Is there a way to clear all environment variables when using System.cmd/3?

I’m in the process of using System.cmd to run a something and Credo is giving me this warning.

Warnings - please take a look                                                 
┃ [W] ↗ When using System.cmd/2, clear or overwrite sensitive environment 
┃       variables

Referenced here Credo.Check.Warning.LeakyEnvironment — Credo v1.5.5

I looked at the System.cmd docs and it shows that you can pass nil to clear a specific variable like this… env: [{"SPECIFIC_VAR", nil}].

But is there an easier way? It seems unrealistic to imagine listing and overwriting every environment variable at each place in your code that may be calling System.cmd. Is there some way to not pass any variables except those that you decide to allow?

Turns out this was my own doing. This check is disabled by default within Credo but was enabled in my project’s configuration.

1 Like