Skip to content

Commit

Permalink
feat: Replace os/exec with golang.org/x/sys/execabs (#386)
Browse files Browse the repository at this point in the history 
Package execabs is a drop-in replacement for os/exec that requires PATH
lookups to find absolute paths. This change guarantees that the SDK will
never run a git binary from the current working directory.

See discussion in https://blog.golang.org/path-security.
  • Loading branch information
@rhcarvalho
rhcarvalho committed Oct 12, 2021
1 parent 64ad662 commit bd116d6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Expand Up @@ -34,6 +34,6 @@ require (
github.com/yudai/pp v2.0.1+incompatible // indirect
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
golang.org/x/net v0.0.0-20211008194852-3b03d305991f // indirect
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac // indirect
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac
golang.org/x/text v0.3.7 // indirect
)
3 changes: 2 additions & 1 deletion util.go
View file
Expand Up @@ -6,9 +6,10 @@ import (
"encoding/json"
"fmt"
"os"
"os/exec"
"strings"
"time"

exec "golang.org/x/sys/execabs"
)

func uuid() string {
Expand Down

0 comments on commit bd116d6

Please sign in to comment.