From 9618dbb80cfb6d862e531c4e1272d8280ce71e1d Mon Sep 17 00:00:00 2001 From: Máximo Cuadros Date: Sat, 17 Apr 2021 00:15:48 +0200 Subject: plumbing: transport/file, replace os/exec with golang.org/x/sys/execabs to improve path security --- go.mod | 1 + go.sum | 2 ++ plumbing/transport/file/client.go | 18 +++++++++--------- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 8e199ce..b48acd6 100644 --- a/go.mod +++ b/go.mod @@ -21,6 +21,7 @@ require ( github.com/xanzy/ssh-agent v0.3.0 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 golang.org/x/net v0.0.0-20210326060303-6b1517762897 + golang.org/x/sys v0.0.0-20210415045647-66c3f260301c // indirect golang.org/x/text v0.3.3 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index bd574df..a1f9323 100644 --- a/go.sum +++ b/go.sum @@ -101,6 +101,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210324051608-47abb6519492 h1:Paq34FxTluEPvVyayQqMPgHm+vTOrIifmcYxFBx9TLg= golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210415045647-66c3f260301c h1:6L+uOeS3OQt/f4eFHXZcTxeZrGCuz+CLElgEBjbcTA4= +golang.org/x/sys v0.0.0-20210415045647-66c3f260301c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= diff --git a/plumbing/transport/file/client.go b/plumbing/transport/file/client.go index f6e2365..38714e2 100644 --- a/plumbing/transport/file/client.go +++ b/plumbing/transport/file/client.go @@ -6,12 +6,12 @@ import ( "errors" "io" "os" - "os/exec" "path/filepath" "strings" "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/internal/common" + "golang.org/x/sys/execabs" ) // DefaultClient is the default local client. @@ -36,7 +36,7 @@ func NewClient(uploadPackBin, receivePackBin string) transport.Transport { func prefixExecPath(cmd string) (string, error) { // Use `git --exec-path` to find the exec path. - execCmd := exec.Command("git", "--exec-path") + execCmd := execabs.Command("git", "--exec-path") stdout, err := execCmd.StdoutPipe() if err != nil { @@ -54,7 +54,7 @@ func prefixExecPath(cmd string) (string, error) { return "", err } if isPrefix { - return "", errors.New("Couldn't read exec-path line all at once") + return "", errors.New("couldn't read exec-path line all at once") } err = execCmd.Wait() @@ -66,7 +66,7 @@ func prefixExecPath(cmd string) (string, error) { cmd = filepath.Join(execPath, cmd) // Make sure it actually exists. - _, err = exec.LookPath(cmd) + _, err = execabs.LookPath(cmd) if err != nil { return "", err } @@ -83,9 +83,9 @@ func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.Auth cmd = r.ReceivePackBin } - _, err := exec.LookPath(cmd) + _, err := execabs.LookPath(cmd) if err != nil { - if e, ok := err.(*exec.Error); ok && e.Err == exec.ErrNotFound { + if e, ok := err.(*execabs.Error); ok && e.Err == execabs.ErrNotFound { cmd, err = prefixExecPath(cmd) if err != nil { return nil, err @@ -95,11 +95,11 @@ func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.Auth } } - return &command{cmd: exec.Command(cmd, ep.Path)}, nil + return &command{cmd: execabs.Command(cmd, ep.Path)}, nil } type command struct { - cmd *exec.Cmd + cmd *execabs.Cmd stderrCloser io.Closer closed bool } @@ -148,7 +148,7 @@ func (c *command) Close() error { } // When a repository does not exist, the command exits with code 128. - if _, ok := err.(*exec.ExitError); ok { + if _, ok := err.(*execabs.ExitError); ok { return nil } -- cgit