How To Print All Environment Variables From Gradle

In light of the recent Codecov security breach, I wanted to see all the environment variables populated at the time our unit tests run, to get a sense of what the jeopardized Codecov software could see.

I added the following to the build.gradle file for the app module of our Android project.

tasks.withType(Test) {
doFirst {
println "*** ENVIRONMENT VARIABLE DUMP ***"
environment.each { k, v -> println "${k}:${v}" }
}
}

I then pushed this to a branch and created a pull request for the change, to trigger GitHub Actions to build with this change in place. When the build was done, I reviewed the logs available on GitHub Actions, searching for any sensitive information.

If you use Codecov in a cloud-based continuous integration environment, this security breach has the potential to reveal credentials and other secrets that could put your software repository at risk. This is a very serious security breach, and it's worth putting time into understanding it, analyzing your potential exposure to malicious attacks as a result of the breach, and taking steps to reduce risk.

comments powered by Disqus