Struct EnvExpansionRule 

pub struct EnvExpansionRule { /* private fields */ }

Rejects input containing environment variable expansion patterns.

Detects:

• $NAME (simple variable reference)
• ${NAME} (braced variable reference)
• %NAME% (Windows-style variable reference)

Intentionally allowed patterns

The following patterns are not flagged:

• Positional parameters ($1, $2, …) — These start with a digit and are not environment variable names. They are common in pricing text (e.g. "$5 off") and typically cannot leak secrets.
• Lone $ at end of input — Not a valid expansion.

If your use case requires blocking positional parameters as well, combine this rule with ShellMetaRule, which rejects the $ character itself.

Rationale

Environment variable expansion can leak secrets or alter behavior:

$HOME/.ssh/id_rsa   → leaks home directory
${SECRET_KEY}        → leaks credentials
%USERPROFILE%        → Windows equivalent

Implementations

impl EnvExpansionRule

pub fn posix_only() -> Self

Create a POSIX-only rule (skip %VAR% detection).

Trait Implementations

impl Default for EnvExpansionRule

fn default() -> Self

Returns the “default value” for a type.

impl Rule for EnvExpansionRule

fn name(&self) -> &'static str

A unique, human-readable identifier for this rule.

fn check(&self, input: &str) -> RuleResult

Check the input and return violations, if any.