Skip to content

FIX: Remove environment print for security#55

Merged
matthewfeickert merged 1 commit intomainfrom
fix/avoid-env-print
Jan 24, 2024
Merged

FIX: Remove environment print for security#55
matthewfeickert merged 1 commit intomainfrom
fix/avoid-env-print

Conversation

@matthewfeickert
Copy link
Member

@matthewfeickert matthewfeickert commented Jan 24, 2024
edited
Loading

  • As 'env' prints the entire environment this is a route to accidentally leak secrets into public logs. While GitHub properly screens secrets

e.g.

...
LANG=C.UTF-8
RUNNER_ARCH=X64
RUNNER_TEMP=/home/runner/work/_temp
INPUT_ANACONDA_NIGHTLY_UPLOAD_TOKEN=***
ACTIONS_RUNTIME_URL=https://pipelinesghubeus12.actions.githubusercontent.com/qHNE2myTV4smS5AnZY3ul8hK3jNsaMgPRnYT5KDbQp06Cln8tW/
CONDA_PROMPT_MODIFIER=(upload-nightly-action) 
...

it would be better to not provide a chance for something to go wrong.

@matthewfeickert
FIX: Remove environment print for security
4f8092b 
* As 'env' prints the entire environment this is a route to accidentally
  leak secrets into public logs. While GitHub properly screens secrets
  it would be better to not provide a chance for something to go wrong.
@matthewfeickert matthewfeickert requested a review from a team January 24, 2024 17:41
@matthewfeickert matthewfeickert self-assigned this Jan 24, 2024
@bsipocz bsipocz added the bug Something isn't working label Jan 24, 2024
@matthewfeickert matthewfeickert merged commit 6e9304f into main Jan 24, 2024
@matthewfeickert matthewfeickert deleted the fix/avoid-env-print branch January 24, 2024 18:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bsipocz bsipocz bsipocz approved these changes

Assignees

@matthewfeickert matthewfeickert

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthewfeickert @bsipocz