From 1ed7b690a5f8d85dd6716a5ebc0d66c793eb73e0 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Sun, 24 Apr 2022 18:49:00 +0930 Subject: [PATCH] mitigate shelling out behaviour risks --- cmd/launcher/main.go | 4 ++-- internal/app/base/restart.go | 4 ++-- internal/config/tls/cert_store_darwin.go | 6 +++--- internal/config/useragent/platform.go | 4 ++-- internal/updater/sync_test.go | 4 ++-- pkg/keychain/helper_linux.go | 6 +++--- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cmd/launcher/main.go b/cmd/launcher/main.go index 6189aad9..5caa746a 100644 --- a/cmd/launcher/main.go +++ b/cmd/launcher/main.go @@ -20,7 +20,6 @@ package main import ( "fmt" "os" - "os/exec" "path/filepath" "runtime" @@ -36,6 +35,7 @@ import ( "github.com/ProtonMail/proton-bridge/v2/internal/versioner" "github.com/pkg/errors" "github.com/sirupsen/logrus" + "golang.org/x/sys/execabs" ) const ( @@ -98,7 +98,7 @@ func main() { //nolint:funlen logrus.WithError(err).Fatal("Failed to determine path to launcher") } - cmd := exec.Command(exe, appendLauncherPath(launcher, os.Args[1:])...) //nolint:gosec + cmd := execabs.Command(exe, appendLauncherPath(launcher, os.Args[1:])...) // nolint:gosec cmd.Stdin = os.Stdin cmd.Stdout = os.Stdout diff --git a/internal/app/base/restart.go b/internal/app/base/restart.go index c03e1b22..ebfd0808 100644 --- a/internal/app/base/restart.go +++ b/internal/app/base/restart.go @@ -19,10 +19,10 @@ package base import ( "os" - "os/exec" "strconv" "github.com/sirupsen/logrus" + "golang.org/x/sys/execabs" ) // maxAllowedRestarts controls after how many crashes the app will give up restarting. @@ -43,7 +43,7 @@ func (b *Base) restartApp(crash bool) error { WithField("args", args). Warn("Restarting") - return exec.Command(b.command, args...).Start() //nolint:gosec + return execabs.Command(b.command, args...).Start() //nolint:gosec } // incrementRestartFlag increments the value of the restart flag. diff --git a/internal/config/tls/cert_store_darwin.go b/internal/config/tls/cert_store_darwin.go index 981b7cad..847d9fb8 100644 --- a/internal/config/tls/cert_store_darwin.go +++ b/internal/config/tls/cert_store_darwin.go @@ -17,10 +17,10 @@ package tls -import "os/exec" +import "golang.org/x/sys/execabs" func addTrustedCert(certPath string) error { - return exec.Command( //nolint:gosec + return execabs.Command( //nolint:gosec "/usr/bin/security", "execute-with-privileges", "/usr/bin/security", @@ -34,7 +34,7 @@ func addTrustedCert(certPath string) error { } func removeTrustedCert(certPath string) error { - return exec.Command( //nolint:gosec + return execabs.Command( //nolint:gosec "/usr/bin/security", "execute-with-privileges", "/usr/bin/security", diff --git a/internal/config/useragent/platform.go b/internal/config/useragent/platform.go index df691800..aed21d5c 100644 --- a/internal/config/useragent/platform.go +++ b/internal/config/useragent/platform.go @@ -18,11 +18,11 @@ package useragent import ( - "os/exec" "runtime" "strings" "github.com/Masterminds/semver/v3" + "golang.org/x/sys/execabs" ) // IsCatalinaOrNewer checks whether the host is MacOS Catalina 10.15.x or higher. @@ -43,7 +43,7 @@ func isThisDarwinNewerOrEqual(minVersion *semver.Version) bool { return false } - rawVersion, err := exec.Command("sw_vers", "-productVersion").Output() + rawVersion, err := execabs.Command("sw_vers", "-productVersion").Output() if err != nil { return false } diff --git a/internal/updater/sync_test.go b/internal/updater/sync_test.go index 67bbcce0..265d8e5b 100644 --- a/internal/updater/sync_test.go +++ b/internal/updater/sync_test.go @@ -20,12 +20,12 @@ package updater import ( "io/ioutil" "os" - "os/exec" "path/filepath" "testing" "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" + "golang.org/x/sys/execabs" ) const ( @@ -106,7 +106,7 @@ func checkCopyWorks(srcType, dstType string) error { } func checkThatFilesAreSame(src, dst string) error { - cmd := exec.Command("diff", "-qr", src, dst) //nolint:gosec + cmd := execabs.Command("diff", "-qr", src, dst) //nolint:gosec cmd.Stderr = logrus.StandardLogger().WriterLevel(logrus.ErrorLevel) cmd.Stdout = logrus.StandardLogger().WriterLevel(logrus.InfoLevel) return cmd.Run() diff --git a/pkg/keychain/helper_linux.go b/pkg/keychain/helper_linux.go index 39499ccf..86db75d1 100644 --- a/pkg/keychain/helper_linux.go +++ b/pkg/keychain/helper_linux.go @@ -18,13 +18,13 @@ package keychain import ( - "os/exec" "reflect" "github.com/docker/docker-credential-helpers/credentials" "github.com/docker/docker-credential-helpers/pass" "github.com/docker/docker-credential-helpers/secretservice" "github.com/sirupsen/logrus" + "golang.org/x/sys/execabs" ) const ( @@ -40,11 +40,11 @@ func init() { //nolint:gochecknoinits Helpers[SecretServiceDBus] = newDBusHelper } - if _, err := exec.LookPath("gnome-keyring"); err == nil && isUsable(newSecretServiceHelper("")) { + if _, err := execabs.LookPath("gnome-keyring"); err == nil && isUsable(newSecretServiceHelper("")) { Helpers[SecretService] = newSecretServiceHelper } - if _, err := exec.LookPath("pass"); err == nil && isUsable(newPassHelper("")) { + if _, err := execabs.LookPath("pass"); err == nil && isUsable(newPassHelper("")) { Helpers[Pass] = newPassHelper }