mitigate shelling out behaviour risks

2022-04-24 18:49:00 +09:30
parent 5c28a3eda7
commit 1ed7b690a5
6 changed files with 14 additions and 14 deletions
--- a/internal/app/base/restart.go
+++ b/internal/app/base/restart.go
@ -19,10 +19,10 @@ package base

 import (
 	"os"
-	"os/exec"
 	"strconv"

 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/execabs"
 )

 // maxAllowedRestarts controls after how many crashes the app will give up restarting.
@ -43,7 +43,7 @@ func (b *Base) restartApp(crash bool) error {
 		WithField("args", args).
 		Warn("Restarting")

-	return exec.Command(b.command, args...).Start() //nolint:gosec
+	return execabs.Command(b.command, args...).Start() //nolint:gosec
 }

 // incrementRestartFlag increments the value of the restart flag.
--- a/internal/config/tls/cert_store_darwin.go
+++ b/internal/config/tls/cert_store_darwin.go
@ -17,10 +17,10 @@

 package tls

-import "os/exec"
+import "golang.org/x/sys/execabs"

 func addTrustedCert(certPath string) error {
-	return exec.Command( //nolint:gosec
+	return execabs.Command( //nolint:gosec
 		"/usr/bin/security",
 		"execute-with-privileges",
 		"/usr/bin/security",
@ -34,7 +34,7 @@ func addTrustedCert(certPath string) error {
 }

 func removeTrustedCert(certPath string) error {
-	return exec.Command( //nolint:gosec
+	return execabs.Command( //nolint:gosec
 		"/usr/bin/security",
 		"execute-with-privileges",
 		"/usr/bin/security",
--- a/internal/config/useragent/platform.go
+++ b/internal/config/useragent/platform.go
@ -18,11 +18,11 @@
 package useragent

 import (
-	"os/exec"
 	"runtime"
 	"strings"

 	"github.com/Masterminds/semver/v3"
+	"golang.org/x/sys/execabs"
 )

 // IsCatalinaOrNewer checks whether the host is MacOS Catalina 10.15.x or higher.
@ -43,7 +43,7 @@ func isThisDarwinNewerOrEqual(minVersion *semver.Version) bool {
 		return false
 	}

-	rawVersion, err := exec.Command("sw_vers", "-productVersion").Output()
+	rawVersion, err := execabs.Command("sw_vers", "-productVersion").Output()
 	if err != nil {
 		return false
 	}
--- a/internal/updater/sync_test.go
+++ b/internal/updater/sync_test.go
@ -20,12 +20,12 @@ package updater
 import (
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"testing"

 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/sys/execabs"
 )

 const (
@ -106,7 +106,7 @@ func checkCopyWorks(srcType, dstType string) error {
 }

 func checkThatFilesAreSame(src, dst string) error {
-	cmd := exec.Command("diff", "-qr", src, dst) //nolint:gosec
+	cmd := execabs.Command("diff", "-qr", src, dst) //nolint:gosec
 	cmd.Stderr = logrus.StandardLogger().WriterLevel(logrus.ErrorLevel)
 	cmd.Stdout = logrus.StandardLogger().WriterLevel(logrus.InfoLevel)
 	return cmd.Run()