From c440f5bbd54336e23245617a6f252a7677af1a6a Mon Sep 17 00:00:00 2001
From: Evgenii Alekseev <i@arcanis.me>
Date: Mon, 2 Oct 2023 16:37:20 +0300
Subject: [PATCH] fix: whitelist environment variables instead of passing all
 of them

Earlier applied fix bc9682373d55db8f56c7b3d4fcf4de5c4ba68afe introduced
errors with interaction, because (in docker container) HOME variable was
passed also to subprocesses. This fix limits variables to be passed to
the whitelisted ones
---
 src/ahriman/core/util.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ahriman/core/util.py b/src/ahriman/core/util.py
index 40054a29..36cfdef8 100644
--- a/src/ahriman/core/util.py
+++ b/src/ahriman/core/util.py
@@ -129,7 +129,11 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
     environment = environment or {}
     if user is not None:
         environment["HOME"] = getpwuid(user).pw_dir
-    full_environment = os.environ | environment
+    full_environment = {
+        key: value
+        for key, value in os.environ.items()
+        if key in ("PATH",)  # whitelisted variables only
+    } | environment
 
     with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                           user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process: