plushie/renderer_env

Build a safe environment for the renderer Port child process.

Erlang ports inherit the parent process environment by default, which can leak sensitive variables. This module builds a whitelist of display, rendering, and system variables and actively unsets everything else via {Name, false} in the port :env option.

Types

EnvEntry

</>

An environment variable entry: either set to a value or explicitly unset.

pub type EnvEntry {
  Set(key: String, value: String)
  Unset(key: String)
}

Constructors

```
Set(key: String, value: String)
```
```
Unset(key: String)
```

EnvOpts

</>

Options for building the renderer environment.

pub type EnvOpts {
  EnvOpts(
    rust_log: option.Option(String),
    extra: dict.Dict(String, String),
  )
}

Constructors

```
EnvOpts(
  rust_log: option.Option(String),
  extra: dict.Dict(String, String),
)
```
Arguments

rust_log

Override RUST_LOG level (default: “error”).

extra

Extra environment variables to include.

Values

build

</>

pub fn build(opts: EnvOpts) -> List(EnvEntry)

Build an environment entry list for the renderer port.

Whitelisted variables are set; all other current env vars are explicitly unset so they don’t leak to the child process.

default_opts

</>

pub fn default_opts() -> EnvOpts

Default environment options.

to_port_env

</>

pub fn to_port_env(entries: List(EnvEntry)) -> dynamic.Dynamic

Convert env entries to Erlang port format for the :env option. Set entries become {Charlist, Charlist}, Unset entries become {Charlist, false}.

Constructors

Constructors

Arguments