I’m in the process of using System.cmd
to run a something and Credo is giving me this warning.
Warnings - please take a look
┃
┃ [W] ↗ When using System.cmd/2, clear or overwrite sensitive environment
┃ variables
Referenced here Credo.Check.Warning.LeakyEnvironment — Credo v1.5.5
I looked at the System.cmd docs and it shows that you can pass nil
to clear a specific variable like this… env: [{"SPECIFIC_VAR", nil}]
.
But is there an easier way? It seems unrealistic to imagine listing and overwriting every environment variable at each place in your code that may be calling System.cmd
. Is there some way to not pass any variables except those that you decide to allow?