Problem
Environment-driven configuration can become an attack or misconfiguration surface if accepted values are not clearly constrained or validated.
Proposal
Identify a minimal set of sensitive or externally controlled environment variables, then:
- Document expected validation / sanitization behavior
- Define accepted formats or ranges where applicable
- Add tests covering malformed, unsafe, or unexpected values
- Preserve compatibility for valid existing configurations
Acceptance criteria
- Documented behavior for selected environment variables
- Tests for malformed or unsafe values
- No behavior break for valid existing configs
Contribution
I’d be happy to work on this issue and contribute a PR if this approach sounds good.
Problem
Environment-driven configuration can become an attack or misconfiguration surface if accepted values are not clearly constrained or validated.
Proposal
Identify a minimal set of sensitive or externally controlled environment variables, then:
Acceptance criteria
Contribution
I’d be happy to work on this issue and contribute a PR if this approach sounds good.