fix: filter object env vars to prevent [object Object] in subprocess env#6080
Open
aviu16 wants to merge 1 commit intoUnitech:masterfrom
Open
fix: filter object env vars to prevent [object Object] in subprocess env#6080aviu16 wants to merge 1 commit intoUnitech:masterfrom
aviu16 wants to merge 1 commit intoUnitech:masterfrom
Conversation
5f03fd9 to
3f21d4d
Compare
Author
|
recheck |
When PM2 spawns processes via ForkMode, the entire pm2_env object (containing nested objects like axm_monitor, axm_options, axm_dynamic, axm_actions, env, node_args) is passed directly to child_process.spawn() as the env option. Node.js spawn() calls .toString() on all env values, converting these objects to "[object Object]" strings. This adds a Utility.sanitizeEnv() function that filters the environment object to only include primitive values (string, number, boolean) before passing it to spawn(). Numbers and booleans are explicitly converted to strings, while objects, arrays, null, undefined, and functions are excluded. Fixes Unitech#6073
3f21d4d to
5f18cb2
Compare
Author
|
quick ping here. if this needs adjustments, i can update fast. |
Author
|
validated this branch with the dedicated sanitization suite:\n./node_modules/.bin/mocha test/programmatic/env_sanitization.mocha.js\n\nresult: 38 passing.\n\nthis includes integration assertions that forked processes start without [object Object] env pollution while preserving user-defined primitive env vars. |
Author
|
Friendly bump on this PR. When maintainers have a moment, could someone please take a look? Happy to make any requested changes quickly. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
"[object Object]"environment variables to subprocesses #6073: PM2 passes object properties as[object Object]environment variables to subprocessesUtility.sanitizeEnv()to filterpm2_envbefore passing tochild_process.spawn()in ForkMode, keeping only primitive values (string, number, boolean)Utility.isEnvSafeValue()helper to check if a value is safe for env var usageenv,axm_monitor,axm_options,axm_dynamic,axm_actions,node_args) are now properly excluded from the spawn environmentRoot Cause
In
lib/God/ForkMode.js, the entirepm2_envobject (which contains nested objects) was passed directly as theenvoption tochild_process.spawn(). Node.jsspawn()calls.toString()on all env values, converting objects to the string"[object Object]".Fix
Filter the environment object before passing it to
spawn(), keeping only string, number, and boolean values. Numbers and booleans are explicitly converted to strings viaString(). Objects, arrays, null, undefined, and functions are excluded.Note:
ClusterMode.jsalready handles this correctly by usingJSON.stringify(env_copy)(line 48), so no changes were needed there.Test plan
test/programmatic/env_sanitization.mocha.jsUtility.sanitizeEnv()covering all value typesUtility.isEnvSafeValue()helper[object Object]values appear in sanitized output