Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cli/safeexec

A safer version of exec.LookPath on Windows
https://github.com/cli/safeexec

Last synced: about 1 month ago
JSON representation

A safer version of exec.LookPath on Windows

Host: GitHub
URL: https://github.com/cli/safeexec
Owner: cli
License: bsd-2-clause
Created: 2020-11-10T15:08:24.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-01-29T10:13:12.000Z (11 months ago)
Last Synced: 2024-08-03T22:19:30.364Z (4 months ago)
Language: Go
Homepage:
Size: 10.7 KB
Stars: 85
Watchers: 7
Forks: 30
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

jimsghstars - cli/safeexec - A safer version of exec.LookPath on Windows (Go)

README

        # safeexec

A Go module that provides a stabler alternative to `exec.LookPath()` that:

- Avoids a Windows security risk of executing commands found in the current directory; and

- Allows executing commands found in PATH, even if they come from relative PATH entries.

This is an alternative to [`golang.org/x/sys/execabs`](https://pkg.go.dev/golang.org/x/sys/execabs).

## Usage

```go

import (

    "os/exec"

    "github.com/cli/safeexec"

)

func gitStatus() error {

    gitBin, err := safeexec.LookPath("git")

    if err != nil {

        return err

    }

    cmd := exec.Command(gitBin, "status")

    return cmd.Run()

}

```

## Background

### Windows security vulnerability with Go <= 1.18

Go 1.18 (and older) standard library has a security vulnerability when executing programs:

```go

import "os/exec"

func gitStatus() error {

    // On Windows, this will result in `.\git.exe` or `.\git.bat` being executed

    // if either were found in the current working directory.

    cmd := exec.Command("git", "status")

    return cmd.Run()

}

```

For historic reasons, Go used to implicitly [include the current directory](https://github.com/golang/go/issues/38736) in the PATH resolution on Windows. The `safeexec` package avoids searching the current directory on Windows.

### Relative PATH entries with Go 1.19+

Go 1.19 (and newer) standard library [throws an error](https://github.com/golang/go/issues/43724) if `exec.LookPath("git")` resolved to an executable relative to the current directory. This can happen on other platforms if the PATH environment variable contains relative entries, e.g. `PATH=./bin:$PATH`. The `safeexec` package allows respecting relative PATH entries as it assumes that the responsibility for keeping PATH safe lies outside of the Go program.

## TODO

Ideally, this module would also provide `exec.Command()` and `exec.CommandContext()` equivalents that delegate to the patched version of `LookPath`. However, this doesn't seem possible since `LookPath` may return an error, while `exec.Command/CommandContext()` themselves do not return an error. In the standard library, the resulting `exec.Cmd` struct stores the LookPath error in a private field, but that functionality isn't available to us.