Merge commit from fork

fix(security): clear env vars

Author: fiftin

db_lib/AnsiblePlaybook.go

@@ -22,7 +22,7 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
 	cmd := exec.Command(command, args...) //nolint: gas
 	cmd.Dir = p.GetFullPath()
 
-	cmd.Env = removeSensitiveEnvs(os.Environ())
+	cmd.Env = []string{}
 
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))

db_lib/LocalApp.go

@@ -2,44 +2,10 @@ package db_lib
 
 import (
 	"os"
-	"strings"
 
 	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
 )
 
-func isSensitiveVar(v string) bool {
-	sensitives := []string{
-		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
-		"SEMAPHORE_ADMIN_PASSWORD",
-		"SEMAPHORE_DB_USER",
-		"SEMAPHORE_DB_NAME",
-		"SEMAPHORE_DB_HOST",
-		"SEMAPHORE_DB_PASS",
-		"SEMAPHORE_LDAP_PASSWORD",
-		"SEMAPHORE_RUNNER_TOKEN",
-		"SEMAPHORE_RUNNER_ID",
-	}
-
-	for _, s := range sensitives {
-		if strings.HasPrefix(v, s+"=") {
-			return true
-		}
-	}
-
-	return false
-}
-
-func removeSensitiveEnvs(envs []string) (res []string) {
-
-	for _, e := range envs {
-		if !isSensitiveVar(e) {
-			res = append(res, e)
-		}
-	}
-
-	return res
-}
-
 type LocalApp interface {
 	SetLogger(logger task_logger.Logger) task_logger.Logger
 	InstallRequirements(environmentVars *[]string) error

db_lib/ShellApp.go

@@ -2,13 +2,14 @@ package db_lib
 
 import (
 	"fmt"
-	"github.com/ansible-semaphore/semaphore/db"
-	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
-	"github.com/ansible-semaphore/semaphore/util"
 	"os"
 	"os/exec"
 	"strings"
 	"time"
+
+	"github.com/ansible-semaphore/semaphore/db"
+	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
+	"github.com/ansible-semaphore/semaphore/util"
 )
 
 type ShellApp struct {
@@ -44,7 +45,7 @@ func (t *ShellApp) makeCmd(command string, args []string, environmentVars *[]str
 	cmd := exec.Command(command, args...) //nolint: gas
 	cmd.Dir = t.GetFullPath()
 
-	cmd.Env = removeSensitiveEnvs(os.Environ())
+	cmd.Env = []string{}
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
 

db_lib/TerraformApp.go

@@ -2,14 +2,15 @@ package db_lib
 
 import (
 	"fmt"
-	"github.com/ansible-semaphore/semaphore/db"
-	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
-	"github.com/ansible-semaphore/semaphore/util"
 	"os"
 	"os/exec"
 	"path"
 	"strings"
 	"time"
+
+	"github.com/ansible-semaphore/semaphore/db"
+	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
+	"github.com/ansible-semaphore/semaphore/util"
 )
 
 type TerraformApp struct {
@@ -37,7 +38,7 @@ func (t *TerraformApp) makeCmd(command string, args []string, environmentVars *[
 	cmd := exec.Command(command, args...) //nolint: gas
 	cmd.Dir = t.GetFullPath()
 
-	cmd.Env = removeSensitiveEnvs(os.Environ())
+	cmd.Env = []string{}
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))