ENV: add sensitive_environment function

ENV#sensitive_environment is used to list all sensitive environments.

Also refactor the code on determining whether an environment is sensitive.

Library/Homebrew/extend/ENV.rb

@@ -29,12 +29,16 @@ module EnvActivation
     replace(old_env)
   end
 
-  def clear_sensitive_environment!
-    each_key do |key|
-      next unless /(cookie|key|token|password)/i =~ key
-
-      delete key
+  def sensitive?(key)
+    /(cookie|key|token|password)/i =~ key
   end
+
+  def sensitive_environment
+    select { |key, _| sensitive?(key) }
+  end
+
+  def clear_sensitive_environment!
+    each_key { |key| delete key if sensitive?(key) }
   end
 end
 

Library/Homebrew/system_config.rb

@@ -4,6 +4,7 @@ require "hardware"
 require "software_spec"
 require "rexml/document"
 require "development_tools"
+require "extend/ENV"
 
 class SystemConfig
   class << self
@@ -173,7 +174,7 @@ class SystemConfig
           next if boring_keys.include?(key)
           next if defaults_hash[key.to_sym]
 
-          value = "set" if key =~ /(cookie|key|token|password)/i
+          value = "set" if ENV.sensitive?(key)
           f.puts "#{key}: #{value}"
         end
       end

Library/Homebrew/test/ENV_spec.rb

@@ -143,6 +143,13 @@ shared_examples EnvActivation do
     expect(subject["MAKEFLAGS"]).to eq("-j4")
   end
 
+  describe "#sensitive_environment" do
+    it "list sensitive environment" do
+      subject["SECRET_TOKEN"] = "password"
+      expect(subject.sensitive_environment).to include("SECRET_TOKEN")
+    end
+  end
+
   describe "#clear_sensitive_environment!" do
     it "removes sensitive environment variables" do
       subject["SECRET_TOKEN"] = "password"