for unknown environment variables
- preserve existing precedence and default env file loading behavior
Diffstat:
1 file changed, 33 insertions(+), 0 deletions(-)
diff --git a/src/runtime/config.rs b/src/runtime/config.rs
@@ -19,6 +19,18 @@ const ENV_LOG_STDOUT: &str = "RADROOTS_LOG_STDOUT";
const ENV_IDENTITY_PATH: &str = "RADROOTS_IDENTITY_PATH";
const ENV_SIGNER_BACKEND: &str = "RADROOTS_SIGNER_BACKEND";
const ENV_MYC_EXECUTABLE: &str = "RADROOTS_MYC_EXECUTABLE";
+const SUPPORTED_ENV_FILE_KEYS: &[&str] = &[
+ ENV_OUTPUT,
+ ENV_CLI_LOG_FILTER,
+ ENV_CLI_LOG_DIR,
+ ENV_CLI_LOG_STDOUT,
+ ENV_LOG_FILTER,
+ ENV_LOG_DIR,
+ ENV_LOG_STDOUT,
+ ENV_IDENTITY_PATH,
+ ENV_SIGNER_BACKEND,
+ ENV_MYC_EXECUTABLE,
+];
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum OutputFormat {
@@ -260,6 +272,13 @@ fn parse_env_file_values(raw: &str, path: &Path) -> Result<EnvFileValues, Runtim
index + 1
)));
}
+ if !SUPPORTED_ENV_FILE_KEYS.contains(&key) {
+ return Err(RuntimeError::Config(format!(
+ "invalid env file {} line {}: unknown environment variable `{key}`",
+ path.display(),
+ index + 1
+ )));
+ }
values.insert(key.to_owned(), normalize_env_value(value.trim()));
}
@@ -481,4 +500,18 @@ RADROOTS_CLI_LOGGING_STDOUT=false
assert_eq!(resolved.logging.filter, "info");
assert!(resolved.logging.stdout);
}
+
+ #[test]
+ fn unknown_env_file_variable_fails() {
+ let error = parse_env_file_values(
+ "RADROOTS_CLI_LOGGING_FILTRE=debug\n",
+ Path::new(".env.test"),
+ )
+ .expect_err("unknown env variable");
+ assert!(
+ error
+ .to_string()
+ .contains("unknown environment variable `RADROOTS_CLI_LOGGING_FILTRE`")
+ );
+ }
}
