diff options
author | Jesse Duffield <jessedduffield@gmail.com> | 2023-07-30 19:33:20 +1000 |
---|---|---|
committer | Jesse Duffield <jessedduffield@gmail.com> | 2023-07-30 19:59:51 +1000 |
commit | 975d2bedb67c0c87203cfc7bdf2cd67d6d40d0f3 (patch) | |
tree | 8e208fc96d560ab50a8c450a337eaa29b7db0246 /pkg/commands | |
parent | 5c7839429909c411504351da8c1b204b3f5fa2f2 (diff) |
Remove secureexec package
From the go 1.19 release notes:
Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs.
Diffstat (limited to 'pkg/commands')
-rw-r--r-- | pkg/commands/git_config/get_key.go | 6 | ||||
-rw-r--r-- | pkg/commands/oscommands/cmd_obj.go | 8 | ||||
-rw-r--r-- | pkg/commands/oscommands/cmd_obj_builder.go | 5 | ||||
-rw-r--r-- | pkg/commands/oscommands/cmd_obj_test.go | 3 | ||||
-rw-r--r-- | pkg/commands/oscommands/fake_cmd_obj_runner.go | 37 | ||||
-rw-r--r-- | pkg/commands/oscommands/os_windows_test.go | 13 |
6 files changed, 15 insertions, 57 deletions
diff --git a/pkg/commands/git_config/get_key.go b/pkg/commands/git_config/get_key.go index c3156a2db..cd5a678ef 100644 --- a/pkg/commands/git_config/get_key.go +++ b/pkg/commands/git_config/get_key.go @@ -7,8 +7,6 @@ import ( "os/exec" "strings" "syscall" - - "github.com/jesseduffield/lazygit/pkg/secureexec" ) // including license from https://github.com/tcnksm/go-gitconfig because this file is an adaptation of that repo's code @@ -55,10 +53,10 @@ func runGitConfigCmd(cmd *exec.Cmd) (string, error) { func getGitConfigCmd(key string) *exec.Cmd { gitArgs := []string{"config", "--get", "--null", key} - return secureexec.Command("git", gitArgs...) + return exec.Command("git", gitArgs...) } func getGitConfigGeneralCmd(args string) *exec.Cmd { gitArgs := append([]string{"config"}, strings.Split(args, " ")...) - return secureexec.Command("git", gitArgs...) + return exec.Command("git", gitArgs...) } diff --git a/pkg/commands/oscommands/cmd_obj.go b/pkg/commands/oscommands/cmd_obj.go index d1cc23c67..06b07cd84 100644 --- a/pkg/commands/oscommands/cmd_obj.go +++ b/pkg/commands/oscommands/cmd_obj.go @@ -73,10 +73,6 @@ type ICmdObj interface { } type CmdObj struct { - // the secureexec package will swap out the first arg with the full path to the binary, - // so we store these args separately so that ToString() will output the original - args []string - cmd *exec.Cmd runner ICmdObjRunner @@ -121,7 +117,7 @@ func (self *CmdObj) GetCmd() *exec.Cmd { func (self *CmdObj) ToString() string { // if a given arg contains a space, we need to wrap it in quotes - quotedArgs := lo.Map(self.args, func(arg string, _ int) string { + quotedArgs := lo.Map(self.cmd.Args, func(arg string, _ int) string { if strings.Contains(arg, " ") { return `"` + arg + `"` } @@ -132,7 +128,7 @@ func (self *CmdObj) ToString() string { } func (self *CmdObj) Args() []string { - return self.args + return self.cmd.Args } func (self *CmdObj) AddEnvVars(vars ...string) ICmdObj { diff --git a/pkg/commands/oscommands/cmd_obj_builder.go b/pkg/commands/oscommands/cmd_obj_builder.go index 40aadaf1d..77fb7e7c9 100644 --- a/pkg/commands/oscommands/cmd_obj_builder.go +++ b/pkg/commands/oscommands/cmd_obj_builder.go @@ -3,9 +3,9 @@ package oscommands import ( "fmt" "os" + "os/exec" "strings" - "github.com/jesseduffield/lazygit/pkg/secureexec" "github.com/mgutz/str" ) @@ -27,11 +27,10 @@ type CmdObjBuilder struct { var _ ICmdObjBuilder = &CmdObjBuilder{} func (self *CmdObjBuilder) New(args []string) ICmdObj { - cmd := secureexec.Command(args[0], args[1:]...) + cmd := exec.Command(args[0], args[1:]...) cmd.Env = os.Environ() return &CmdObj{ - args: args, cmd: cmd, runner: self.runner, } diff --git a/pkg/commands/oscommands/cmd_obj_test.go b/pkg/commands/oscommands/cmd_obj_test.go index c9cb92eb5..b135f1b74 100644 --- a/pkg/commands/oscommands/cmd_obj_test.go +++ b/pkg/commands/oscommands/cmd_obj_test.go @@ -27,7 +27,8 @@ func TestCmdObjToString(t *testing.T) { } for _, scenario := range scenarios { - cmdObj := &CmdObj{args: scenario.cmdArgs} + cmd := exec.Command(scenario.cmdArgs[0], scenario.cmdArgs[1:]...) + cmdObj := &CmdObj{cmd: cmd} actual := cmdObj.ToString() if actual != scenario.expected { t.Errorf("Expected %s, got %s", quote(scenario.expected), quote(actual)) diff --git a/pkg/commands/oscommands/fake_cmd_obj_runner.go b/pkg/commands/oscommands/fake_cmd_obj_runner.go index dc75228a0..3e44bef3d 100644 --- a/pkg/commands/oscommands/fake_cmd_obj_runner.go +++ b/pkg/commands/oscommands/fake_cmd_obj_runner.go @@ -3,8 +3,6 @@ package oscommands import ( "bufio" "fmt" - "regexp" - "runtime" "strings" "sync" "testing" @@ -124,27 +122,7 @@ func (self *FakeCmdObjRunner) ExpectFunc(description string, fn func(cmdObj ICmd func (self *FakeCmdObjRunner) ExpectArgs(expectedArgs []string, output string, err error) *FakeCmdObjRunner { description := fmt.Sprintf("matches args %s", strings.Join(expectedArgs, " ")) self.ExpectFunc(description, func(cmdObj ICmdObj) bool { - args := cmdObj.GetCmd().Args - - if runtime.GOOS == "windows" { - // thanks to the secureexec package, the first arg is something like - // '"C:\\Program Files\\Git\\mingw64\\bin\\<command>.exe" - // on windows so we'll just ensure it contains our program - if !strings.Contains(args[0], expectedArgs[0]) { - return false - } - } else { - // first arg is the program name - if expectedArgs[0] != args[0] { - return false - } - } - - if !slices.Equal(expectedArgs[1:], args[1:]) { - return false - } - - return true + return slices.Equal(expectedArgs, cmdObj.GetCmd().Args) }, output, err) return self @@ -153,18 +131,7 @@ func (self *FakeCmdObjRunner) ExpectArgs(expectedArgs []string, output string, e func (self *FakeCmdObjRunner) ExpectGitArgs(expectedArgs []string, output string, err error) *FakeCmdObjRunner { description := fmt.Sprintf("matches git args %s", strings.Join(expectedArgs, " ")) self.ExpectFunc(description, func(cmdObj ICmdObj) bool { - // first arg is 'git' on unix and something like '"C:\\Program Files\\Git\\mingw64\\bin\\git.exe" on windows so we'll just ensure it ends in either 'git' or 'git.exe' - re := regexp.MustCompile(`git(\.exe)?$`) - args := cmdObj.GetCmd().Args - if !re.MatchString(args[0]) { - return false - } - - if !slices.Equal(expectedArgs, args[1:]) { - return false - } - - return true + return slices.Equal(expectedArgs, cmdObj.GetCmd().Args[1:]) }, output, err) return self diff --git a/pkg/commands/oscommands/os_windows_test.go b/pkg/commands/oscommands/os_windows_test.go index acb971b59..cf9c1e68a 100644 --- a/pkg/commands/oscommands/os_windows_test.go +++ b/pkg/commands/oscommands/os_windows_test.go @@ -6,7 +6,6 @@ package oscommands import ( "testing" - "github.com/cli/safeexec" "github.com/go-errors/errors" "github.com/stretchr/testify/assert" ) @@ -20,13 +19,11 @@ func TestOSCommandOpenFileWindows(t *testing.T) { test func(error) } - fullCmdPath, _ := safeexec.LookPath("cmd") - scenarios := []scenario{ { filename: "test", runner: NewFakeRunner(t). - ExpectArgs([]string{fullCmdPath, "/c", "start", "", "test"}, "", errors.New("error")), + ExpectArgs([]string{"cmd", "/c", "start", "", "test"}, "", errors.New("error")), test: func(err error) { assert.Error(t, err) }, @@ -34,7 +31,7 @@ func TestOSCommandOpenFileWindows(t *testing.T) { { filename: "test", runner: NewFakeRunner(t). - ExpectArgs([]string{fullCmdPath, "/c", "start", "", "test"}, "", nil), + ExpectArgs([]string{"cmd", "/c", "start", "", "test"}, "", nil), test: func(err error) { assert.NoError(t, err) }, @@ -42,7 +39,7 @@ func TestOSCommandOpenFileWindows(t *testing.T) { { filename: "filename with spaces", runner: NewFakeRunner(t). - ExpectArgs([]string{fullCmdPath, "/c", "start", "", "filename with spaces"}, "", nil), + ExpectArgs([]string{"cmd", "/c", "start", "", "filename with spaces"}, "", nil), test: func(err error) { assert.NoError(t, err) }, @@ -50,7 +47,7 @@ func TestOSCommandOpenFileWindows(t *testing.T) { { filename: "let's_test_with_single_quote", runner: NewFakeRunner(t). - ExpectArgs([]string{fullCmdPath, "/c", "start", "", "let's_test_with_single_quote"}, "", nil), + ExpectArgs([]string{"cmd", "/c", "start", "", "let's_test_with_single_quote"}, "", nil), test: func(err error) { assert.NoError(t, err) }, @@ -58,7 +55,7 @@ func TestOSCommandOpenFileWindows(t *testing.T) { { filename: "$USER.txt", runner: NewFakeRunner(t). - ExpectArgs([]string{fullCmdPath, "/c", "start", "", "$USER.txt"}, "", nil), + ExpectArgs([]string{"cmd", "/c", "start", "", "$USER.txt"}, "", nil), test: func(err error) { assert.NoError(t, err) }, |