#!/bin/bash # Test script to verify environment variable sanitization # This tests that invisible Unicode characters are properly removed set -e # Define Unicode character constants for testing readonly U200E_HEX=$'\xE2\x80\x8E' # U+200E Left-to-Right Mark readonly U200B_HEX=$'\xE2\x80\x8B' # U+200B Zero Width Space echo "Testing environment variable sanitization..." echo "" # Create a test file with problematic Unicode characters TEST_FILE=$(mktemp /tmp/test_env_with_unicode.XXXXXX.sh) # Create test environment with U+200E (Left-to-Right Mark) after variable names cat > "$TEST_FILE" << 'EOF' # Test environment variables with invisible Unicode characters export ADMIN_USER‎="testuser" export ADMIN_PASSWORD‎="testpass123" export OPENROUTER_API_KEY‎="sk-test-key-12345" export NORMAL_VAR="normalvalue" EOF # Add actual invisible U+200E character (E2 80 8E in UTF-8) to the file # This simulates what happens when users copy-paste from web browsers printf "export TEST_VAR_WITH_U200E%s=\"value_with_unicode\"\n" "$U200E_HEX" >> "$TEST_FILE" printf "export TEST_VAR_WITH_U200B%s=\"value_with_zwsp\"\n" "$U200B_HEX" >> "$TEST_FILE" echo "Original test file (with invisible characters):" hexdump -C "$TEST_FILE" | grep -E "e2 80" || echo " (invisible characters present but not shown)" echo "" # Test 1: Verify the original file has Unicode characters echo "Test 1: Checking for invisible Unicode characters in original file..." if grep -q "$U200E_HEX" "$TEST_FILE" 2>/dev/null; then echo " ✓ U+200E (Left-to-Right Mark) detected" else echo " ✗ U+200E not found (expected to find it)" fi if grep -q "$U200B_HEX" "$TEST_FILE" 2>/dev/null; then echo " ✓ U+200B (Zero Width Space) detected" else echo " ✗ U+200B not found (expected to find it)" fi echo "" # Test 2: Apply the same sanitization logic from entrypoint.sh echo "Test 2: Applying sanitization..." SANITIZED_FILE=$(mktemp /tmp/test_env_sanitized.XXXXXX.sh) cp "$TEST_FILE" "$SANITIZED_FILE" # Remove common invisible Unicode characters (same logic as entrypoint.sh) sed -i \ -e 's/\xE2\x80\x8E//g' \ -e 's/\xE2\x80\x8F//g' \ -e 's/\xE2\x80\x8B//g' \ -e 's/\xEF\xBB\xBF//g' \ -e 's/\xE2\x80\xAA//g' \ -e 's/\xE2\x80\xAB//g' \ -e 's/\xE2\x80\xAC//g' \ -e 's/\xE2\x80\xAD//g' \ -e 's/\xE2\x80\xAE//g' \ "$SANITIZED_FILE" 2>/dev/null echo " Sanitization complete" echo "" # Test 3: Verify Unicode characters are removed echo "Test 3: Verifying invisible characters are removed..." if grep -q "$U200E_HEX" "$SANITIZED_FILE" 2>/dev/null; then echo " ✗ FAILED: U+200E still present after sanitization" exit 1 else echo " ✓ U+200E successfully removed" fi if grep -q "$U200B_HEX" "$SANITIZED_FILE" 2>/dev/null; then echo " ✗ FAILED: U+200B still present after sanitization" exit 1 else echo " ✓ U+200B successfully removed" fi echo "" # Test 4: Verify the sanitized file is valid bash and can be sourced echo "Test 4: Testing if sanitized file is valid bash..." if bash -n "$SANITIZED_FILE" 2>/dev/null; then echo " ✓ Sanitized file has valid bash syntax" else echo " ✗ FAILED: Sanitized file has syntax errors" cat "$SANITIZED_FILE" exit 1 fi echo "" # Test 5: Try sourcing the sanitized environment echo "Test 5: Testing if sanitized environment can be sourced..." ( source "$SANITIZED_FILE" if [ "$ADMIN_USER" = "testuser" ] && [ "$ADMIN_PASSWORD" = "testpass123" ]; then echo " ✓ Environment variables loaded correctly" else echo " ✗ FAILED: Environment variables not loaded correctly" echo " ADMIN_USER=$ADMIN_USER (expected: testuser)" echo " ADMIN_PASSWORD=$ADMIN_PASSWORD (expected: testpass123)" exit 1 fi ) echo "" # Test 6: Compare file sizes (sanitized should be smaller) ORIGINAL_SIZE=$(wc -c < "$TEST_FILE") SANITIZED_SIZE=$(wc -c < "$SANITIZED_FILE") REMOVED_BYTES=$((ORIGINAL_SIZE - SANITIZED_SIZE)) echo "Test 6: Verifying bytes were removed..." if [ $REMOVED_BYTES -gt 0 ]; then echo " ✓ Removed $REMOVED_BYTES bytes of invisible Unicode characters" else echo " ✗ WARNING: No bytes removed (original: $ORIGINAL_SIZE, sanitized: $SANITIZED_SIZE)" fi echo "" # Cleanup rm -f "$TEST_FILE" "$SANITIZED_FILE" echo "==================================" echo "All sanitization tests PASSED! ✓" echo "==================================" echo "" echo "The entrypoint.sh sanitization logic will prevent the Portainer U+200E error."