diff options
| author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2020-12-15 13:02:51 +0300 |
|---|---|---|
| committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2020-12-17 19:29:53 +0300 |
| commit | b140b7b4e1b7d6941264706e68e802ea61f04f04 (patch) | |
| tree | a0f2cc940c444513150310dc47d0845625cca374 | |
| parent | d8f65f062c39af061656b477ca7413db0d93d907 (diff) | |
command: Filter `AllowedEnviroment()` via explicit slice
The `AllowedEnvironment()` function currently operates on the real
environment directly, which makes it quite inflexible as one cannot
filter a different environment. As we're about to move filtering of the
allowed environment into the hooks manager, which only has those
variables in the incoming environment slice, this commit refactors the
function to instead filter a given slice.
| -rw-r--r-- | cmd/gitaly-hooks/hooks.go | 2 | ||||
| -rw-r--r-- | internal/command/command.go | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/cmd/gitaly-hooks/hooks.go b/cmd/gitaly-hooks/hooks.go index 99598b2b4..b1164f410 100644 --- a/cmd/gitaly-hooks/hooks.go +++ b/cmd/gitaly-hooks/hooks.go @@ -221,7 +221,7 @@ func dialGitaly(payload git.HooksPayload) (*grpc.ClientConn, error) { } func hookEnvironment(payload git.HooksPayload) ([]string, error) { - environment := command.AllowedEnvironment() + environment := command.AllowedEnvironment(os.Environ()) for _, kv := range os.Environ() { if strings.HasPrefix(kv, "GL_") { diff --git a/internal/command/command.go b/internal/command/command.go index 028b8eb38..9155751f4 100644 --- a/internal/command/command.go +++ b/internal/command/command.go @@ -197,7 +197,7 @@ func New(ctx context.Context, cmd *exec.Cmd, stdin io.Reader, stdout, stderr io. env = append(env, "GIT_TERMINAL_PROMPT=0") // Export env vars - cmd.Env = append(env, AllowedEnvironment()...) + cmd.Env = append(env, AllowedEnvironment(os.Environ())...) cmd.Env = envInjector(ctx, cmd.Env) // Start the command in its own process group (nice for signalling) @@ -262,15 +262,18 @@ func New(ctx context.Context, cmd *exec.Cmd, stdin io.Reader, stdout, stderr io. return command, nil } -// AllowedEnvironment returns an environment based on the allowed -// variables defined above. This is useful for constructing a base -// environment in which a command can be run. -func AllowedEnvironment() []string { +// AllowedEnvironment filters the given slice of environment variables and +// returns all variables which are allowed per the variables defined above. +// This is useful for constructing a base environment in which a command can be +// run. +func AllowedEnvironment(envs []string) []string { var filtered []string - for _, envVarName := range exportedEnvVars { - if val, ok := os.LookupEnv(envVarName); ok { - filtered = append(filtered, fmt.Sprintf("%s=%s", envVarName, val)) + for _, env := range envs { + for _, exportedEnv := range exportedEnvVars { + if strings.HasPrefix(env, exportedEnv+"=") { + filtered = append(filtered, env) + } } } |