From 6bd51e8b53099cce4af27ea55b57856a93911675 Mon Sep 17 00:00:00 2001
From: Spenser Jones <hello@spenserj.com>
Date: Wed, 12 Feb 2025 21:59:08 -0700
Subject: [PATCH] fix: allow process.env in ignores

Fixes #4281
---
 @commitlint/is-ignored/src/is-ignored.test.ts      | 1 +
 @commitlint/is-ignored/src/validate-ignore-func.ts | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/@commitlint/is-ignored/src/is-ignored.test.ts b/@commitlint/is-ignored/src/is-ignored.test.ts
index 1169078783..5e9b4f8383 100644
--- a/@commitlint/is-ignored/src/is-ignored.test.ts
+++ b/@commitlint/is-ignored/src/is-ignored.test.ts
@@ -256,6 +256,7 @@ test('should not throw error for custom ignore functions without security risks'
 		'function(commit) { return commit.length < 10 && commit.includes("some"); }',
 		'function(commit) { return commit.length < 10 || commit.includes("fetch"); }',
 		'function(commit) { return commit.includes("exec"); }',
+		'function(commit) { return !process.env.CI && /^wip\b/.test(commit); }',
 	];
 
 	safePatterns.forEach((fnString) => {
diff --git a/@commitlint/is-ignored/src/validate-ignore-func.ts b/@commitlint/is-ignored/src/validate-ignore-func.ts
index b7a35d2be9..11076364b4 100644
--- a/@commitlint/is-ignored/src/validate-ignore-func.ts
+++ b/@commitlint/is-ignored/src/validate-ignore-func.ts
@@ -5,7 +5,7 @@ export function validateIgnoreFunction(fn: Matcher) {
 
 	// Check for dangerous patterns
 	const dangerousPattern =
-		/(?:process|require|import|eval|fetch|XMLHttpRequest|fs|child_process)(?:\s*\.|\s*\()|(?:exec|execFile|spawn)\s*\(/;
+		/(?:process(?!\.env)|require|import|eval|fetch|XMLHttpRequest|fs|child_process)(?:\s*\.|\s*\()|(?:exec|execFile|spawn)\s*\(/;
 	if (dangerousPattern.test(fnString)) {
 		// Find which pattern matched for a more specific error message
 		const match = fnString.match(dangerousPattern);