Module env
Source - DENIED_ENV_VARS ๐
- Env var names that must never be overwritten by secret export.
Covers dynamic linker, shell execution, path hijack, and privilege escalation vectors.
- cmd_env ๐
- cmd_export ๐
- is_denied_env_var ๐
- Returns true if
name is a denied env var (case-insensitive prefix match for BASH_FUNC_). - json_escape ๐
- JSON-escape a string value.
- secret_key_to_env_var ๐
- Transform a secret key name into an environment variable name.
- shell_escape ๐
- Shell-escape a value for safe embedding in
export K="V".
Strips null bytes (C string truncation), escapes shell metacharacters.