From d02b4f321d01fbd4cd2b4c1bd76d1f06d1612126 Mon Sep 17 00:00:00 2001
From: Mike McQuaid
Date: Sat, 22 Apr 2017 16:31:19 +0100
Subject: Hide sensitive tokens from install/test/post.

Hide these tokens to avoid malicious subprocesses e.g. sending them
over the network. Also, support using these tokens with environment
filtering and clear `HOMEBREW_PATH` from subprocesses to stop them
sniffing it. Finally, use `HOMEBREW_PATH` to detect Homebrew’s user’s
PATH for e.g. `brew doctor` etc.
---
 Library/Homebrew/extend/ENV.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Library/Homebrew/extend')

diff --git a/Library/Homebrew/extend/ENV.rb b/Library/Homebrew/extend/ENV.rb
index 729598e28..283e90b69 100644
--- a/Library/Homebrew/extend/ENV.rb
+++ b/Library/Homebrew/extend/ENV.rb
@@ -26,6 +26,13 @@ module EnvActivation
   ensure
     replace(old_env)
   end
+
+  def clear_sensitive_environment!
+    ENV.keys.each do |key|
+      next unless /(cookie|key|token)/i =~ key
+      ENV.delete key
+    end
+  end
 end
 
 ENV.extend(EnvActivation)
-- 
cgit v1.2.3