Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/golift/cnfg
Procedures for parsing config files and environment variables into data structures.
Works much like json.Unmarshal
and json.Marshal
.
Short explanation on how the env variable mapping works below.
See GoDoc for several working examples and
further explanation of how maps and slices can be accessed with shell env vars.
Supports all base types, including slices, maps, slices of maps, maps of slices, pointers of slices to maps of slices full of ints, strings, floats and the like!
Please open an issue if you run into a bug or an unsupported type.
Better documentation is needed. Most of it is in GoDoc. This package is full featured for environment variable parsing!
Bonus, it goes the other way too. You can convert a data structure into environment variables. This is useful when you wish to pass a lot of data into a command via exec.Command. Simply set the data into a struct, marshal it into environment variables and pass it in.
type Shelter struct {
Title string `xml:"title"`
Sym float64 `xml:"sym"`
People []*Person `xml:"people"`
Dogs []*Dog `xml:"dogs"`
}
type Person struct {
Name string `xml:"name"`
Present bool `xml:"present"`
Age int `xml:"age"`
ID int64 `xml:"id"`
}
type Dog struct {
Name string
Elapsed config.Duration
Owners []string
}
type Config struct {
*Shelter `xml:"shelter"`
}
The above struct can be configured with the following environment variables,
assuming you set prefix := "APP"
when you call UnmarshalENV()
. Slices use env
vars with numbers in them, starting at 0 and going to infinity, or the last env
var provided + 1, whichever comes first. It just works. The ...
and ++
indicate
that those parameters belong to slices, and many items may be appended or overridden.
APP_SHELTER_TITLE
APP_SHELTER_SYM
APP_SHELTER_PEOPLE_0_NAME
APP_SHELTER_PEOPLE_0_PRESENT
APP_SHELTER_PEOPLE_0_AGE
APP_SHELTER_PEOPLE_0_ID
APP_SHELTER_PEOPLE_1_NAME
...
APP_SHELTER_PEOPLE_10_ID ++
APP_SHELTER_DOGS_0_NAME
APP_SHELTER_DOGS_0_ELAPSED
APP_SHELTER_DOGS_0_OWNERS_0
...
APP_SHELTER_DOGS_0_OWNERS_10 ++
APP_SHELTER_DOGS_1_NAME
APP_SHELTER_DOGS_1_ELAPSED
APP_SHELTER_DOGS_1_OWNERS_0
APP_SHELTER_DOGS_1_OWNERS_1 ++
If you passed in the Shelter
struct instead of Config
, all the of the SHELTER_
portions of the tags would be omitted. You can also set which struct tag to use by
creating an &ENV{}
pointer and setting Tag
and/or Pfx
. Tag
defaults to
"xml"
, but you could set it to "env"
and make custom names for env variables.
The env var prefix Pfx
is optional, but recommended.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.