I’m in the process of using System.cmd to run a something and Credo is giving me this warning.
Warnings - please take a look
┃
┃ [W] ↗ When using System.cmd/2, clear or overwrite sensitive environment
┃ variables
Referenced here Credo.Check.Warning.LeakyEnvironment — Credo v1.5.5
I looked at the System.cmd docs and it shows that you can pass nil to clear a specific variable like this… env: [{"SPECIFIC_VAR", nil}].
But is there an easier way? It seems unrealistic to imagine listing and overwriting every environment variable at each place in your code that may be calling System.cmd. Is there some way to not pass any variables except those that you decide to allow?
