Silverfish/proton-bridge
1
0
Fork 1
mirror of https://github.com/ProtonMail/proton-bridge.git synced 2025-12-10 04:36:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mitigate shelling out behaviour risks

Browse Source
This commit is contained in:
Dan Kortschak
2022-04-24 18:49:00 +09:30
committed by Jakub
parent 5c28a3eda7
commit 1ed7b690a5
6 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/launcher/main.go
View File

@ -20,7 +20,6 @@ package main
import ( import (
"fmt" "fmt"
"os" "os"
"os/exec"
"path/filepath" "path/filepath"
"runtime" "runtime"
@ -36,6 +35,7 @@ import (
"github.com/ProtonMail/proton-bridge/v2/internal/versioner" "github.com/ProtonMail/proton-bridge/v2/internal/versioner"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/execabs"
) )
const ( const (
@ -98,7 +98,7 @@ func main() { //nolint:funlen
logrus.WithError(err).Fatal("Failed to determine path to launcher") logrus.WithError(err).Fatal("Failed to determine path to launcher")
} }
cmd := exec.Command(exe, appendLauncherPath(launcher, os.Args[1:])...) //nolint:gosec cmd := execabs.Command(exe, appendLauncherPath(launcher, os.Args[1:])...) // nolint:gosec
cmd.Stdin = os.Stdin cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout cmd.Stdout = os.Stdout

4
internal/app/base/restart.go
View File

@ -19,10 +19,10 @@ package base
import ( import (
"os" "os"
"os/exec"
"strconv" "strconv"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/execabs"
) )
// maxAllowedRestarts controls after how many crashes the app will give up restarting. // maxAllowedRestarts controls after how many crashes the app will give up restarting.
@ -43,7 +43,7 @@ func (b *Base) restartApp(crash bool) error {
WithField("args", args). WithField("args", args).
Warn("Restarting") Warn("Restarting")
return exec.Command(b.command, args...).Start() //nolint:gosec return execabs.Command(b.command, args...).Start() //nolint:gosec
} }
// incrementRestartFlag increments the value of the restart flag. // incrementRestartFlag increments the value of the restart flag.

6
internal/config/tls/cert_store_darwin.go
View File

@ -17,10 +17,10 @@
package tls package tls
import "os/exec" import "golang.org/x/sys/execabs"
func addTrustedCert(certPath string) error { func addTrustedCert(certPath string) error {
return exec.Command( //nolint:gosec return execabs.Command( //nolint:gosec
"/usr/bin/security", "/usr/bin/security",
"execute-with-privileges", "execute-with-privileges",
"/usr/bin/security", "/usr/bin/security",
@ -34,7 +34,7 @@ func addTrustedCert(certPath string) error {
} }
func removeTrustedCert(certPath string) error { func removeTrustedCert(certPath string) error {
return exec.Command( //nolint:gosec return execabs.Command( //nolint:gosec
"/usr/bin/security", "/usr/bin/security",
"execute-with-privileges", "execute-with-privileges",
"/usr/bin/security", "/usr/bin/security",

4
internal/config/useragent/platform.go
View File

@ -18,11 +18,11 @@
package useragent package useragent
import ( import (
"os/exec"
"runtime" "runtime"
"strings" "strings"
"github.com/Masterminds/semver/v3" "github.com/Masterminds/semver/v3"
"golang.org/x/sys/execabs"
) )
// IsCatalinaOrNewer checks whether the host is MacOS Catalina 10.15.x or higher. // IsCatalinaOrNewer checks whether the host is MacOS Catalina 10.15.x or higher.
@ -43,7 +43,7 @@ func isThisDarwinNewerOrEqual(minVersion *semver.Version) bool {
return false return false
} }
rawVersion, err := exec.Command("sw_vers", "-productVersion").Output() rawVersion, err := execabs.Command("sw_vers", "-productVersion").Output()
if err != nil { if err != nil {
return false return false
} }

4
internal/updater/sync_test.go
View File

@ -20,12 +20,12 @@ package updater
import ( import (
"io/ioutil" "io/ioutil"
"os" "os"
"os/exec"
"path/filepath" "path/filepath"
"testing" "testing"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"golang.org/x/sys/execabs"
) )
const ( const (
@ -106,7 +106,7 @@ func checkCopyWorks(srcType, dstType string) error {
} }
func checkThatFilesAreSame(src, dst string) error { func checkThatFilesAreSame(src, dst string) error {
cmd := exec.Command("diff", "-qr", src, dst) //nolint:gosec cmd := execabs.Command("diff", "-qr", src, dst) //nolint:gosec
cmd.Stderr = logrus.StandardLogger().WriterLevel(logrus.ErrorLevel) cmd.Stderr = logrus.StandardLogger().WriterLevel(logrus.ErrorLevel)
cmd.Stdout = logrus.StandardLogger().WriterLevel(logrus.InfoLevel) cmd.Stdout = logrus.StandardLogger().WriterLevel(logrus.InfoLevel)
return cmd.Run() return cmd.Run()

6
pkg/keychain/helper_linux.go
View File

@ -18,13 +18,13 @@
package keychain package keychain
import ( import (
"os/exec"
"reflect" "reflect"
"github.com/docker/docker-credential-helpers/credentials" "github.com/docker/docker-credential-helpers/credentials"
"github.com/docker/docker-credential-helpers/pass" "github.com/docker/docker-credential-helpers/pass"
"github.com/docker/docker-credential-helpers/secretservice" "github.com/docker/docker-credential-helpers/secretservice"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/execabs"
) )
const ( const (
@ -40,11 +40,11 @@ func init() { //nolint:gochecknoinits
Helpers[SecretServiceDBus] = newDBusHelper Helpers[SecretServiceDBus] = newDBusHelper
} }
if _, err := exec.LookPath("gnome-keyring"); err == nil && isUsable(newSecretServiceHelper("")) { if _, err := execabs.LookPath("gnome-keyring"); err == nil && isUsable(newSecretServiceHelper("")) {
Helpers[SecretService] = newSecretServiceHelper Helpers[SecretService] = newSecretServiceHelper
} }
if _, err := exec.LookPath("pass"); err == nil && isUsable(newPassHelper("")) { if _, err := execabs.LookPath("pass"); err == nil && isUsable(newPassHelper("")) {
Helpers[Pass] = newPassHelper Helpers[Pass] = newPassHelper
} }