all: replace all usages of os/exec with golang.org/x/sys/execabs

This change ensures that packages using exec.LookPath or exec.Command to find or run binaries do not accidentally run programs from the current directory when they mean to run programs from the system PATH instead. Change-Id: I5907aa630ff64012395a7eb472967a477d90f12e Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949438 Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-by: Russ Cox <rsc@google.com> Reviewed-on: https://go-review.googlesource.com/c/tools/+/284773 Run-TryBot: Roland Shoemaker <roland@golang.org> gopls-CI: kokoro <noreply+kokoro@google.com> TryBot-Result: Go Bot <gobot@golang.org> Trust: Roland Shoemaker <roland@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
2021-01-11 10:19:11 -08:00 · 2021-01-11 10:19:11 -08:00 · fe37c9e135
parent a46736d9d9
commit fe37c9e135
40 changed files with 42 additions and 36 deletions
--- a/cmd/auth/authtest/authtest.go
+++ b/cmd/auth/authtest/authtest.go
@ -18,13 +18,13 @@ import (
 	"bytes"
 	"flag"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"log"
 	"net/http"
 	"net/textproto"
 	"net/url"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 )
--- a/cmd/auth/gitauth/gitauth.go
+++ b/cmd/auth/gitauth/gitauth.go
@ -16,11 +16,11 @@ package main
 import (
 	"bytes"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"log"
 	"net/http"
 	"net/url"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 )
--- a/cmd/compilebench/main.go
+++ b/cmd/compilebench/main.go
@ -82,10 +82,10 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"
--- a/cmd/cover/html.go
+++ b/cmd/cover/html.go
@ -8,12 +8,12 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"html/template"
 	"io"
 	"io/ioutil"
 	"math"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"

--- a/cmd/eg/eg.go
+++ b/cmd/eg/eg.go
@ -14,8 +14,8 @@ import (
 	"go/format"
 	"go/parser"
 	"go/token"
+	exec "golang.org/x/sys/execabs"
 	"os"
-	"os/exec"
 	"strings"

 	"golang.org/x/tools/go/buildutil"
--- a/cmd/fiximports/main.go
+++ b/cmd/fiximports/main.go
@ -79,11 +79,11 @@ import (
 	"go/format"
 	"go/parser"
 	"go/token"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"sort"
--- a/cmd/getgo/main.go
+++ b/cmd/getgo/main.go
@ -13,8 +13,8 @@ import (
 	"errors"
 	"flag"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"os"
-	"os/exec"
 	"strings"
 )

--- a/cmd/getgo/system.go
+++ b/cmd/getgo/system.go
@ -9,7 +9,7 @@ package main
 import (
 	"bytes"
 	"context"
-	"os/exec"
+	exec "golang.org/x/sys/execabs"
 	"runtime"
 	"strings"
 )
--- a/cmd/go-contrib-init/contrib.go
+++ b/cmd/go-contrib-init/contrib.go
@ -13,10 +13,10 @@ import (
 	"flag"
 	"fmt"
 	"go/build"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"runtime"
--- a/cmd/godoc/goroot.go
+++ b/cmd/godoc/goroot.go
@ -5,8 +5,8 @@
 package main

 import (
+	exec "golang.org/x/sys/execabs"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
--- a/cmd/godoc/main.go
+++ b/cmd/godoc/main.go
@ -25,13 +25,13 @@ import (
 	"flag"
 	"fmt"
 	"go/build"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"log"
 	"net/http"
 	_ "net/http/pprof" // to serve /debug/pprof/*
 	"net/url"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"regexp"
--- a/cmd/goimports/goimports.go
+++ b/cmd/goimports/goimports.go
@ -11,11 +11,11 @@ import (
 	"flag"
 	"fmt"
 	"go/scanner"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"runtime/pprof"
--- a/cmd/stress/stress.go
+++ b/cmd/stress/stress.go
@ -17,9 +17,9 @@ package main
 import (
 	"flag"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"runtime"
--- a/cmd/toolstash/main.go
+++ b/cmd/toolstash/main.go
@ -127,11 +127,11 @@ import (
 	"bufio"
 	"flag"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
--- a/go.mod
+++ b/go.mod
@ -7,5 +7,6 @@ require (
 	golang.org/x/mod v0.3.0
 	golang.org/x/net v0.0.0-20201021035429-f5854403a974
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
+	golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 )
--- a/go.sum
+++ b/go.sum
@ -15,6 +15,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
--- a/go/internal/cgo/cgo.go
+++ b/go/internal/cgo/cgo.go
@ -57,10 +57,10 @@ import (
 	"go/build"
 	"go/parser"
 	"go/token"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strings"
--- a/go/internal/cgo/cgo_pkgconfig.go
+++ b/go/internal/cgo/cgo_pkgconfig.go
@ -8,7 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"go/build"
-	"os/exec"
+	exec "golang.org/x/sys/execabs"
 	"strings"
 )

--- a/go/internal/gccgoimporter/gccgoinstallation.go
+++ b/go/internal/gccgoimporter/gccgoinstallation.go
@ -10,8 +10,8 @@ package gccgoimporter
 import (
 	"bufio"
 	"go/types"
+	exec "golang.org/x/sys/execabs"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 )
--- a/go/packages/external.go
+++ b/go/packages/external.go
@ -12,8 +12,8 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"os"
-	"os/exec"
 	"strings"
 )

--- a/go/packages/golist.go
+++ b/go/packages/golist.go
@ -10,10 +10,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"go/types"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"reflect"
--- a/go/pointer/util.go
+++ b/go/pointer/util.go
@ -8,9 +8,9 @@ import (
 	"bytes"
 	"fmt"
 	"go/types"
+	exec "golang.org/x/sys/execabs"
 	"log"
 	"os"
-	"os/exec"
 	"runtime"
 	"time"

--- a/go/vcs/vcs.go
+++ b/go/vcs/vcs.go
@ -19,10 +19,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"log"
 	"net/url"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"
--- a/gopls/go.mod
+++ b/gopls/go.mod
@ -7,6 +7,7 @@ require (
 	github.com/sanity-io/litter v1.3.0
 	github.com/sergi/go-diff v1.1.0
 	golang.org/x/mod v0.4.0
+	golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4
 	golang.org/x/tools v0.0.0-20210104081019-d8d6ddbec6ee
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	honnef.co/go/tools v0.0.1-2020.1.6
--- a/gopls/go.sum
+++ b/gopls/go.sum
@ -46,6 +46,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
--- a/gopls/integration/replay/main.go
+++ b/gopls/integration/replay/main.go
@ -10,9 +10,9 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"log"
 	"os"
-	"os/exec"
 	"sort"
 	"strconv"
 	"strings"
--- a/gopls/internal/hooks/licenses.go
+++ b/gopls/internal/hooks/licenses.go
@ -168,4 +168,4 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 `

-const licensesGeneratedFrom = "3fbcbd4a23419568c3f6609cc89f2918537c4ea023dc11a5bb55e3d3e5a67368"
+const licensesGeneratedFrom = "029a0f934a7bad22a7d47185055bc554b1ea23ce427351caa87d9a088fcfba4e"
--- a/gopls/internal/regtest/runner.go
+++ b/gopls/internal/regtest/runner.go
@ -8,11 +8,11 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"net"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime/pprof"
 	"strings"
--- a/gopls/release/release.go
+++ b/gopls/release/release.go
@ -15,10 +15,10 @@ import (
 	"flag"
 	"fmt"
 	"go/types"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strconv"
--- a/internal/gocommand/invoke.go
+++ b/internal/gocommand/invoke.go
@ -9,9 +9,9 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"os"
-	"os/exec"
 	"regexp"
 	"strconv"
 	"strings"
--- a/internal/imports/mkstdlib.go
+++ b/internal/imports/mkstdlib.go
@ -14,11 +14,11 @@ import (
 	"bytes"
 	"fmt"
 	"go/format"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"runtime"
--- a/internal/lsp/browser/browser.go
+++ b/internal/lsp/browser/browser.go
@ -6,8 +6,8 @@
 package browser

 import (
+	exec "golang.org/x/sys/execabs"
 	"os"
-	"os/exec"
 	"runtime"
 	"time"
 )
--- a/internal/lsp/cache/view.go
+++ b/internal/lsp/cache/view.go
@ -9,10 +9,10 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"reflect"
--- a/internal/lsp/cmd/test/format.go
+++ b/internal/lsp/cmd/test/format.go
@ -6,9 +6,9 @@ package cmdtest

 import (
 	"bytes"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"regexp"
 	"strings"
 	"testing"
--- a/internal/lsp/lsprpc/autostart_default.go
+++ b/internal/lsp/lsprpc/autostart_default.go
@ -5,7 +5,7 @@
 package lsprpc

 import (
-	"os/exec"
+	exec "golang.org/x/sys/execabs"

 	errors "golang.org/x/xerrors"
 )
--- a/internal/lsp/lsprpc/autostart_posix.go
+++ b/internal/lsp/lsprpc/autostart_posix.go
@ -10,9 +10,9 @@ import (
 	"crypto/sha256"
 	"errors"
 	"fmt"
+	exec "golang.org/x/sys/execabs"
 	"log"
 	"os"
-	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strconv"
--- a/internal/testenv/testenv.go
+++ b/internal/testenv/testenv.go
@ -10,9 +10,9 @@ import (
 	"bytes"
 	"fmt"
 	"go/build"
+	exec "golang.org/x/sys/execabs"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"runtime"
 	"strings"
 	"sync"
--- a/playground/socket/socket.go
+++ b/playground/socket/socket.go
@ -19,6 +19,7 @@ import (
 	"errors"
 	"go/parser"
 	"go/token"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"log"
@ -26,7 +27,6 @@ import (
 	"net/http"
 	"net/url"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
--- a/refactor/rename/mvpkg.go
+++ b/refactor/rename/mvpkg.go
@ -18,9 +18,9 @@ import (
 	"go/build"
 	"go/format"
 	"go/token"
+	exec "golang.org/x/sys/execabs"
 	"log"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"regexp"
--- a/refactor/rename/rename.go
+++ b/refactor/rename/rename.go
@ -17,11 +17,11 @@ import (
 	"go/parser"
 	"go/token"
 	"go/types"
+	exec "golang.org/x/sys/execabs"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path"
 	"regexp"
 	"sort"