Skip to content

Commit 7a0e64f

Browse files
mwoods79mwoods79
committed
Mark item #7 as skipped and combine items #8 & #9 
1 parent 39b023d commit 7a0e64f

File tree

1 file changed

+31
-28
lines changed

1 file changed

+31
-28
lines changed

ROADMAP.md

Lines changed: 31 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -121,57 +121,60 @@ Allow variables to be set to empty strings: `KEY=`
121121
- `KEY=``%{"KEY" => ""}`
122122

123123
### 7. Variable Expansion
124-
**Status:** Pending
125-
**File:** New module or parser extension
124+
**Status:** ❌ Skipped (Security Concerns)
125+
**File:** N/A
126126

127127
Support shell-style variable expansion.
128128

129-
**Example cases to support:**
129+
**Reason for skipping:**
130+
Variable expansion (`${VAR}` substitution) introduces significant security and complexity concerns:
131+
- Potential for injection attacks
132+
- Order of evaluation complexity
133+
- Recursive expansion edge cases
134+
- Security-sensitive applications should control interpolation explicitly
135+
136+
If variable substitution is needed, applications can implement it after parsing using the parsed map values. This keeps the parser simple and secure.
137+
138+
**Not implemented:**
130139
```
131140
HOME=/home/user
132-
PATH=${HOME}/bin:${PATH}
133-
DATABASE_URL=${DB_PROTOCOL}://${DB_HOST}:${DB_PORT}/${DB_NAME}
141+
PATH=${HOME}/bin:${PATH} # Not supported
134142
```
135143

136-
**Changes needed:**
137-
- Parse `${VAR}` syntax
138-
- Implement expansion logic (may need to be in main module, not parser)
139-
- Handle undefined variable references (error or leave as-is?)
140-
141-
### 8. Escape Sequences
144+
### 8 & 9. Escape Sequences and Multi-line Values (Combined)
142145
**Status:** Pending
143146
**File:** `lib/envious/parser.ex`
144147

145-
Handle common escape sequences within quoted strings.
148+
Handle escape sequences and multi-line values in quoted strings. These features are combined because:
149+
- Multi-line values in quotes require handling newlines (`\n`)
150+
- Both involve processing special characters within quoted strings
151+
- Implementation efficiency - can be done together
146152

147153
**Example cases to support:**
148154
```
155+
# Escape sequences
149156
MESSAGE="Line 1\nLine 2"
150157
TAB_SEPARATED="Column1\tColumn2"
158+
ESCAPED_QUOTE="She said \"hello\""
151159
ESCAPED_BACKSLASH="C:\\Users\\path"
152-
```
153-
154-
**Changes needed:**
155-
- Parse `\n`, `\t`, `\r`, `\\`, `\"`, `\'`
156-
- Apply escape processing during parsing or post-processing
157-
158-
### 9. Multi-line Values
159-
**Status:** Pending
160-
**File:** `lib/envious/parser.ex`
161160
162-
Support multi-line values using backslash continuation or quoted multi-line strings.
161+
# Multi-line values (literal newlines in quoted strings)
162+
CERT="-----BEGIN CERTIFICATE-----
163+
MIIBkTCB+wIJAKHHCgVZU...
164+
-----END CERTIFICATE-----"
163165
164-
**Example cases to support:**
165-
```
166+
# Backslash continuation
166167
LONG_VALUE="This is a \
167168
multi-line \
168169
value"
169-
170-
CERT="-----BEGIN CERTIFICATE-----
171-
MIIBkTCB+wIJAKHHCgVZU...
172-
-----END CERTIFICATE-----"
173170
```
174171

172+
**Changes needed:**
173+
- Parse escape sequences: `\n`, `\t`, `\r`, `\\`, `\"`, `\'`
174+
- Allow actual newlines inside quoted strings
175+
- Process escape sequences during or after parsing
176+
- Handle backslash-newline continuation
177+
175178
## Code Quality
176179

177180
### 10. Add Tags/Labels to Parser Combinators

0 commit comments

Comments
 (0)