fix(sec): clear env vars

.vscode/launch.json

@@ -10,7 +10,8 @@
             "args": ["server", "--config", "${workspaceFolder}/.devcontainer/config.json"],
             "cwd": "${workspaceFolder}",
             "env": {
-                "PATH": "${workspaceFolder}/.venv/bin:${env:PATH}"
+                "PATH": "${workspaceFolder}/.venv/bin:${env:PATH}",
+                "SEMAPHORE_ADMIN_PASSWORD": "test123"
             }
         }, 
         {

db_lib/AnsiblePlaybook.go

@@ -22,7 +22,7 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
 	cmd := exec.Command(command, args...) //nolint: gas
 	cmd.Dir = p.GetFullPath()
 
-	cmd.Env = removeSensitiveEnvs(os.Environ())
+	cmd.Env = []string{}
 
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))

db_lib/LocalApp.go

@@ -2,35 +2,10 @@ package db_lib
 
 import (
 	"os"
-	"strings"
 
 	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
 )
 
-func removeSensitiveEnvs(envs []string) (res []string) {
-	sensitives := []string{
-		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
-		"SEMAPHORE_ADMIN_PASSWORD",
-		"SEMAPHORE_DB_USER",
-		"SEMAPHORE_DB_NAME",
-		"SEMAPHORE_DB_HOST",
-		"SEMAPHORE_DB_PASS",
-		"SEMAPHORE_LDAP_PASSWORD",
-		"SEMAPHORE_RUNNER_TOKEN",
-		"SEMAPHORE_RUNNER_ID",
-	}
-
-	for _, e := range envs {
-		for _, s := range sensitives {
-			if !strings.HasPrefix(e, s+"=") {
-				res = append(res, e)
-			}
-		}
-	}
-
-	return res
-}
-
 type LocalApp interface {
 	SetLogger(logger task_logger.Logger) task_logger.Logger
 	InstallRequirements(environmentVars *[]string) error

db_lib/ShellApp.go

@@ -2,13 +2,14 @@ package db_lib
 
 import (
 	"fmt"
-	"github.com/ansible-semaphore/semaphore/db"
-	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
-	"github.com/ansible-semaphore/semaphore/util"
 	"os"
 	"os/exec"
 	"strings"
 	"time"
+
+	"github.com/ansible-semaphore/semaphore/db"
+	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
+	"github.com/ansible-semaphore/semaphore/util"
 )
 
 type ShellApp struct {
@@ -44,7 +45,7 @@ func (t *ShellApp) makeCmd(command string, args []string, environmentVars *[]str
 	cmd := exec.Command(command, args...) //nolint: gas
 	cmd.Dir = t.GetFullPath()
 
-	cmd.Env = removeSensitiveEnvs(os.Environ())
+	cmd.Env = []string{}
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
 

db_lib/TerraformApp.go

@@ -2,14 +2,15 @@ package db_lib
 
 import (
 	"fmt"
-	"github.com/ansible-semaphore/semaphore/db"
-	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
-	"github.com/ansible-semaphore/semaphore/util"
 	"os"
 	"os/exec"
 	"path"
 	"strings"
 	"time"
+
+	"github.com/ansible-semaphore/semaphore/db"
+	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
+	"github.com/ansible-semaphore/semaphore/util"
 )
 
 type TerraformApp struct {
@@ -37,7 +38,7 @@ func (t *TerraformApp) makeCmd(command string, args []string, environmentVars *[
 	cmd := exec.Command(command, args...) //nolint: gas
 	cmd.Dir = t.GetFullPath()
 
-	cmd.Env = removeSensitiveEnvs(os.Environ())
+	cmd.Env = []string{}
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))