From 1d42e34e512fa9ae0c5876b3768d0c4c7a317b07 Mon Sep 17 00:00:00 2001
From: nvuillam <nicolas.vuillamy@gmail.com>
Date: Sun, 18 Aug 2024 01:28:52 +0200
Subject: [PATCH] Hide to linters by default all environment variables that
 contain **TOKEN**, **USERNAME** or **PASSWORD**

---
 CHANGELOG.md         |  1 +
 megalinter/config.py | 24 ++++--------------------
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index aa7babd1e0a..4fc9df0e072 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - SQL_SQL_LINT: [Project no longer maintained](https://github.com/joereynolds/sql-lint/issues/262)
 
 - Core
+  - Hide to linters by default all environment variables that contain **TOKEN**, **USERNAME** or **PASSWORD**
   - Allow to override CLI_LINT_MODE when defined as project
   - Allow to use absolute paths for LINTER_RULES_PATH
   - Allow to update variables from [PRE/POST Commands](https://megalinter.io/latest/config-precommands/) using `output_variables` property
diff --git a/megalinter/config.py b/megalinter/config.py
index 4ebc44a5488..dc3e61b8090 100644
--- a/megalinter/config.py
+++ b/megalinter/config.py
@@ -321,29 +321,13 @@ def list_secured_variables(request_id) -> list[str]:
         request_id,
         "SECURED_ENV_VARIABLES_DEFAULT",
         [
-            "GITHUB_TOKEN",
             "PAT",
-            "SYSTEM_ACCESSTOKEN",
             "GIT_AUTHORIZATION_BEARER",
-            "CI_JOB_TOKEN",
-            "GITLAB_ACCESS_TOKEN_MEGALINTER",
             "GITLAB_CUSTOM_CERTIFICATE",
-            "WEBHOOK_REPORTER_BEARER_TOKEN",
-            "API_REPORTER_BEARER_TOKEN",
-            "API_REPORTER_BASIC_AUTH_USERNAME",
-            "API_REPORTER_BASIC_AUTH_PASSWORD",
-            "API_REPORTER_METRICS_BEARER_TOKEN",
-            "API_REPORTER_METRICS_BASIC_AUTH_USERNAME",
-            "API_REPORTER_METRICS_BASIC_AUTH_PASSWORD",
-            "NODE_TOKEN",
-            "NPM_TOKEN",
-            "DOCKER_USERNAME",
-            "DOCKER_PASSWORD",
-            "CODECOV_TOKEN",
-            "GCR_USERNAME",
-            "GCR_PASSWORD",
-            "SMTP_PASSWORD",
-            "CI_SFDX_HARDIS_GITLAB_TOKEN" "(SFDX_CLIENT_ID_.*)",
+            "(USERNAME)",
+            "(PASSWORD)",
+            "(TOKEN)",
+            "(SFDX_CLIENT_ID_.*)",
             "(SFDX_CLIENT_KEY_.*)",
         ],
     )