Merge pull request from GHSA-h3q2-8whx-c29h

this could potentially leak environment variables. closes GHSA-h3q2-8whx-c29h Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-03-17 20:47:50 +02:00 · 2024-01-29 20:53:46 -03:00 · 2024-01-29 20:53:46 -03:00 · d5b6a533ca
commit d5b6a533ca
parent 75c6d1a580
3 changed files with 1 additions and 4 deletions
--- a/internal/exec/exec.go
+++ b/internal/exec/exec.go
@ -86,7 +86,6 @@ func executePublisher(ctx *context.Context, publisher config.Publisher) error {

 func executeCommand(c *command, artifact *artifact.Artifact) error {
 	log.WithField("args", c.Args).
-		WithField("env", c.Env).
 		WithField("artifact", artifact.Name).
 		Debug("executing command")

--- a/internal/pipe/sbom/sbom.go
+++ b/internal/pipe/sbom/sbom.go
@ -201,8 +201,7 @@ func catalogArtifact(ctx *context.Context, cfg config.SBOM, a *artifact.Artifact
 	cmd.Env = append(cmd.Env, envs...)
 	cmd.Dir = ctx.Config.Dist

-	log.WithField("env", cmd.Env).
-		WithField("dir", cmd.Dir).
+	log.WithField("dir", cmd.Dir).
 		WithField("cmd", cmd.Args).
 		Debug("running")

--- a/internal/shell/shell.go
+++ b/internal/shell/shell.go
@ -18,7 +18,6 @@ import (
 func Run(ctx *context.Context, dir string, command, env []string, output bool) error {
 	log := log.
 		WithField("cmd", command).
-		WithField("env", env).
 		WithField("dir", dir)

 	/* #nosec */