From 66697d429046550904adfa3ac8e689b37c964b6a Mon Sep 17 00:00:00 2001 From: Cheng XU Date: Sat, 13 Jul 2019 22:48:22 +0800 Subject: [PATCH] ENV: add sensitive_environment function ENV#sensitive_environment is used to list all sensitive environments. Also refactor the code on determining whether an environment is sensitive. --- Library/Homebrew/extend/ENV.rb | 14 +++++++++----- Library/Homebrew/system_config.rb | 3 ++- Library/Homebrew/test/ENV_spec.rb | 7 +++++++ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/Library/Homebrew/extend/ENV.rb b/Library/Homebrew/extend/ENV.rb index 4d8bae1024..8b7ca32219 100644 --- a/Library/Homebrew/extend/ENV.rb +++ b/Library/Homebrew/extend/ENV.rb @@ -29,12 +29,16 @@ module EnvActivation replace(old_env) end - def clear_sensitive_environment! - each_key do |key| - next unless /(cookie|key|token|password)/i =~ key + def sensitive?(key) + /(cookie|key|token|password)/i =~ key + end - delete key - end + def sensitive_environment + select { |key, _| sensitive?(key) } + end + + def clear_sensitive_environment! + each_key { |key| delete key if sensitive?(key) } end end diff --git a/Library/Homebrew/system_config.rb b/Library/Homebrew/system_config.rb index 2f8924b771..cb5a0884a2 100644 --- a/Library/Homebrew/system_config.rb +++ b/Library/Homebrew/system_config.rb @@ -4,6 +4,7 @@ require "hardware" require "software_spec" require "rexml/document" require "development_tools" +require "extend/ENV" class SystemConfig class << self @@ -173,7 +174,7 @@ class SystemConfig next if boring_keys.include?(key) next if defaults_hash[key.to_sym] - value = "set" if key =~ /(cookie|key|token|password)/i + value = "set" if ENV.sensitive?(key) f.puts "#{key}: #{value}" end end diff --git a/Library/Homebrew/test/ENV_spec.rb b/Library/Homebrew/test/ENV_spec.rb index 726479c648..e7bac787fa 100644 --- a/Library/Homebrew/test/ENV_spec.rb +++ b/Library/Homebrew/test/ENV_spec.rb @@ -143,6 +143,13 @@ shared_examples EnvActivation do expect(subject["MAKEFLAGS"]).to eq("-j4") end + describe "#sensitive_environment" do + it "list sensitive environment" do + subject["SECRET_TOKEN"] = "password" + expect(subject.sensitive_environment).to include("SECRET_TOKEN") + end + end + describe "#clear_sensitive_environment!" do it "removes sensitive environment variables" do subject["SECRET_TOKEN"] = "password"