Empty deniedProcessEnvironmentVariablesSubstrings filters out all environment variables

[olfkadolf]

Describe the bug

When ort setting deniedProcessEnvironmentVariablesSubstrings is left with no values, by default ALL env. variables will be filtered out.
In my case I suddenly ran into issues with node throwing '127' on version resolve in ORT.
Finally I discovered that my PATH variable was no longer set (actually that is displayed in the logs but I overlooked it for quite some time)

To Reproduce

Steps to reproduce the behavior:

Update your ORT config like this:

ort:
  allowedProcessEnvironmentVariableNames:
    - PASSPORT
    - USER_HOME
  deniedProcessEnvironmentVariablesSubstrings:
  #  - PASS
  #  - SECRET
  #  - TOKEN
  #  - USER

Expected behavior

No variables should be filtered out when deniedProcessEnvironmentVariablesSubstrings is left without values.

Console / log output

Exception in thread "main" java.io.IOException: Running 'npm --version' in '/home/ort' failed with exit code 127:
/usr/bin/env: 'node': No such file or directory

	at org.ossreviewtoolkit.utils.common.ProcessCapture.requireSuccess(ProcessCapture.kt:154)
	at org.ossreviewtoolkit.utils.common.CommandLineTool$DefaultImpls.getVersion(CommandLineTool.kt:88)
	at org.ossreviewtoolkit.plugins.packagemanagers.node.npm.NpmCommand.getVersion(Npm.kt:53)
	at org.ossreviewtoolkit.utils.common.CommandLineTool$DefaultImpls.checkVersion(CommandLineTool.kt:104)
	at org.ossreviewtoolkit.plugins.packagemanagers.node.npm.NpmCommand.checkVersion(Npm.kt:53)
	at org.ossreviewtoolkit.utils.common.CommandLineTool$DefaultImpls.checkVersion$default(CommandLineTool.kt:103)
	at org.ossreviewtoolkit.plugins.packagemanagers.node.npm.Npm.beforeResolution(Npm.kt:142)
	at org.ossreviewtoolkit.analyzer.PackageManager.resolveDependencies(PackageManager.kt:286)
	at org.ossreviewtoolkit.analyzer.PackageManagerRunner$run$3.invokeSuspend(Analyzer.kt:321)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:101)
	at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:113)
	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:89)
	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:589)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:823)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:720)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:707)

10:53:29.162 [DefaultDispatcher-worker-1] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [CARGO_HOME, RUSTUP_HOME, SHLVL, PYENV_ROOT, DOTNET_HOME, LC_ALL, RBENV_ROOT, HOME, ARTIFACTORY_PASSWORD, NUGET_INSPECTOR_HOME, ANDROID_HOME, HASKELL_HOME, PATH, JAVA_VERSION, ARTIFACTORY_SECRET, DART_SDK, LANG, ANDROID_USER_HOME, NVM_DIR, BAZEL_HOME, LANGUAGE, JAVA_HOME, RUST_HOME, SBT_HOME, GEM_HOME, ARTIFACTORY_USERNAME, USER, PWD, _, SWIFT_HOME, HOSTNAME]

Environment

Tested on Gitlab Linux runner.

Additional context

NA.

[sschuberth]

I cannot reproduce this. See the new test over here which passes.