read_env doesn't parse dictionary properly from lines with quotes/apostrophes

[VKen]

django-environ/environ/environ.py

Lines 633 to 638 in 628ed38

	m2 = re.match(r"\A'(.*)'\Z", val)
	if m2:
	val = m2.group(1)
	m3 = re.match(r'\A"(.*)"\Z', val)
	if m3:
	val = re.sub(r'\\(.)', r'\1', m3.group(1))

Hi, I was using the Env.read_env() function to load a file consisting of dictionary pattern:

MY_DICTIONARY="Tom"="Jerry"
MY_OTHER_DICTIONARY='Tom'='Jerry'

After parsing the lines, what is pulled by the regex matching is:

Tom"="Jerry
Tom'='Jerry

which gives us:

>>> env.dict(MY_DICTIONARY) = {'Tom"': '"Jerry'}  # notice the extra double quotes
>>> env.dict(MY_OTHER_DICTIONARY) = {"Tom'": "'Jerry"}  # notice the extra single quotes

I just found this out as i debugged for quite a while. It doesn't happen if the variables are already loaded into the shell environment via shell export. It only happens from reading the .env file (and overriding the environment variables).

Maybe the intent is to parse shell string variables and not used that much for dictionary patterns, so this edge case came up.

The apostrophes might be needed, as some key or values itself may contain characters like =, ', ", which are valid in a dictionary key or value.

Looks like it'll be difficult to cover for dictionary use case with apostrophes via simple regex.

Wrapping the whole string with more quotes will still have a 50% chance to unknowingly hit the regex parsing of m2 and m3.

[Dantemss]

It's not just dictionaries.

When a .env file is generated using shlex.quote() and one of the string values contains a single quote (like a password for example) then the value is improperly parsed by django-environ. Example:

export MYTEST='Hello'"'"'World'

If I source this file directly and read os.environ, the value of MYTEST is "Hello'World"
If I read the .env file through django-environ, the value of MYTEST is 'Hello\'"\'"\'World'