mitigate shelling out behaviour risks

cmd/launcher/main.go

@@ -20,7 +20,6 @@ package main
 import (
 	"fmt"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 
@@ -36,6 +35,7 @@ import (
 	"github.com/ProtonMail/proton-bridge/v2/internal/versioner"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/execabs"
 )
 
 const (
@@ -98,7 +98,7 @@ func main() { //nolint:funlen
 		logrus.WithError(err).Fatal("Failed to determine path to launcher")
 	}
 
-	cmd := exec.Command(exe, appendLauncherPath(launcher, os.Args[1:])...) //nolint:gosec
+	cmd := execabs.Command(exe, appendLauncherPath(launcher, os.Args[1:])...) // nolint:gosec
 
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout

internal/app/base/restart.go

@@ -19,10 +19,10 @@ package base
 
 import (
 	"os"
-	"os/exec"
 	"strconv"
 
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/execabs"
 )
 
 // maxAllowedRestarts controls after how many crashes the app will give up restarting.
@@ -43,7 +43,7 @@ func (b *Base) restartApp(crash bool) error {
 		WithField("args", args).
 		Warn("Restarting")
 
-	return exec.Command(b.command, args...).Start() //nolint:gosec
+	return execabs.Command(b.command, args...).Start() //nolint:gosec
 }
 
 // incrementRestartFlag increments the value of the restart flag.

internal/config/tls/cert_store_darwin.go

@@ -17,10 +17,10 @@
 
 package tls
 
-import "os/exec"
+import "golang.org/x/sys/execabs"
 
 func addTrustedCert(certPath string) error {
-	return exec.Command( //nolint:gosec
+	return execabs.Command( //nolint:gosec
 		"/usr/bin/security",
 		"execute-with-privileges",
 		"/usr/bin/security",
@@ -34,7 +34,7 @@ func addTrustedCert(certPath string) error {
 }
 
 func removeTrustedCert(certPath string) error {
-	return exec.Command( //nolint:gosec
+	return execabs.Command( //nolint:gosec
 		"/usr/bin/security",
 		"execute-with-privileges",
 		"/usr/bin/security",

internal/config/useragent/platform.go

@@ -18,11 +18,11 @@
 package useragent
 
 import (
-	"os/exec"
 	"runtime"
 	"strings"
 
 	"github.com/Masterminds/semver/v3"
+	"golang.org/x/sys/execabs"
 )
 
 // IsCatalinaOrNewer checks whether the host is MacOS Catalina 10.15.x or higher.
@@ -43,7 +43,7 @@ func isThisDarwinNewerOrEqual(minVersion *semver.Version) bool {
 		return false
 	}
 
-	rawVersion, err := exec.Command("sw_vers", "-productVersion").Output()
+	rawVersion, err := execabs.Command("sw_vers", "-productVersion").Output()
 	if err != nil {
 		return false
 	}

internal/updater/sync_test.go

@@ -20,12 +20,12 @@ package updater
 import (
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"testing"
 
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/sys/execabs"
 )
 
 const (
@@ -106,7 +106,7 @@ func checkCopyWorks(srcType, dstType string) error {
 }
 
 func checkThatFilesAreSame(src, dst string) error {
-	cmd := exec.Command("diff", "-qr", src, dst) //nolint:gosec
+	cmd := execabs.Command("diff", "-qr", src, dst) //nolint:gosec
 	cmd.Stderr = logrus.StandardLogger().WriterLevel(logrus.ErrorLevel)
 	cmd.Stdout = logrus.StandardLogger().WriterLevel(logrus.InfoLevel)
 	return cmd.Run()

pkg/keychain/helper_linux.go

@@ -18,13 +18,13 @@
 package keychain
 
 import (
-	"os/exec"
 	"reflect"
 
 	"github.com/docker/docker-credential-helpers/credentials"
 	"github.com/docker/docker-credential-helpers/pass"
 	"github.com/docker/docker-credential-helpers/secretservice"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/execabs"
 )
 
 const (
@@ -40,11 +40,11 @@ func init() { //nolint:gochecknoinits
 		Helpers[SecretServiceDBus] = newDBusHelper
 	}
 
-	if _, err := exec.LookPath("gnome-keyring"); err == nil && isUsable(newSecretServiceHelper("")) {
+	if _, err := execabs.LookPath("gnome-keyring"); err == nil && isUsable(newSecretServiceHelper("")) {
 		Helpers[SecretService] = newSecretServiceHelper
 	}
 
-	if _, err := exec.LookPath("pass"); err == nil && isUsable(newPassHelper("")) {
+	if _, err := execabs.LookPath("pass"); err == nil && isUsable(newPassHelper("")) {
 		Helpers[Pass] = newPassHelper
 	}