fix(be): remove sensitive env vars instead of set empty

db_lib/AnsiblePlaybook.go

@@ -38,9 +38,7 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
 	}
 
 	// Remove sensitive env variables from cmd process
-	for _, env := range getSensitiveEnvs() {
+	cmd.Env = removeSensitiveEnvs(cmd.Env)
-		cmd.Env = append(cmd.Env, env+"=")
-	}
 
 	return cmd
 }

db_lib/LocalApp.go

@@ -2,12 +2,13 @@ package db_lib
 
 import (
 	"os"
+	"strings"
 
 	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
 )
 
-func getSensitiveEnvs() []string {
+func removeSensitiveEnvs(envs []string) (res []string) {
-	return []string{
+	sensitives := []string{
 		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
 		"SEMAPHORE_ADMIN_PASSWORD",
 		"SEMAPHORE_DB_USER",
@@ -16,6 +17,16 @@ func getSensitiveEnvs() []string {
 		"SEMAPHORE_DB_PASS",
 		"SEMAPHORE_LDAP_PASSWORD",
 	}
+
+	for _, e := range envs {
+		for _, s := range sensitives {
+			if !strings.HasPrefix(e, s+"=") {
+				res = append(res, e)
+			}
+		}
+	}
+
+	return res
 }
 
 type LocalApp interface {

db_lib/ShellApp.go

@@ -53,9 +53,7 @@ func (t *ShellApp) makeCmd(command string, args []string, environmentVars *[]str
 	}
 
 	// Remove sensitive env variables from cmd process
-	for _, env := range getSensitiveEnvs() {
+	cmd.Env = removeSensitiveEnvs(cmd.Env)
-		cmd.Env = append(cmd.Env, env+"=")
-	}
 
 	return cmd
 }

db_lib/TerraformApp.go

@@ -52,9 +52,7 @@ func (t *TerraformApp) makeCmd(command string, args []string, environmentVars *[
 	}
 
 	// Remove sensitive env variables from cmd process
-	for _, env := range getSensitiveEnvs() {
+	cmd.Env = removeSensitiveEnvs(cmd.Env)
-		cmd.Env = append(cmd.Env, env+"=")
-	}
 
 	return cmd
 }

util/config.go

@@ -828,3 +828,13 @@ func CheckDefaultApps() {
 		}
 	}
 }
+
+func PrintDebug() {
+	envs := os.Environ()
+	for _, e := range envs {
+		fmt.Println(e)
+	}
+
+	b, _ := Config.ToJSON()
+	fmt.Println(string(b))
+}