Skip to content

Commit 5822ed1

Browse files
fiftinfiftin
committed
fix(security): clear env vars
1 parent 089a10a commit 5822ed1

File tree

4 files changed

+3
-35
lines changed

4 files changed

+3
-35
lines changed

db_lib/AnsiblePlaybook.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
2222
cmd := exec.Command(command, args...) //nolint: gas
2323
cmd.Dir = p.GetFullPath()
2424

25-
cmd.Env = removeSensitiveEnvs(os.Environ())
25+
cmd.Env = string[]{}
2626

2727
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
2828
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))

db_lib/LocalApp.go

-32
Original file line numberDiff line numberDiff line change
@@ -7,38 +7,6 @@ import (
77
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
88
)
99

10-
func isSensitiveVar(v string) bool {
11-
sensitives := []string{
12-
"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
13-
"SEMAPHORE_ADMIN_PASSWORD",
14-
"SEMAPHORE_DB_USER",
15-
"SEMAPHORE_DB_NAME",
16-
"SEMAPHORE_DB_HOST",
17-
"SEMAPHORE_DB_PASS",
18-
"SEMAPHORE_LDAP_PASSWORD",
19-
"SEMAPHORE_RUNNER_TOKEN",
20-
"SEMAPHORE_RUNNER_ID",
21-
}
22-
23-
for _, s := range sensitives {
24-
if strings.HasPrefix(v, s+"=") {
25-
return true
26-
}
27-
}
28-
29-
return false
30-
}
31-
32-
func removeSensitiveEnvs(envs []string) (res []string) {
33-
34-
for _, e := range envs {
35-
if !isSensitiveVar(e) {
36-
res = append(res, e)
37-
}
38-
}
39-
40-
return res
41-
}
4210

4311
type LocalApp interface {
4412
SetLogger(logger task_logger.Logger) task_logger.Logger

db_lib/ShellApp.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ func (t *ShellApp) makeCmd(command string, args []string, environmentVars *[]str
4444
cmd := exec.Command(command, args...) //nolint: gas
4545
cmd.Dir = t.GetFullPath()
4646

47-
cmd.Env = removeSensitiveEnvs(os.Environ())
47+
cmd.Env = string[]{}
4848
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
4949
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
5050

db_lib/TerraformApp.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ func (t *TerraformApp) makeCmd(command string, args []string, environmentVars *[
3737
cmd := exec.Command(command, args...) //nolint: gas
3838
cmd.Dir = t.GetFullPath()
3939

40-
cmd.Env = removeSensitiveEnvs(os.Environ())
40+
cmd.Env = string[]{}
4141
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
4242
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
4343

0 commit comments

Comments
 (0)