fix(security): removing sensative env vars

semaphoreui · Oct 21, 2024 · 089a10a · 089a10a
1 parent 06bb156
commit 089a10a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -10,7 +10,8 @@
             "args": ["server", "--config", "${workspaceFolder}/.devcontainer/config.json"],
             "cwd": "${workspaceFolder}",
             "env": {
-                "PATH": "${workspaceFolder}/.venv/bin:${env:PATH}"
+                "PATH": "${workspaceFolder}/.venv/bin:${env:PATH}",
+                "SEMAPHORE_ADMIN_PASSWORD": "test123"
             }
         }, 
         {

diff --git a/db_lib/LocalApp.go b/db_lib/LocalApp.go
@@ -7,7 +7,7 @@ import (
 	"github.com/ansible-semaphore/semaphore/pkg/task_logger"
 )
 
-func removeSensitiveEnvs(envs []string) (res []string) {
+func isSensitiveVar(v string) bool {
 	sensitives := []string{
 		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
 		"SEMAPHORE_ADMIN_PASSWORD",
@@ -20,11 +20,20 @@ func removeSensitiveEnvs(envs []string) (res []string) {
 		"SEMAPHORE_RUNNER_ID",
 	}
 
+	for _, s := range sensitives {
+		if strings.HasPrefix(v, s+"=") {
+			return true
+		}
+	}
+
+	return false
+}
+
+func removeSensitiveEnvs(envs []string) (res []string) {
+
 	for _, e := range envs {
-		for _, s := range sensitives {
-			if !strings.HasPrefix(e, s+"=") {
-				res = append(res, e)
-			}
+		if !isSensitiveVar(e) {
+			res = append(res, e)
 		}
 	}