1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
Source: golang-github-cli-safeexec
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Uploaders: Anthony Fok <foka@debian.org>
Section: golang
Testsuite: autopkgtest-pkg-go
Priority: optional
Build-Depends: debhelper-compat (= 13),
dh-golang,
golang-any
Standards-Version: 4.5.1
Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-cli-safeexec
Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-cli-safeexec.git
Homepage: https://github.com/cli/safeexec
Rules-Requires-Root: no
XS-Go-Import-Path: github.com/cli/safeexec
Package: golang-github-cli-safeexec-dev
Architecture: all
Depends: ${misc:Depends}
Description: safer version of exec.LookPath on Windows
safeexec is a Go module that provides a safer alternative to exec.LookPath()
on Windows.
.
The following, relatively common approach to running external commands
has a subtle vulnerability on Windows:
.
import "os/exec"
.
func gitStatus() error {
// On Windows, this will result in .\git.exe or .\git.bat being executed
// if either were found in the current working directory.
cmd := exec.Command("git", "status") return cmd.Run()
}
.
Searching the current directory (surprising behavior) before searching
folders listed in the PATH environment variable (expected behavior)
seems to be intended in Go and unlikely to be changed:
https://github.com/golang/go/issues/38736
.
Since Go does not provide a version of exec.LookPath() that only searches
PATH and does not search the current working directory, this module provides
a LookPath function that works consistently across platforms.
.
Example use:
.
import (
"os/exec" "github.com/cli/safeexec"
)
.
func gitStatus() error {
gitBin, err := safeexec.LookPath("git")
if err != nil {
return err
}
cmd := exec.Command(gitBin, "status")
return cmd.Run()
}
|
