fix restricted env filtering precedence for safe prefixes

remove broad `PULLFROG_` passthrough from restricted shell env filtering and ensure sensitive names are blocked unless explicitly allowlisted, then align the restricted test fixture with allowed-prefix coverage.

Made-with: Cursor
This commit is contained in:
Colin McDonnell
2026-04-16 06:19:32 +00:00
committed by pullfrog[bot]
parent 2d1f1d33db
commit a607ac29e1
2 changed files with 9 additions and 7 deletions
+4 -2
View File
@@ -29,7 +29,7 @@ export function isSensitiveEnvName(key: string): boolean {
const BLOCKED_ENV_NAMES = new Set(["GITHUB_TOKEN", "GH_TOKEN"]);
// prefixes whose vars are safe to pass through (runner metadata, workflow context)
const SAFE_ENV_PREFIXES = ["GITHUB_", "RUNNER_", "JAVA_HOME_", "GOROOT_", "PULLFROG_"];
const SAFE_ENV_PREFIXES = ["GITHUB_", "RUNNER_", "JAVA_HOME_", "GOROOT_"];
// exact var names safe to pass through (system + runner image toolchain)
const SAFE_ENV_NAMES = new Set([
@@ -109,7 +109,9 @@ export function filterEnv(): Record<string, string> {
for (const [key, value] of Object.entries(process.env)) {
if (value === undefined) continue;
if (BLOCKED_ENV_NAMES.has(key)) continue;
if (isSafeEnvVar(key) || _userAllowlist?.has(key)) {
const userAllowed = _userAllowlist?.has(key) ?? false;
if (isSensitiveEnvName(key) && !userAllowed) continue;
if (isSafeEnvVar(key) || userAllowed) {
filtered[key] = value;
}
}