aboutsummaryrefslogtreecommitdiffstats
path: root/repository/git_cli.go
diff options
context:
space:
mode:
authorMichael Muré <batolettre@gmail.com>2021-03-21 22:37:19 +0100
committerMichael Muré <batolettre@gmail.com>2021-03-21 22:37:19 +0100
commit9434d2ea5c6da5e856d0bbb02046a5886dfaa600 (patch)
treee4e34fab94fbad2fc54290d1da490b84a4ba9932 /repository/git_cli.go
parent52df5a1f1199d085b2bb10fb7ed5599dcb8307c4 (diff)
downloadgit-bug-9434d2ea5c6da5e856d0bbb02046a5886dfaa600.tar.gz
repo: fix security issue that could lead to arbitrary code execution
see https://blog.golang.org/path-security for details
Diffstat (limited to 'repository/git_cli.go')
-rw-r--r--repository/git_cli.go5
1 files changed, 3 insertions, 2 deletions
diff --git a/repository/git_cli.go b/repository/git_cli.go
index 085b1cda..21cc40e2 100644
--- a/repository/git_cli.go
+++ b/repository/git_cli.go
@@ -4,8 +4,9 @@ import (
"bytes"
"fmt"
"io"
- "os/exec"
"strings"
+
+ "golang.org/x/sys/execabs"
)
// gitCli is a helper to launch CLI git commands
@@ -21,7 +22,7 @@ func (cli gitCli) runGitCommandWithIO(stdin io.Reader, stdout, stderr io.Writer,
// fmt.Printf("[%s] Running git %s\n", path, strings.Join(args, " "))
- cmd := exec.Command("git", args...)
+ cmd := execabs.Command("git", args...)
cmd.Dir = path
cmd.Stdin = stdin
cmd.Stdout = stdout
generated by cgit (git 2.34.1) at 2024-11-01 20:27:01 +0000