Credo.Check.Warning.LeakyEnvironment (Credo v1.5.0) View Source
This check has a base priority of high
and works with any version of Elixir.
Explanation
OS child processes inherit the environment of their parent process. This includes sensitive configuration parameters, such as credentials. To minimize the risk of such values leaking, clear or overwrite them when spawning executables.
The functions System.cmd/2
and System.cmd/3
allow environment variables be cleared by
setting their value to nil
:
System.cmd("env", [], env: %{"DB_PASSWORD" => nil})
Configuration parameters
There are no specific parameters for this check.
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs
config file.