Since it seems we're not limiting to install (and family) and test after all, here's a list of env vars that should be considered for whitelisting:
brew:
```
$ grep --exclude-dir=test --exclude-dir=cask -rIPoh '(?<=ENV\[")(?!HOMEBREW_)\w+(?="\](?! = ))' /usr/local/Homebrew/Library/Homebrew | sort | uniq
BINTRAY_KEY
BINTRAY_USER
BROWSER
CI
CURL_HOME
FC
GEM_HOME
GEM_OLD_HOME
GEM_OLD_PATH
GIT_URL
HOME
JAVA_HOME
JENKINS_HOME
LC_ALL
PATH
PYTHONPATH
SDKROOT
SHELL
SSL_CERT_DIR
TEMP
TERM
TMP
TMPDIR
TMUX
TRAVIS
USER
VERBOSE
```
cask has some additional stuff:
```
$ grep --exclude-dir=test -rIPoh '(?<=ENV\[")(?!HOMEBREW_)\w+(?="\](?! = ))' /usr/local/Homebrew/Library/Homebrew/cask | sort | uniq
CI
CODECOV_TOKEN
HOME
MACOS_VERSION
SUDO_ASKPASS
TRAVIS
VERBOSE
```
@MikeMcQuaid Sure, if we're concerned about that vector. No objection to getting this working first.
What would you suggest for stdenv and `env :userpaths` (and possibly other things affected which I don't realize at the moment) though? Death sentence to all of them? Persist original PATH in `ORIG_PATH` and optionally restore it later? Something else?
Not really necessary. Superenv does its only PATH cleansing; stdenv^ and `env :userpaths`^^ would be broken by this.
^ Someone will shout at me saying stdenv is deprecated, but it apparently still exists as far as I can tell, although I personally don't use it and am not rooting for it.
^^ Also not popular.
> Should I update my branch with the above?
Yeah, feel free but please leave out
```bash
# ugly, unfortunate consequence of lack of `export -p NAME` in bash's export
[[ "$(declare -p "$key" 2>/dev/null)" =~ ^declare\ -[^\ ]*x[^\ ]*\ ]] || continue
```
Also, I still want to call to attention this:
> more env vars than the aforementioned and `HOMEBREW_*` need to be kept if you decide to take the current approach of enforcing a clean slate on all commands. Examples include but are not limited to `EDITOR` and `VISUAL`. Check [the `ENVIRONMENT` section](https://github.com/Homebrew/brew/blob/master/Library/Homebrew/manpages/brew.1.md.erb#L100) of `brew.1`. Even that list is not exhaustive. Homebrew maintainers need `BINTRAY_USER` and `BINTRAY_KEY` to be whitelisted, for instance.
>
> I think it would much easier if the scope of environment wiping is limited to variants of `install` and `test`, as was the original intention of #932.