Hide sensitive tokens from install/test/post.

Hide these tokens to avoid malicious subprocesses e.g. sending them over the network. Also, support using these tokens with environment filtering and clear `HOMEBREW_PATH` from subprocesses to stop them sniffing it. Finally, use `HOMEBREW_PATH` to detect Homebrew’s user’s PATH for e.g. `brew doctor` etc.
author: Mike McQuaid 2017-04-22 16:31:19 +0100
committer: Mike McQuaid 2017-04-22 16:31:19 +0100
commit: d02b4f321d01fbd4cd2b4c1bd76d1f06d1612126 (patch)
tree: c7c3945f258f8b33278b120f788b8c6c82a21688 /Library/Homebrew/extend
parent: 206d6de845c9041bbbd4d955e56befb338295e96 (diff)
download: brew-d02b4f321d01fbd4cd2b4c1bd76d1f06d1612126.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/Library/Homebrew/extend/ENV.rb b/Library/Homebrew/extend/ENV.rb
index 729598e28..283e90b69 100644
--- a/Library/Homebrew/extend/ENV.rb
+++ b/Library/Homebrew/extend/ENV.rb
@@ -26,6 +26,13 @@ module EnvActivation
   ensure
     replace(old_env)
   end
+
+  def clear_sensitive_environment!
+    ENV.keys.each do |key|
+      next unless /(cookie|key|token)/i =~ key
+      ENV.delete key
+    end
+  end
 end
 
 ENV.extend(EnvActivation)
author	Mike McQuaid	2017-04-22 16:31:19 +0100
committer	Mike McQuaid	2017-04-22 16:31:19 +0100
commit	d02b4f321d01fbd4cd2b4c1bd76d1f06d1612126 (patch)
tree	c7c3945f258f8b33278b120f788b8c6c82a21688 /Library/Homebrew/extend
parent	206d6de845c9041bbbd4d955e56befb338295e96 (diff)
download	brew-d02b4f321d01fbd4cd2b4c1bd76d1f06d1612126.tar.bz2