search

docker / docker-credential-helpers

Programs to keep Docker login credentials safe by storing in platform keystores
MIT License
1.06k stars 169 forks source link

remove uses of golang.org/x/sys/execabs #270

Closed thaJeztah closed 1 year ago

thaJeztah commented 1 year ago

the "golang.org/x/sys/execabs" package was introduced to address a security issue on Windows, and changing the default behavior of os/exec was considered a breaking change. go1.19 applied the behavior that was previously implemented in the execabs package;

from the release notes: https://go.dev/doc/go1.19#os-exec-path

Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs.

On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath environment variable, making it possible to disable the default implicit search of “.” in PATH lookups on Windows systems.

With those changes, we no longer need to use the execabs package, and we can switch back to os/exec.

thaJeztah commented 1 year ago

actually; let me change go.mod to go1.19 (as 1.18 doesn't have that fix)

codecov-commenter commented 1 year ago

Codecov Report

Patch and project coverage have no change.

Comparison is base (da93839) 55.55% compared to head (3d84f97) 55.55%.

:exclamation: Current head 3d84f97 differs from pull request most recent head 37c4a6b. Consider uploading reports for the commit 37c4a6b to get more accurate results

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #270 +/- ## ======================================= Coverage 55.55% 55.55% ======================================= Files 9 9 Lines 666 666 ======================================= Hits 370 370 Misses 253 253 Partials 43 43 ``` | [Impacted Files](https://app.codecov.io/gh/docker/docker-credential-helpers/pull/270?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=docker) | Coverage Δ | | |---|---|---| | [client/command.go](https://app.codecov.io/gh/docker/docker-credential-helpers/pull/270?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=docker#diff-Y2xpZW50L2NvbW1hbmQuZ28=) | `0.00% <ø> (ø)` | |

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.