{"id":13707118,"url":"https://github.com/cli/safeexec","last_synced_at":"2025-04-04T18:06:04.683Z","repository":{"id":57555443,"uuid":"311695540","full_name":"cli/safeexec","owner":"cli","description":"A safer version of exec.LookPath on Windows","archived":false,"fork":false,"pushed_at":"2024-01-29T10:13:12.000Z","size":11,"stargazers_count":92,"open_issues_count":0,"forks_count":20,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-28T17:08:43.784Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cli.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-10T15:08:24.000Z","updated_at":"2025-03-09T04:08:06.000Z","dependencies_parsed_at":"2024-06-18T13:33:18.443Z","dependency_job_id":"230b2443-2e80-4729-b70b-ec8d802931a0","html_url":"https://github.com/cli/safeexec","commit_stats":{"total_commits":6,"total_committers":2,"mean_commits":3.0,"dds":"0.33333333333333337","last_synced_commit":"df52b7a548d8476be1ec3ed3fd70d1aaeca28dbb"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fsafeexec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fsafeexec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fsafeexec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fsafeexec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cli","download_url":"https://codeload.github.com/cli/safeexec/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247226213,"owners_count":20904465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T22:01:20.218Z","updated_at":"2025-04-04T18:06:04.662Z","avatar_url":"https://github.com/cli.png","language":"Go","readme":"# safeexec\n\nA Go module that provides a stabler alternative to `exec.LookPath()` that:\n- Avoids a Windows security risk of executing commands found in the current directory; and\n- Allows executing commands found in PATH, even if they come from relative PATH entries.\n\nThis is an alternative to [`golang.org/x/sys/execabs`](https://pkg.go.dev/golang.org/x/sys/execabs).\n\n## Usage\n```go\nimport (\n    \"os/exec\"\n    \"github.com/cli/safeexec\"\n)\n\nfunc gitStatus() error {\n    gitBin, err := safeexec.LookPath(\"git\")\n    if err != nil {\n        return err\n    }\n    cmd := exec.Command(gitBin, \"status\")\n    return cmd.Run()\n}\n```\n\n## Background\n### Windows security vulnerability with Go \u003c= 1.18\nGo 1.18 (and older) standard library has a security vulnerability when executing programs:\n```go\nimport \"os/exec\"\n\nfunc gitStatus() error {\n    // On Windows, this will result in `.\\git.exe` or `.\\git.bat` being executed\n    // if either were found in the current working directory.\n    cmd := exec.Command(\"git\", \"status\")\n    return cmd.Run()\n}\n```\n\nFor historic reasons, Go used to implicitly [include the current directory](https://github.com/golang/go/issues/38736) in the PATH resolution on Windows. The `safeexec` package avoids searching the current directory on Windows.\n\n### Relative PATH entries with Go 1.19+\n\nGo 1.19 (and newer) standard library [throws an error](https://github.com/golang/go/issues/43724) if `exec.LookPath(\"git\")` resolved to an executable relative to the current directory. This can happen on other platforms if the PATH environment variable contains relative entries, e.g. `PATH=./bin:$PATH`. The `safeexec` package allows respecting relative PATH entries as it assumes that the responsibility for keeping PATH safe lies outside of the Go program.\n\n## TODO\n\nIdeally, this module would also provide `exec.Command()` and `exec.CommandContext()` equivalents that delegate to the patched version of `LookPath`. However, this doesn't seem possible since `LookPath` may return an error, while `exec.Command/CommandContext()` themselves do not return an error. In the standard library, the resulting `exec.Cmd` struct stores the LookPath error in a private field, but that functionality isn't available to us.\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcli%2Fsafeexec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcli%2Fsafeexec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcli%2Fsafeexec/lists"}