From d6e750c720e6dc769c4fe9aee0a9b28f43642ca6 Mon Sep 17 00:00:00 2001
From: Guy Kisel <guy.kisel@gmail.com>
Date: Sat, 30 Jul 2016 18:11:22 -0700
Subject: [PATCH] use safe local envvars for subprocess stuff

---
 inlineplz/linters/__init__.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/inlineplz/linters/__init__.py b/inlineplz/linters/__init__.py
index 2d4e1c93..3ac336b1 100644
--- a/inlineplz/linters/__init__.py
+++ b/inlineplz/linters/__init__.py
@@ -277,13 +277,20 @@ def run_command(command, log_on_fail=False, log_all=False):
     shell = False
     if os.name == 'nt':
         shell = True
+    local_env = {}
+    safe_envvars = [
+        b'PATH', b'PYTHONPATH', b'GOPATH', b'SystemRoot',
+        b'HOME', b'USER', b'APPDATA'
+    ]
+    for envvar in safe_envvars:
+        local_env[envvar] = os.environ.get(envvar, b'')
     proc = subprocess.Popen(
         command,
         stdin=subprocess.PIPE,
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE,
         shell=shell,
-        env=os.environ
+        env=local_env
     )
     stdout, stderr = proc.communicate()
     stdout = stdout.decode('utf-8', errors='replace')