From 8f77fde63864d839ad42f2270c7d8d394cde1574 Mon Sep 17 00:00:00 2001
From: Denis Gukov <fiftin@outlook.com>
Date: Wed, 10 Jul 2024 16:23:34 +0500
Subject: [PATCH] fix(be): remove sensitive env vars instead of set empty

---
 db_lib/AnsiblePlaybook.go |  4 +---
 db_lib/LocalApp.go        | 15 +++++++++++++--
 db_lib/ShellApp.go        |  4 +---
 db_lib/TerraformApp.go    |  4 +---
 util/config.go            | 10 ++++++++++
 5 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/db_lib/AnsiblePlaybook.go b/db_lib/AnsiblePlaybook.go
index 1697e8ee..d3da4872 100644
--- a/db_lib/AnsiblePlaybook.go
+++ b/db_lib/AnsiblePlaybook.go
@@ -38,9 +38,7 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
 	}
 
 	// Remove sensitive env variables from cmd process
-	for _, env := range getSensitiveEnvs() {
-		cmd.Env = append(cmd.Env, env+"=")
-	}
+	cmd.Env = removeSensitiveEnvs(cmd.Env)
 
 	return cmd
 }
diff --git a/db_lib/LocalApp.go b/db_lib/LocalApp.go
index 21438868..fdff1902 100644
--- a/db_lib/LocalApp.go
+++ b/db_lib/LocalApp.go
@@ -2,12 +2,13 @@ package db_lib
 
 import (
 	"os"
+	"strings"
 
 	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
 )
 
-func getSensitiveEnvs() []string {
-	return []string{
+func removeSensitiveEnvs(envs []string) (res []string) {
+	sensitives := []string{
 		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
 		"SEMAPHORE_ADMIN_PASSWORD",
 		"SEMAPHORE_DB_USER",
@@ -16,6 +17,16 @@ func getSensitiveEnvs() []string {
 		"SEMAPHORE_DB_PASS",
 		"SEMAPHORE_LDAP_PASSWORD",
 	}
+
+	for _, e := range envs {
+		for _, s := range sensitives {
+			if !strings.HasPrefix(e, s+"=") {
+				res = append(res, e)
+			}
+		}
+	}
+
+	return res
 }
 
 type LocalApp interface {
diff --git a/db_lib/ShellApp.go b/db_lib/ShellApp.go
index ae021f1d..ecffb5f0 100644
--- a/db_lib/ShellApp.go
+++ b/db_lib/ShellApp.go
@@ -53,9 +53,7 @@ func (t *ShellApp) makeCmd(command string, args []string, environmentVars *[]str
 	}
 
 	// Remove sensitive env variables from cmd process
-	for _, env := range getSensitiveEnvs() {
-		cmd.Env = append(cmd.Env, env+"=")
-	}
+	cmd.Env = removeSensitiveEnvs(cmd.Env)
 
 	return cmd
 }
diff --git a/db_lib/TerraformApp.go b/db_lib/TerraformApp.go
index f53c607c..a2aee31e 100644
--- a/db_lib/TerraformApp.go
+++ b/db_lib/TerraformApp.go
@@ -52,9 +52,7 @@ func (t *TerraformApp) makeCmd(command string, args []string, environmentVars *[
 	}
 
 	// Remove sensitive env variables from cmd process
-	for _, env := range getSensitiveEnvs() {
-		cmd.Env = append(cmd.Env, env+"=")
-	}
+	cmd.Env = removeSensitiveEnvs(cmd.Env)
 
 	return cmd
 }
diff --git a/util/config.go b/util/config.go
index c4191121..9901460d 100644
--- a/util/config.go
+++ b/util/config.go
@@ -828,3 +828,13 @@ func CheckDefaultApps() {
 		}
 	}
 }
+
+func PrintDebug() {
+	envs := os.Environ()
+	for _, e := range envs {
+		fmt.Println(e)
+	}
+
+	b, _ := Config.ToJSON()
+	fmt.Println(string(b))
+}