Add GDPR_EMAIL environment variable for Docker deployments

[Copilot]

User description

The privacy policy in HTML files contains hardcoded placeholder text "TO BE FILLED BY DEVELOPER" for the GDPR deletion request contact email, requiring source modification for production deployments.

Changes

• Docker entrypoint: Added GDPR_EMAIL environment variable that replaces placeholders in index-modern.html and index-classic.html during container startup
• Documentation: Added GDPR_EMAIL to environment variable list in doc_docker.md with docker-compose example

Implementation

# Escapes sed special characters (& / \ $) and replaces both placeholders atomically
GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g')
sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file"

Usage

environment:
  GDPR_EMAIL: "privacy@example.com"

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

PR Type

Enhancement

---

Description

• Add GDPR_EMAIL environment variable for Docker deployments

• Replace hardcoded email placeholders in HTML files at startup

• Implement proper sed escaping for special characters

• Document GDPR_EMAIL in Docker configuration guide

---

Diagram Walkthrough

flowchart LR
  A["Docker Container Startup"] -->|"GDPR_EMAIL env var"| B["Entrypoint Script"]
  B -->|"Escape special chars"| C["sed Replacement"]
  C -->|"Replace placeholders"| D["index-modern.html"]
  C -->|"Replace placeholders"| E["index-classic.html"]
  F["Documentation"] -->|"GDPR_EMAIL example"| G["doc_docker.md"]

Loading

File Walkthrough

	Relevant files
Enhancement	entrypoint.sh Add GDPR email placeholder replacement logic                          docker/entrypoint.sh Added GDPR_EMAIL environment variable logging Implemented conditional GDPR email placeholder replacement logic Applied proper sed escaping for special characters (& / \ $) Processes index-modern.html and index-classic.html files Replaces both "TO BE FILLED BY DEVELOPER" and "PUT@YOUR_EMAIL.HERE" placeholders +13/-0
Documentation	doc_docker.md Document GDPR_EMAIL environment variable                                  doc_docker.md Added GDPR_EMAIL to docker-compose example with sample value Added comprehensive documentation for GDPR_EMAIL environment variable Explained purpose and GDPR compliance requirements Clarified default behavior when variable is not set +2/-0

---

[qodo-free-for-open-source-projects]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Email exposure and injection Description: The GDPR_EMAIL environment variable is logged to stdout at line 10 and then used in sed replacement without validation, potentially exposing sensitive email addresses in container logs and allowing command injection through malicious email values containing newlines or sed commands. entrypoint.sh [79-88] Referred Code if [ ! -z "$GDPR_EMAIL" ]; then # Escape special sed characters: & (replacement), / (delimiter), \ (escape), $ (variable) GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g') for html_file in /var/www/html/index-modern.html /var/www/html/index-classic.html; do if [ -f "$html_file" ]; then sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file" fi done fi
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Email exposure in logs: The GDPR_EMAIL environment variable is logged to stdout on line 10, potentially exposing contact email addresses in container logs. Referred Code echo "GDPR_EMAIL: $GDPR_EMAIL" Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Missing input validation: The GDPR_EMAIL environment variable is not validated for proper email format before being used in sed replacement, potentially allowing injection of malicious content into HTML files. Referred Code if [ ! -z "$GDPR_EMAIL" ]; then # Escape special sed characters: & (replacement), / (delimiter), \ (escape), $ (variable) GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g') Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Missing error handling: The sed replacement operation on lines 85 does not handle potential failures or verify successful replacement of placeholders. Referred Code sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file" fi Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-free-for-open-source-projects]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Improve input handling for sed Replace the fragile sed command with a more robust perl command to avoid script errors from special characters in the GDPR_EMAIL variable. docker/entrypoint.sh [78-88] # Replace GDPR email placeholder if GDPR_EMAIL is set if [ ! -z "$GDPR_EMAIL" ]; then - # Escape special sed characters: & (replacement), / (delimiter), \ (escape), $ (variable) - GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g') - for html_file in /var/www/html/index-modern.html /var/www/html/index-classic.html; do if [ -f "$html_file" ]; then - sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file" + export GDPR_EMAIL + perl -i -pe 's/TO BE FILLED BY DEVELOPER|PUT\@YOUR_EMAIL\.HERE/$ENV{GDPR_EMAIL}/g' "$html_file" fi done fi Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a bug where special characters in the GDPR_EMAIL variable would break the script due to improper escaping for sed. The proposed perl solution is more robust and prevents such failures.	Medium
More