-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: CompileCommand may return extraneous files #281
Conversation
In cases where an argument that is not positional ends with `.go`, the `CompileCommand.GoFiles` function might erroneously return that value as a source file to be compiled. This is for example the case when compiling the `github.com/nats-io/nats.go` package, as the `-p` argument has a value ending in `.go`. To address this, this PR introduces a more reliable arguments parser that uses a generated parser (built using the standard `flag` package) based on the usage documentation found in the output of `go tool <compile|link>`, so that the flags are more clearly identified. This replaces the old arguments parser, which is no longer used.
log.Fatalln("Missing value for required -command flag") | ||
} | ||
|
||
cmd := exec.Command("go", "tool", command) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🟠 Code Vulnerability
Check command call and ensure there is no unsanitized data used. The variable `command` may need to be validated (...read more)
In Go, the exec.Command
function is used to run external commands. Using this function carelessly can lead to command injection vulnerabilities.
Command injection occurs when untrusted input is passed directly to a system shell, allowing an attacker to execute arbitrary commands. This can result in unauthorized access to the system, data leaks, or other security breaches.
To prevent command injection vulnerabilities when using exec.Command
in Go, follow these coding best practices:
- Sanitize User Input: Always validate and sanitize user inputs before passing them to
exec.Command
. Avoid executing commands constructed using user-provided data. - Avoid using Shell Expansion: If possible, pass the command and arguments as separate strings to
exec.Command
. This prevents the shell from interpreting special characters in a potentially malicious way. - Use Absolute Paths: When specifying the command to be executed, use absolute paths for executables whenever possible. This reduces the risk of inadvertently running a similarly named malicious command from the system's PATH.
- Avoid String Concatenation: Refrain from dynamically constructing commands by concatenating strings. Instead, use the
arg ...string
parameter ofexec.Command
to pass arguments safely. - Limit Privileges: Run commands with the least privilege required to carry out the task. Avoid running commands with elevated privileges unnecessarily.
By following these practices, you can reduce the risk of command injection vulnerabilities when using exec.Command
in Go and enhance the security of your application.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This particular case should be fine ^^
14a6359
to
eff6079
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have 2 concerns:
- Are we sure we can trash the unknown arguments just like that?
- I would expect at least 1 unit test of the code generated by the generator, on each go version in our matrix
The generation should be done only with the latest version of the compiler, as this could have more options than a previous one... I'm gonna look at having some meta somewhere that allows to make sure we don't "roll back" to an older compiler version. The defaults being different based on the machine hardware/limits is a little annoying... I wonder what should be done (maybe special-case the known ones that are machine-dependent and just ignore them?) |
log.Fatalln(err) | ||
} | ||
|
||
cmd = exec.Command("go", "tool", command) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🟠 Code Vulnerability
Check command call and ensure there is no unsanitized data used. The variable `command` may need to be validated (...read more)
In Go, the exec.Command
function is used to run external commands. Using this function carelessly can lead to command injection vulnerabilities.
Command injection occurs when untrusted input is passed directly to a system shell, allowing an attacker to execute arbitrary commands. This can result in unauthorized access to the system, data leaks, or other security breaches.
To prevent command injection vulnerabilities when using exec.Command
in Go, follow these coding best practices:
- Sanitize User Input: Always validate and sanitize user inputs before passing them to
exec.Command
. Avoid executing commands constructed using user-provided data. - Avoid using Shell Expansion: If possible, pass the command and arguments as separate strings to
exec.Command
. This prevents the shell from interpreting special characters in a potentially malicious way. - Use Absolute Paths: When specifying the command to be executed, use absolute paths for executables whenever possible. This reduces the risk of inadvertently running a similarly named malicious command from the system's PATH.
- Avoid String Concatenation: Refrain from dynamically constructing commands by concatenating strings. Instead, use the
arg ...string
parameter ofexec.Command
to pass arguments safely. - Limit Privileges: Run commands with the least privilege required to carry out the task. Avoid running commands with elevated privileges unnecessarily.
By following these practices, you can reduce the risk of command injection vulnerabilities when using exec.Command
in Go and enhance the security of your application.
goPackage = requireEnv("GOPACKAGE") | ||
) | ||
|
||
cmd := exec.Command("go", "tool", command, "-V=full") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🟠 Code Vulnerability
Check command call and ensure there is no unsanitized data used. The variable `command` may need to be validated (...read more)
In Go, the exec.Command
function is used to run external commands. Using this function carelessly can lead to command injection vulnerabilities.
Command injection occurs when untrusted input is passed directly to a system shell, allowing an attacker to execute arbitrary commands. This can result in unauthorized access to the system, data leaks, or other security breaches.
To prevent command injection vulnerabilities when using exec.Command
in Go, follow these coding best practices:
- Sanitize User Input: Always validate and sanitize user inputs before passing them to
exec.Command
. Avoid executing commands constructed using user-provided data. - Avoid using Shell Expansion: If possible, pass the command and arguments as separate strings to
exec.Command
. This prevents the shell from interpreting special characters in a potentially malicious way. - Use Absolute Paths: When specifying the command to be executed, use absolute paths for executables whenever possible. This reduces the risk of inadvertently running a similarly named malicious command from the system's PATH.
- Avoid String Concatenation: Refrain from dynamically constructing commands by concatenating strings. Instead, use the
arg ...string
parameter ofexec.Command
to pass arguments safely. - Limit Privileges: Run commands with the least privilege required to carry out the task. Avoid running commands with elevated privileges unnecessarily.
By following these practices, you can reduce the risk of command injection vulnerabilities when using exec.Command
in Go and enhance the security of your application.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(let's fix the CI but) LGTM
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #281 +/- ##
==========================================
- Coverage 78.53% 73.48% -5.05%
==========================================
Files 140 144 +4
Lines 6359 7861 +1502
==========================================
+ Hits 4994 5777 +783
- Misses 955 1655 +700
- Partials 410 429 +19
|
In cases where an argument that is not positional ends with
.go
, theCompileCommand.GoFiles
function might erroneously return that value as a source file to be compiled. This is for example the case when compiling thegithub.com/nats-io/nats.go
package, as the-p
argument has a value ending in.go
.To address this, this PR introduces a more reliable arguments parser that uses a generated parser (built using the standard
flag
package) based on the usage documentation found in the output ofgo tool <compile|link>
, so that the flags are more clearly identified.This replaces the old arguments parser, which is no longer used.