chore: disallow use of exec.Command

exec.Command requires different behavior based on the user's OS, which our helpers already handle.
DopplerHQ · Jul 10, 2023 · 19fe020 · 19fe020
1 parent d211198
commit 19fe020
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/pkg/utils/util.go b/pkg/utils/util.go
@@ -106,7 +106,7 @@ func Cwd() string {
 
 // RunCommand runs the specified command
 func RunCommand(command []string, env []string, inFile *os.File, outFile *os.File, errFile *os.File, forwardSignals bool) (*exec.Cmd, error) {
-	cmd := exec.Command(command[0], command[1:]...) // #nosec G204
+	cmd := exec.Command(command[0], command[1:]...) // #nosec G204 nosemgrep: semgrep_configs.prohibit-exec-command
 	cmd.Env = env
 	cmd.Stdin = inFile
 	cmd.Stdout = outFile
@@ -132,7 +132,7 @@ func RunCommandString(command string, env []string, inFile *os.File, outFile *os
 			}
 		}
 	}
-	cmd := exec.Command(shell[0], shell[1], command) // #nosec G204
+	cmd := exec.Command(shell[0], shell[1], command) // #nosec G204 nosemgrep: semgrep_configs.prohibit-exec-command
 	cmd.Env = env
 	cmd.Stdin = inFile
 	cmd.Stdout = outFile

diff --git a/semgrep_configs/exec.yaml b/semgrep_configs/exec.yaml
@@ -0,0 +1,9 @@
+rules:
+  - id: prohibit-exec-command
+    languages:
+      - go
+    message: >
+      Use utils.RunCommand or utils.RunCommandString to ensure exec is os agnostic.
+    pattern-either:
+      - pattern: exec.Command
+    severity: ERROR