From fe37c9e135b934191089b245ac29325091462508 Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Mon, 11 Jan 2021 10:19:11 -0800 Subject: [PATCH] all: replace all usages of os/exec with golang.org/x/sys/execabs This change ensures that packages using exec.LookPath or exec.Command to find or run binaries do not accidentally run programs from the current directory when they mean to run programs from the system PATH instead. Change-Id: I5907aa630ff64012395a7eb472967a477d90f12e Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949438 Reviewed-by: Katie Hockman Reviewed-by: Russ Cox Reviewed-on: https://go-review.googlesource.com/c/tools/+/284773 Run-TryBot: Roland Shoemaker gopls-CI: kokoro TryBot-Result: Go Bot Trust: Roland Shoemaker Reviewed-by: Russ Cox --- cmd/auth/authtest/authtest.go | 2 +- cmd/auth/gitauth/gitauth.go | 2 +- cmd/compilebench/main.go | 2 +- cmd/cover/html.go | 2 +- cmd/eg/eg.go | 2 +- cmd/fiximports/main.go | 2 +- cmd/getgo/main.go | 2 +- cmd/getgo/system.go | 2 +- cmd/go-contrib-init/contrib.go | 2 +- cmd/godoc/goroot.go | 2 +- cmd/godoc/main.go | 2 +- cmd/goimports/goimports.go | 2 +- cmd/stress/stress.go | 2 +- cmd/toolstash/main.go | 2 +- go.mod | 1 + go.sum | 2 ++ go/internal/cgo/cgo.go | 2 +- go/internal/cgo/cgo_pkgconfig.go | 2 +- go/internal/gccgoimporter/gccgoinstallation.go | 2 +- go/packages/external.go | 2 +- go/packages/golist.go | 2 +- go/pointer/util.go | 2 +- go/vcs/vcs.go | 2 +- gopls/go.mod | 1 + gopls/go.sum | 2 ++ gopls/integration/replay/main.go | 2 +- gopls/internal/hooks/licenses.go | 2 +- gopls/internal/regtest/runner.go | 2 +- gopls/release/release.go | 2 +- internal/gocommand/invoke.go | 2 +- internal/imports/mkstdlib.go | 2 +- internal/lsp/browser/browser.go | 2 +- internal/lsp/cache/view.go | 2 +- internal/lsp/cmd/test/format.go | 2 +- internal/lsp/lsprpc/autostart_default.go | 2 +- internal/lsp/lsprpc/autostart_posix.go | 2 +- internal/testenv/testenv.go | 2 +- playground/socket/socket.go | 2 +- refactor/rename/mvpkg.go | 2 +- refactor/rename/rename.go | 2 +- 40 files changed, 42 insertions(+), 36 deletions(-) diff --git a/cmd/auth/authtest/authtest.go b/cmd/auth/authtest/authtest.go index 263eed828c..0489b93178 100644 --- a/cmd/auth/authtest/authtest.go +++ b/cmd/auth/authtest/authtest.go @@ -18,13 +18,13 @@ import ( "bytes" "flag" "fmt" + exec "golang.org/x/sys/execabs" "io" "log" "net/http" "net/textproto" "net/url" "os" - "os/exec" "path/filepath" "strings" ) diff --git a/cmd/auth/gitauth/gitauth.go b/cmd/auth/gitauth/gitauth.go index b481fe6b99..7bfca6efb6 100644 --- a/cmd/auth/gitauth/gitauth.go +++ b/cmd/auth/gitauth/gitauth.go @@ -16,11 +16,11 @@ package main import ( "bytes" "fmt" + exec "golang.org/x/sys/execabs" "log" "net/http" "net/url" "os" - "os/exec" "path/filepath" "strings" ) diff --git a/cmd/compilebench/main.go b/cmd/compilebench/main.go index afce21817b..d7da6d51bc 100644 --- a/cmd/compilebench/main.go +++ b/cmd/compilebench/main.go @@ -82,10 +82,10 @@ import ( "encoding/json" "flag" "fmt" + exec "golang.org/x/sys/execabs" "io/ioutil" "log" "os" - "os/exec" "path/filepath" "regexp" "strconv" diff --git a/cmd/cover/html.go b/cmd/cover/html.go index ef50e2bfce..0f8c72542b 100644 --- a/cmd/cover/html.go +++ b/cmd/cover/html.go @@ -8,12 +8,12 @@ import ( "bufio" "bytes" "fmt" + exec "golang.org/x/sys/execabs" "html/template" "io" "io/ioutil" "math" "os" - "os/exec" "path/filepath" "runtime" diff --git a/cmd/eg/eg.go b/cmd/eg/eg.go index 9199f420b0..a5473ad936 100644 --- a/cmd/eg/eg.go +++ b/cmd/eg/eg.go @@ -14,8 +14,8 @@ import ( "go/format" "go/parser" "go/token" + exec "golang.org/x/sys/execabs" "os" - "os/exec" "strings" "golang.org/x/tools/go/buildutil" diff --git a/cmd/fiximports/main.go b/cmd/fiximports/main.go index 53a9944f2c..f572a15c59 100644 --- a/cmd/fiximports/main.go +++ b/cmd/fiximports/main.go @@ -79,11 +79,11 @@ import ( "go/format" "go/parser" "go/token" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "log" "os" - "os/exec" "path" "path/filepath" "sort" diff --git a/cmd/getgo/main.go b/cmd/getgo/main.go index 792ea05abf..417e860ece 100644 --- a/cmd/getgo/main.go +++ b/cmd/getgo/main.go @@ -13,8 +13,8 @@ import ( "errors" "flag" "fmt" + exec "golang.org/x/sys/execabs" "os" - "os/exec" "strings" ) diff --git a/cmd/getgo/system.go b/cmd/getgo/system.go index 07d6f85709..232ca366ca 100644 --- a/cmd/getgo/system.go +++ b/cmd/getgo/system.go @@ -9,7 +9,7 @@ package main import ( "bytes" "context" - "os/exec" + exec "golang.org/x/sys/execabs" "runtime" "strings" ) diff --git a/cmd/go-contrib-init/contrib.go b/cmd/go-contrib-init/contrib.go index 7c6574636f..e2bb5070c6 100644 --- a/cmd/go-contrib-init/contrib.go +++ b/cmd/go-contrib-init/contrib.go @@ -13,10 +13,10 @@ import ( "flag" "fmt" "go/build" + exec "golang.org/x/sys/execabs" "io/ioutil" "log" "os" - "os/exec" "path/filepath" "regexp" "runtime" diff --git a/cmd/godoc/goroot.go b/cmd/godoc/goroot.go index 755069d949..c284ca8910 100644 --- a/cmd/godoc/goroot.go +++ b/cmd/godoc/goroot.go @@ -5,8 +5,8 @@ package main import ( + exec "golang.org/x/sys/execabs" "os" - "os/exec" "path/filepath" "runtime" "strings" diff --git a/cmd/godoc/main.go b/cmd/godoc/main.go index 7dba4d20e1..02f0eb6c6f 100644 --- a/cmd/godoc/main.go +++ b/cmd/godoc/main.go @@ -25,13 +25,13 @@ import ( "flag" "fmt" "go/build" + exec "golang.org/x/sys/execabs" "io" "log" "net/http" _ "net/http/pprof" // to serve /debug/pprof/* "net/url" "os" - "os/exec" "path" "path/filepath" "regexp" diff --git a/cmd/goimports/goimports.go b/cmd/goimports/goimports.go index 27708972d1..b354c9e824 100644 --- a/cmd/goimports/goimports.go +++ b/cmd/goimports/goimports.go @@ -11,11 +11,11 @@ import ( "flag" "fmt" "go/scanner" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "log" "os" - "os/exec" "path/filepath" "runtime" "runtime/pprof" diff --git a/cmd/stress/stress.go b/cmd/stress/stress.go index e127735b78..4ff6cf3a82 100644 --- a/cmd/stress/stress.go +++ b/cmd/stress/stress.go @@ -17,9 +17,9 @@ package main import ( "flag" "fmt" + exec "golang.org/x/sys/execabs" "io/ioutil" "os" - "os/exec" "path/filepath" "regexp" "runtime" diff --git a/cmd/toolstash/main.go b/cmd/toolstash/main.go index b462b500d5..4c34942018 100644 --- a/cmd/toolstash/main.go +++ b/cmd/toolstash/main.go @@ -127,11 +127,11 @@ import ( "bufio" "flag" "fmt" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "log" "os" - "os/exec" "path/filepath" "runtime" "strings" diff --git a/go.mod b/go.mod index 57607cba25..aaefd1fd9b 100644 --- a/go.mod +++ b/go.mod @@ -7,5 +7,6 @@ require ( golang.org/x/mod v0.3.0 golang.org/x/net v0.0.0-20201021035429-f5854403a974 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 + golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 ) diff --git a/go.sum b/go.sum index 16080066ef..12a6e9419a 100644 --- a/go.sum +++ b/go.sum @@ -15,6 +15,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/go/internal/cgo/cgo.go b/go/internal/cgo/cgo.go index 5db8b30967..9772504c97 100644 --- a/go/internal/cgo/cgo.go +++ b/go/internal/cgo/cgo.go @@ -57,10 +57,10 @@ import ( "go/build" "go/parser" "go/token" + exec "golang.org/x/sys/execabs" "io/ioutil" "log" "os" - "os/exec" "path/filepath" "regexp" "strings" diff --git a/go/internal/cgo/cgo_pkgconfig.go b/go/internal/cgo/cgo_pkgconfig.go index b5bb95a63e..7d94bbc1e5 100644 --- a/go/internal/cgo/cgo_pkgconfig.go +++ b/go/internal/cgo/cgo_pkgconfig.go @@ -8,7 +8,7 @@ import ( "errors" "fmt" "go/build" - "os/exec" + exec "golang.org/x/sys/execabs" "strings" ) diff --git a/go/internal/gccgoimporter/gccgoinstallation.go b/go/internal/gccgoimporter/gccgoinstallation.go index fac41005c6..365521e235 100644 --- a/go/internal/gccgoimporter/gccgoinstallation.go +++ b/go/internal/gccgoimporter/gccgoinstallation.go @@ -10,8 +10,8 @@ package gccgoimporter import ( "bufio" "go/types" + exec "golang.org/x/sys/execabs" "os" - "os/exec" "path/filepath" "strings" ) diff --git a/go/packages/external.go b/go/packages/external.go index 7db1d1293a..7242a0a7d2 100644 --- a/go/packages/external.go +++ b/go/packages/external.go @@ -12,8 +12,8 @@ import ( "bytes" "encoding/json" "fmt" + exec "golang.org/x/sys/execabs" "os" - "os/exec" "strings" ) diff --git a/go/packages/golist.go b/go/packages/golist.go index c83ca097a9..ec417ba830 100644 --- a/go/packages/golist.go +++ b/go/packages/golist.go @@ -10,10 +10,10 @@ import ( "encoding/json" "fmt" "go/types" + exec "golang.org/x/sys/execabs" "io/ioutil" "log" "os" - "os/exec" "path" "path/filepath" "reflect" diff --git a/go/pointer/util.go b/go/pointer/util.go index 986dd09a10..5bdd623c0e 100644 --- a/go/pointer/util.go +++ b/go/pointer/util.go @@ -8,9 +8,9 @@ import ( "bytes" "fmt" "go/types" + exec "golang.org/x/sys/execabs" "log" "os" - "os/exec" "runtime" "time" diff --git a/go/vcs/vcs.go b/go/vcs/vcs.go index 1deb8137d8..f2aac1c0d1 100644 --- a/go/vcs/vcs.go +++ b/go/vcs/vcs.go @@ -19,10 +19,10 @@ import ( "encoding/json" "errors" "fmt" + exec "golang.org/x/sys/execabs" "log" "net/url" "os" - "os/exec" "path/filepath" "regexp" "strconv" diff --git a/gopls/go.mod b/gopls/go.mod index 390d162344..7812cbcd8b 100644 --- a/gopls/go.mod +++ b/gopls/go.mod @@ -7,6 +7,7 @@ require ( github.com/sanity-io/litter v1.3.0 github.com/sergi/go-diff v1.1.0 golang.org/x/mod v0.4.0 + golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 golang.org/x/tools v0.0.0-20210104081019-d8d6ddbec6ee golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 honnef.co/go/tools v0.0.1-2020.1.6 diff --git a/gopls/go.sum b/gopls/go.sum index c3f96cb0dd..5c8cfb0f6e 100644 --- a/gopls/go.sum +++ b/gopls/go.sum @@ -46,6 +46,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/gopls/integration/replay/main.go b/gopls/integration/replay/main.go index 683ef8198d..35cd1d53e3 100644 --- a/gopls/integration/replay/main.go +++ b/gopls/integration/replay/main.go @@ -10,9 +10,9 @@ import ( "context" "flag" "fmt" + exec "golang.org/x/sys/execabs" "log" "os" - "os/exec" "sort" "strconv" "strings" diff --git a/gopls/internal/hooks/licenses.go b/gopls/internal/hooks/licenses.go index 58dea04aa1..028c90e22c 100644 --- a/gopls/internal/hooks/licenses.go +++ b/gopls/internal/hooks/licenses.go @@ -168,4 +168,4 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ` -const licensesGeneratedFrom = "3fbcbd4a23419568c3f6609cc89f2918537c4ea023dc11a5bb55e3d3e5a67368" +const licensesGeneratedFrom = "029a0f934a7bad22a7d47185055bc554b1ea23ce427351caa87d9a088fcfba4e" diff --git a/gopls/internal/regtest/runner.go b/gopls/internal/regtest/runner.go index d168d18d71..1e77cb8ef3 100644 --- a/gopls/internal/regtest/runner.go +++ b/gopls/internal/regtest/runner.go @@ -8,11 +8,11 @@ import ( "bytes" "context" "fmt" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "net" "os" - "os/exec" "path/filepath" "runtime/pprof" "strings" diff --git a/gopls/release/release.go b/gopls/release/release.go index 62455fe1bb..173909122b 100644 --- a/gopls/release/release.go +++ b/gopls/release/release.go @@ -15,10 +15,10 @@ import ( "flag" "fmt" "go/types" + exec "golang.org/x/sys/execabs" "io/ioutil" "log" "os" - "os/exec" "os/user" "path/filepath" "strconv" diff --git a/internal/gocommand/invoke.go b/internal/gocommand/invoke.go index f65aad4ec9..8659a0c5da 100644 --- a/internal/gocommand/invoke.go +++ b/internal/gocommand/invoke.go @@ -9,9 +9,9 @@ import ( "bytes" "context" "fmt" + exec "golang.org/x/sys/execabs" "io" "os" - "os/exec" "regexp" "strconv" "strings" diff --git a/internal/imports/mkstdlib.go b/internal/imports/mkstdlib.go index 82d8f51472..cf0fc49f97 100644 --- a/internal/imports/mkstdlib.go +++ b/internal/imports/mkstdlib.go @@ -14,11 +14,11 @@ import ( "bytes" "fmt" "go/format" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "log" "os" - "os/exec" "path/filepath" "regexp" "runtime" diff --git a/internal/lsp/browser/browser.go b/internal/lsp/browser/browser.go index 6867c85d23..0ac4f20f0b 100644 --- a/internal/lsp/browser/browser.go +++ b/internal/lsp/browser/browser.go @@ -6,8 +6,8 @@ package browser import ( + exec "golang.org/x/sys/execabs" "os" - "os/exec" "runtime" "time" ) diff --git a/internal/lsp/cache/view.go b/internal/lsp/cache/view.go index 16bef0b5fc..ec35561975 100644 --- a/internal/lsp/cache/view.go +++ b/internal/lsp/cache/view.go @@ -9,10 +9,10 @@ import ( "context" "encoding/json" "fmt" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "os" - "os/exec" "path" "path/filepath" "reflect" diff --git a/internal/lsp/cmd/test/format.go b/internal/lsp/cmd/test/format.go index f5b4631604..77eedd440e 100644 --- a/internal/lsp/cmd/test/format.go +++ b/internal/lsp/cmd/test/format.go @@ -6,9 +6,9 @@ package cmdtest import ( "bytes" + exec "golang.org/x/sys/execabs" "io/ioutil" "os" - "os/exec" "regexp" "strings" "testing" diff --git a/internal/lsp/lsprpc/autostart_default.go b/internal/lsp/lsprpc/autostart_default.go index 2ddc5b6cb5..dc04f663f6 100644 --- a/internal/lsp/lsprpc/autostart_default.go +++ b/internal/lsp/lsprpc/autostart_default.go @@ -5,7 +5,7 @@ package lsprpc import ( - "os/exec" + exec "golang.org/x/sys/execabs" errors "golang.org/x/xerrors" ) diff --git a/internal/lsp/lsprpc/autostart_posix.go b/internal/lsp/lsprpc/autostart_posix.go index d6c832bbe2..9ad3f1dcda 100644 --- a/internal/lsp/lsprpc/autostart_posix.go +++ b/internal/lsp/lsprpc/autostart_posix.go @@ -10,9 +10,9 @@ import ( "crypto/sha256" "errors" "fmt" + exec "golang.org/x/sys/execabs" "log" "os" - "os/exec" "os/user" "path/filepath" "strconv" diff --git a/internal/testenv/testenv.go b/internal/testenv/testenv.go index f725b959f8..65b7953df3 100644 --- a/internal/testenv/testenv.go +++ b/internal/testenv/testenv.go @@ -10,9 +10,9 @@ import ( "bytes" "fmt" "go/build" + exec "golang.org/x/sys/execabs" "io/ioutil" "os" - "os/exec" "runtime" "strings" "sync" diff --git a/playground/socket/socket.go b/playground/socket/socket.go index 17b6de3a1b..5e385ebd1b 100644 --- a/playground/socket/socket.go +++ b/playground/socket/socket.go @@ -19,6 +19,7 @@ import ( "errors" "go/parser" "go/token" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "log" @@ -26,7 +27,6 @@ import ( "net/http" "net/url" "os" - "os/exec" "path/filepath" "runtime" "strings" diff --git a/refactor/rename/mvpkg.go b/refactor/rename/mvpkg.go index 7889711227..58fad6be34 100644 --- a/refactor/rename/mvpkg.go +++ b/refactor/rename/mvpkg.go @@ -18,9 +18,9 @@ import ( "go/build" "go/format" "go/token" + exec "golang.org/x/sys/execabs" "log" "os" - "os/exec" "path" "path/filepath" "regexp" diff --git a/refactor/rename/rename.go b/refactor/rename/rename.go index 3651c62bfd..e74e0a6402 100644 --- a/refactor/rename/rename.go +++ b/refactor/rename/rename.go @@ -17,11 +17,11 @@ import ( "go/parser" "go/token" "go/types" + exec "golang.org/x/sys/execabs" "io" "io/ioutil" "log" "os" - "os/exec" "path" "regexp" "sort"