diff options
Diffstat (limited to 'pkg/secureexec/secureexec_windows.go')
| -rw-r--r-- | pkg/secureexec/secureexec_windows.go | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/pkg/secureexec/secureexec_windows.go b/pkg/secureexec/secureexec_windows.go new file mode 100644 index 000000000..537e0bfc1 --- /dev/null +++ b/pkg/secureexec/secureexec_windows.go @@ -0,0 +1,30 @@ +// +build windows + +package secureexec + +import ( + "os/exec" + + "github.com/cli/safeexec" +) + +// calling exec.Command directly on a windows machine poses a security risk due to +// the current directory being searched first before any directories in the PATH +// variable, meaning you might clone a repo that contains a program called 'git' +// which does something malicious when executed. + +// see https://github.com/golang/go/issues/38736 for more context. We'll likely +// be able to just throw out this code and switch to the official solution when it exists. + +// I consider this a minor security concern because you're just as vulnerable if +// you call `git status` from the command line directly but no harm in playing it +// safe. + +func Command(name string, args ...string) *exec.Cmd { + bin, err := safeexec.LookPath(name) + if err != nil { + bin = name + } + + return exec.Command(bin, args...) +} |