3

i try to do a simple task and get environment variable both in Linux and windows all docs point to use : std::getenv but when i run the compilation in windows 10 using visual studio 2019 I'm getting :

error C4996: 'getenv': This function or variable may be unsafe. Consider using _dupenv_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS

This is the function :

std::string Utils::getEnvVar(std::string const& key)
{
    char* val = std::getenv(key.c_str());
    return val == NULL ? std::string("") : std::string(val);
}

i found only this thread , which i don't understand what is the solution for cross-platform solution.

user63898
  • 29,839
  • 85
  • 272
  • 514
  • 1
    If you search more generally for the error message, without specifying `getenv` explicitly, then you should be getting a lot more hits about the "problem" and possible solutions. As a quick workaround, the error message itself contains a hint about how to disable the warning. – Some programmer dude Feb 07 '21 at 16:46
  • 1
    MS VS2019 doesn't like some old C calls, accessing raw pointers and buffers and such. They have a point: it is possible to use it wrong and create a backdoor in your program, making it possible to be exploited. So you'll have to convince VS that you really want to use it. – JHBonarius Feb 07 '21 at 16:51
  • See [this](https://stackoverflow.com/questions/631664/accessing-environment-variables-in-c#comment64207522_631717) comment on "why" – Aykhan Hagverdili Feb 07 '21 at 18:04
  • On Windows, use [`GetEnvironmentVariableW`](https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getenvironmentvariablew). Create a 3rd function that wraps this on Windows and `getenv` on Linux into a common interface. – Aykhan Hagverdili Feb 07 '21 at 18:19

1 Answers1

2

The compiler message says it all:

error C4996: 'getenv': This function or variable may be unsafe. Consider using _dupenv_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS

The warnings is MSVC specific. It warns about usage of an unsafe C standard function.

If you only need to compile on MSVC, then

Consider using _dupenv_s instead.

If you need cross platform compatibility, then

To disable deprecation, use _CRT_SECURE_NO_WARNINGS

Which is a define, so just #define _CRT_SECURE_NO_WARNINGS. Another solution would be to disable the warning (#pragma warning(disable: 4996)).

See also Remove secure warnings (_CRT_SECURE_NO_WARNINGS) from projects by default in Visual Studio.

Werner Henze
  • 16,404
  • 12
  • 44
  • 69
  • But what is the actual problem with std::getenv? – Bernd Feb 07 '21 at 17:09
  • I found another thread about it: https://stackoverflow.com/questions/631664/accessing-environment-variables-in-c – Bernd Feb 07 '21 at 17:14
  • @Bernd I don't know what MS thinks is the problem with `getenv`. They don't mention it on the [docs for getenv](https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/getenv-wgetenv) or [getenv_s](https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/getenv-s-wgetenv-s). Reading [security functions](https://docs.microsoft.com/en-us/cpp/c-runtime-library/security-features-in-the-crt) maybe they wanted better parameter validation and enhanced error reporting. Or they want to prevent that code erronously writes to `*getenv(...)` which returns `char*` and not `const char*`? – Werner Henze Feb 07 '21 at 17:59
  • @WernerHenze you can see [this](https://stackoverflow.com/questions/631664/accessing-environment-variables-in-c#comment64207522_631717) comment for "why". – Aykhan Hagverdili Feb 07 '21 at 18:22
  • @AyxanHaqverdili From [here](https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/dupenv-s-wdupenv-s?view=msvc-160) "_dupenv_s uses the copy of the environment pointed to by the global variable _environ to access the environment." So the alternative suggested by the warning does the same as `getenv`. – Werner Henze Feb 07 '21 at 19:22
  • @Werner the alternative is `GetEnvironmentVariableW` from Win32. – Aykhan Hagverdili Feb 08 '21 at 04:58