mirror of
https://github.com/semaphoreui/semaphore.git
synced 2024-11-23 20:35:24 +01:00
fix(sec): clear env vars
This commit is contained in:
parent
06bb156408
commit
f33944e042
3
.vscode/launch.json
vendored
3
.vscode/launch.json
vendored
@ -10,7 +10,8 @@
|
|||||||
"args": ["server", "--config", "${workspaceFolder}/.devcontainer/config.json"],
|
"args": ["server", "--config", "${workspaceFolder}/.devcontainer/config.json"],
|
||||||
"cwd": "${workspaceFolder}",
|
"cwd": "${workspaceFolder}",
|
||||||
"env": {
|
"env": {
|
||||||
"PATH": "${workspaceFolder}/.venv/bin:${env:PATH}"
|
"PATH": "${workspaceFolder}/.venv/bin:${env:PATH}",
|
||||||
|
"SEMAPHORE_ADMIN_PASSWORD": "test123"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
|
|||||||
cmd := exec.Command(command, args...) //nolint: gas
|
cmd := exec.Command(command, args...) //nolint: gas
|
||||||
cmd.Dir = p.GetFullPath()
|
cmd.Dir = p.GetFullPath()
|
||||||
|
|
||||||
cmd.Env = removeSensitiveEnvs(os.Environ())
|
cmd.Env = []string{}
|
||||||
|
|
||||||
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
|
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
|
||||||
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
|
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
|
||||||
|
@ -2,35 +2,10 @@ package db_lib
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
|
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
func removeSensitiveEnvs(envs []string) (res []string) {
|
|
||||||
sensitives := []string{
|
|
||||||
"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
|
|
||||||
"SEMAPHORE_ADMIN_PASSWORD",
|
|
||||||
"SEMAPHORE_DB_USER",
|
|
||||||
"SEMAPHORE_DB_NAME",
|
|
||||||
"SEMAPHORE_DB_HOST",
|
|
||||||
"SEMAPHORE_DB_PASS",
|
|
||||||
"SEMAPHORE_LDAP_PASSWORD",
|
|
||||||
"SEMAPHORE_RUNNER_TOKEN",
|
|
||||||
"SEMAPHORE_RUNNER_ID",
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, e := range envs {
|
|
||||||
for _, s := range sensitives {
|
|
||||||
if !strings.HasPrefix(e, s+"=") {
|
|
||||||
res = append(res, e)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return res
|
|
||||||
}
|
|
||||||
|
|
||||||
type LocalApp interface {
|
type LocalApp interface {
|
||||||
SetLogger(logger task_logger.Logger) task_logger.Logger
|
SetLogger(logger task_logger.Logger) task_logger.Logger
|
||||||
InstallRequirements(environmentVars *[]string) error
|
InstallRequirements(environmentVars *[]string) error
|
||||||
|
@ -2,13 +2,14 @@ package db_lib
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/ansible-semaphore/semaphore/db"
|
|
||||||
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
|
|
||||||
"github.com/ansible-semaphore/semaphore/util"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/ansible-semaphore/semaphore/db"
|
||||||
|
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
|
||||||
|
"github.com/ansible-semaphore/semaphore/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ShellApp struct {
|
type ShellApp struct {
|
||||||
@ -44,7 +45,7 @@ func (t *ShellApp) makeCmd(command string, args []string, environmentVars *[]str
|
|||||||
cmd := exec.Command(command, args...) //nolint: gas
|
cmd := exec.Command(command, args...) //nolint: gas
|
||||||
cmd.Dir = t.GetFullPath()
|
cmd.Dir = t.GetFullPath()
|
||||||
|
|
||||||
cmd.Env = removeSensitiveEnvs(os.Environ())
|
cmd.Env = []string{}
|
||||||
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
|
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
|
||||||
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
|
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
|
||||||
|
|
||||||
|
@ -2,14 +2,15 @@ package db_lib
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/ansible-semaphore/semaphore/db"
|
|
||||||
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
|
|
||||||
"github.com/ansible-semaphore/semaphore/util"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/ansible-semaphore/semaphore/db"
|
||||||
|
"github.com/ansible-semaphore/semaphore/pkg/task_logger"
|
||||||
|
"github.com/ansible-semaphore/semaphore/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
type TerraformApp struct {
|
type TerraformApp struct {
|
||||||
@ -37,7 +38,7 @@ func (t *TerraformApp) makeCmd(command string, args []string, environmentVars *[
|
|||||||
cmd := exec.Command(command, args...) //nolint: gas
|
cmd := exec.Command(command, args...) //nolint: gas
|
||||||
cmd.Dir = t.GetFullPath()
|
cmd.Dir = t.GetFullPath()
|
||||||
|
|
||||||
cmd.Env = removeSensitiveEnvs(os.Environ())
|
cmd.Env = []string{}
|
||||||
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
|
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
|
||||||
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
|
cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user