From b198778810703876e7cfdc4138eb22dd0d9583f1 Mon Sep 17 00:00:00 2001
From: Evgenii Alekseev <i@arcanis.me>
Date: Mon, 2 Oct 2023 16:37:20 +0300
Subject: [PATCH] fix: whitelist environment variables instead of passing all
 of them

Earlier applied fix d5f4fc9b86f41d5801b7cd475fc897eb6b9d1853 introduced
errors with interaction, because (in docker container) HOME variable was
passed also to subprocesses. This fix limits variables to be passed to
the whitelisted ones
---
 src/ahriman/core/util.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ahriman/core/util.py b/src/ahriman/core/util.py
index 40054a29..36cfdef8 100644
--- a/src/ahriman/core/util.py
+++ b/src/ahriman/core/util.py
@@ -129,7 +129,11 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
     environment = environment or {}
     if user is not None:
         environment["HOME"] = getpwuid(user).pw_dir
-    full_environment = os.environ | environment
+    full_environment = {
+        key: value
+        for key, value in os.environ.items()
+        if key in ("PATH",)  # whitelisted variables only
+    } | environment
 
     with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                           user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process: