golang-github-cli-safeexec-dev binary package in Ubuntu Noble amd64
safeexec is a Go module that provides a safer alternative to exec.LookPath()
on Windows.
.
The following, relatively common approach to running external commands
has a subtle vulnerability on Windows:
.
import "os/exec"
.
func gitStatus() error {
// On Windows, this will result in .\git.exe or .\git.bat being executed
// if either were found in the current working directory.
cmd := exec.Command("git", "status") return cmd.Run()
}
.
Searching the current directory (surprising behavior) before searching
folders listed in the PATH environment variable (expected behavior)
seems to be intended in Go and unlikely to be changed:
https:/
.
Since Go does not provide a version of exec.LookPath() that only searches
PATH and does not search the current working directory, this module provides
a LookPath function that works consistently across platforms.
.
Example use:
.
import (
"os/exec" "github.
)
.
func gitStatus() error {
gitBin, err := safeexec.
if err != nil {
return err
}
cmd := exec.Command(
return cmd.Run()
}
Publishing history
Date | Status | Target | Component | Section | Priority | Phased updates | Version | ||
---|---|---|---|---|---|---|---|---|---|
2023-10-23 22:30:24 UTC | Published | Ubuntu Noble amd64 | release | universe | golang | Optional | 1.0.1-1 | ||
|