diff --git a/lib/manager/bundler/artifacts.js b/lib/manager/bundler/artifacts.js
index 1a5572ae21bd94fac9b002804ec0d021ebcf07eb..1dda3ad85073ce588d23a043667a9eda07cbad5f 100644
--- a/lib/manager/bundler/artifacts.js
+++ b/lib/manager/bundler/artifacts.js
@@ -1,6 +1,7 @@
const { exec } = require('child-process-promise');
const fs = require('fs-extra');
const upath = require('upath');
+const { getChildProcessEnv } = require('../../util/env');
const { getPkgReleases } = require('../../datasource/docker');
const {
@@ -40,13 +41,7 @@ async function updateArtifacts(
const localPackageFileName = upath.join(config.localDir, packageFileName);
await fs.outputFile(localPackageFileName, newPackageFileContent);
const localLockFileName = upath.join(config.localDir, lockFileName);
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- };
+ const env = getChildProcessEnv();
const startTime = process.hrtime();
let cmd;
if (config.binarySource === 'docker') {
diff --git a/lib/manager/cargo/artifacts.js b/lib/manager/cargo/artifacts.js
index 3c19feeec691615a97308bc84530125261f11971..a05817fd961cbcd340df5f174e5bca9ab2a5ab47 100644
--- a/lib/manager/cargo/artifacts.js
+++ b/lib/manager/cargo/artifacts.js
@@ -2,6 +2,7 @@ const upath = require('upath');
const process = require('process');
const fs = require('fs-extra');
const { exec } = require('child-process-promise');
+const { getChildProcessEnv } = require('../../util/env');
module.exports = {
updateArtifacts,
@@ -32,13 +33,7 @@ async function updateArtifacts(
await fs.outputFile(localPackageFileName, newPackageFileContent);
logger.debug('Updating ' + lockFileName);
const cwd = config.localDir;
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- };
+ const env = getChildProcessEnv();
for (let i = 0; i < updatedDeps.length; i += 1) {
const dep = updatedDeps[i];
// Update dependency `${dep}` in Cargo.lock file corresponding to Cargo.toml file located
diff --git a/lib/manager/composer/artifacts.js b/lib/manager/composer/artifacts.js
index 0c9642afbded6d87cfff9f716d684841e49172d9..7d92fb4d629ea472bcdf90a233168e46be8014c0 100644
--- a/lib/manager/composer/artifacts.js
+++ b/lib/manager/composer/artifacts.js
@@ -4,6 +4,7 @@ const { exec } = require('child-process-promise');
const fs = require('fs-extra');
const upath = require('upath');
const hostRules = require('../../util/host-rules');
+const { getChildProcessEnv } = require('../../util/env');
module.exports = {
updateArtifacts,
@@ -95,14 +96,7 @@ async function updateArtifacts(
const localAuthFileName = upath.join(cwd, 'auth.json');
await fs.outputFile(localAuthFileName, JSON.stringify(authJson));
}
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- COMPOSER_CACHE_DIR: process.env.COMPOSER_CACHE_DIR,
- };
+ const env = getChildProcessEnv(['COMPOSER_CACHE_DIR']);
const startTime = process.hrtime();
let cmd;
if (config.binarySource === 'docker') {
diff --git a/lib/manager/gomod/artifacts.js b/lib/manager/gomod/artifacts.js
index 25b2e57a8a1120de1a6fde9b913fa22f3a96a323..37a178620cb3a8e22b30952c233da40087c9ce4e 100644
--- a/lib/manager/gomod/artifacts.js
+++ b/lib/manager/gomod/artifacts.js
@@ -2,6 +2,7 @@ const { exec } = require('child-process-promise');
const fs = require('fs-extra');
const upath = require('upath');
const hostRules = require('../../util/host-rules');
+const { getChildProcessEnv } = require('../../util/env');
module.exports = {
updateArtifacts,
@@ -38,14 +39,7 @@ async function updateArtifacts(
}
await fs.outputFile(localGoModFileName, massagedGoMod);
const localGoSumFileName = upath.join(config.localDir, sumFileName);
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- GOPATH: process.env.GOPATH,
- };
+ const env = getChildProcessEnv(['GOPATH']);
const startTime = process.hrtime();
let cmd;
if (config.binarySource === 'docker') {
diff --git a/lib/manager/npm/post-update/index.js b/lib/manager/npm/post-update/index.js
index 23f634d751e6b234e9969d6ed39c674d6dd07611..32ef316b82d56428af5556ac8f768b6c13e21890 100644
--- a/lib/manager/npm/post-update/index.js
+++ b/lib/manager/npm/post-update/index.js
@@ -8,6 +8,7 @@ const lerna = require('./lerna');
const yarn = require('./yarn');
const pnpm = require('./pnpm');
const hostRules = require('../../../util/host-rules');
+const { getChildProcessEnv } = require('../../../util/env');
module.exports = {
determineLockFileDirs,
@@ -365,17 +366,11 @@ async function getAdditionalFiles(config, packageFiles) {
process.env.npm_config_store ||
upath.join(config.cacheDir, './others/pnpm');
await fs.ensureDir(process.env.npm_config_store);
-
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- NPM_CONFIG_CACHE: process.env.NPM_CONFIG_CACHE,
- YARN_CACHE_FOLDER: process.env.YARN_CACHE_FOLDER,
- npm_config_store: process.env.npm_config_store,
- };
+ const env = getChildProcessEnv([
+ 'NPM_CONFIG_CACHE',
+ 'YARN_CACHE_FOLDER',
+ 'npm_config_store',
+ ]);
env.NODE_ENV = 'dev';
let token = '';
diff --git a/lib/manager/pipenv/artifacts.js b/lib/manager/pipenv/artifacts.js
index fdf47edb0ebfdc57aac222cae290c61b2ee08f66..b595cf5ee4e0cd86df649a4ea8a3708ed1f43fab 100644
--- a/lib/manager/pipenv/artifacts.js
+++ b/lib/manager/pipenv/artifacts.js
@@ -1,6 +1,7 @@
const { exec } = require('child-process-promise');
const fs = require('fs-extra');
const upath = require('upath');
+const { getChildProcessEnv } = require('../../util/env');
module.exports = {
updateArtifacts,
@@ -31,16 +32,7 @@ async function updateArtifacts(
const localPipfileFileName = upath.join(config.localDir, pipfileName);
await fs.outputFile(localPipfileFileName, newPipfileContent);
const localLockFileName = upath.join(config.localDir, lockFileName);
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- LC_ALL: process.env.LC_ALL,
- LANG: process.env.LANG,
- PIPENV_CACHE_DIR: process.env.PIPENV_CACHE_DIR,
- };
+ const env = getChildProcessEnv(['LC_ALL', 'LANG', 'PIPENV_CACHE_DIR']);
const startTime = process.hrtime();
let cmd;
if (config.binarySource === 'docker') {
diff --git a/lib/manager/poetry/artifacts.js b/lib/manager/poetry/artifacts.js
index cc3412e32cd3b22f712f46c144b5819b5ad2853d..b2999a16335820f44ca58db566d1ac3f6973e925 100644
--- a/lib/manager/poetry/artifacts.js
+++ b/lib/manager/poetry/artifacts.js
@@ -2,6 +2,7 @@ const upath = require('upath');
const process = require('process');
const fs = require('fs-extra');
const { exec } = require('child-process-promise');
+const { getChildProcessEnv } = require('../../util/env');
module.exports = {
updateArtifacts,
@@ -42,13 +43,7 @@ async function updateArtifacts(
await fs.outputFile(localPackageFileName, newPackageFileContent);
logger.debug(`Updating ${lockFileName}`);
const cwd = upath.join(config.localDir, subDirectory);
- const env =
- global.trustLevel === 'high'
- ? process.env
- : {
- HOME: process.env.HOME,
- PATH: process.env.PATH,
- };
+ const env = getChildProcessEnv();
let cmd;
// istanbul ignore if
if (config.binarySource === 'docker') {
diff --git a/lib/util/env.js b/lib/util/env.js
new file mode 100644
index 0000000000000000000000000000000000000000..070942ee6c141454eadfd164b112218f62310a09
--- /dev/null
+++ b/lib/util/env.js
@@ -0,0 +1,24 @@
+function getChildProcessEnv(customEnvVars = []) {
+ const env = {};
+ if (global.trustLevel === 'high') {
+ return Object.assign(env, process.env);
+ }
+ const envVars = [
+ 'HTTP_PROXY',
+ 'HTTPS_PROXY',
+ 'NO_PROXY',
+ 'HOME',
+ 'PATH',
+ ...customEnvVars,
+ ];
+ envVars.forEach(envVar => {
+ if (typeof process.env[envVar] !== 'undefined') {
+ env[envVar] = process.env[envVar];
+ }
+ });
+ return env;
+}
+
+module.exports = {
+ getChildProcessEnv,
+};
diff --git a/test/util/env.spec.js b/test/util/env.spec.js
new file mode 100644
index 0000000000000000000000000000000000000000..237a173ed967295f82880775530f750d025f9468
--- /dev/null
+++ b/test/util/env.spec.js
@@ -0,0 +1,33 @@
+const { getChildProcessEnv } = require('../../lib/util/env');
+
+describe('getChildProcess environment when trustlevel set to low', () => {
+ const envVars = ['HTTP_PROXY', 'HTTPS_PROXY', 'NO_PROXY', 'HOME', 'PATH'];
+ beforeEach(() => {
+ envVars.forEach(env => {
+ process.env[env] = env;
+ });
+ });
+ afterEach(() => {
+ envVars.forEach(env => delete process.env[env]);
+ });
+ it('returns default environment variables', () => {
+ expect(getChildProcessEnv()).toHaveProperty(...envVars);
+ });
+ it('returns environment variable only if defined', () => {
+ delete process.env.PATH;
+ expect(getChildProcessEnv()).not.toHaveProperty('PATH');
+ });
+ it('returns custom environment variables if passed and defined', () => {
+ process.env.LANG = 'LANG';
+ expect(getChildProcessEnv(['LANG'])).toHaveProperty(...envVars, 'LANG');
+ delete process.env.LANG;
+ });
+
+ describe('getChildProcessEnv when trustlevel set to high', () => {
+ it('returns process.env if trustlevel set to high', () => {
+ global.trustLevel = 'high';
+ expect(getChildProcessEnv()).toMatchObject(process.env);
+ delete global.trustLevel;
+ });
+ });
+});