bug: .taskrc parser silently truncates values containing '=' characters causing silent authentication failures #611
Description
Describe your issue
The .taskrc parser in lib/app/utils/taskserver/parse_taskrc.dart
uses line.split('=') to parse key-value pairs. This causes silent
data truncation for any parameter whose value contains one or more =
characters.
This is a critical bug because base64-encoded certificates and other
taskd parameter values routinely contain = padding characters. When
these values are truncated, authentication silently fails with
absolutely no error shown to the user — making it nearly impossible
to diagnose.
Root Cause:
File: lib/app/utils/taskserver/parse_taskrc.dart
Line: 7-8
The parser does:
.map((line) => line.split('='))
and then blindly extracts pair[0] and pair[1]. When a value contains
= (e.g. base64 padding), split('=') produces 3+ parts — everything
from pair[2] onwards is permanently dropped.
Example:
Input: taskd.certificate=abc123==
split result: ['taskd.certificate', 'abc123', '', '']
Stored: 'abc123' ← trailing == silently lost
Steps to reproduce
-
Create a .taskrc file containing any parameter whose value includes
one or more '=' characters, for example:taskd.certificate=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t== -
Import this .taskrc into the app during TaskServer configuration setup
-
Tap "Taskrc file is verified" to inspect the parsed configuration
-
Observe: everything after the second '=' in the value is silently
dropped from the stored configuration
What was the expected result?
The parser should split only on the first occurrence of '=' and
preserve the entire remainder of the line as the value.
The correct fix is to replace line.split('=') with a first-occurrence
split:
final index = line.indexOf('=');
if (index == -1) return; // skip malformed lines
final key = line.substring(0, index).trim();
final value = line.substring(index + 1).trim();
This correctly handles all values containing '=' characters including
base64-encoded certificates, credentials, and taskd.trust parameters.
Impact:
- Any user with base64-encoded certificates in their .taskrc is
silently affected - Directly contributes to the root cause of issue sync: taskd.trust parameter is ignored #428 (taskd.trust
being ignored) since cert fields with '=' padding are dropped before
reaching the SSL handshake - Authentication silently fails with no error surfaced to the user
- Affects all platforms: Android, Linux, Windows, macOS
Put here any screenshots or videos (optional)
N/A — this is a code-level parser bug reproducible by reading
lib/app/utils/taskserver/parse_taskrc.dart lines 7-8
How can we contact you (optional)
Available on CCExtractor Zulip: Varad Raj Agrawal
Would you like to work on this issue?
Yes
By submitting this issue, I have confirmed that:
- I have starred the repo ⭐ and watched 👀 it on GitHub and followed the contribution guidelines.