hexec

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 19, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultAuth = Auth{
	Allow: security.MustNewWhitelist(
		"^(dart-)?sass(-embedded)?$",
		"^go$",
		"^npx$",
		"^postcss$",
	),

	OsEnv: security.MustNewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG|SYSTEMDRIVE)$`),
}
View Source 
var WithContext = func(ctx context.Context) func(c *commandeer) {
	return func(c *commandeer) {
		c.ctx = ctx
	}
}
View Source 
var WithDir = func(dir string) func(c *commandeer) {
	return func(c *commandeer) {
		c.dir = dir
	}
}
View Source 
var WithEnviron = func(env []string) func(c *commandeer) {
	return func(c *commandeer) {
		setOrAppend := func(s string) {
			k1, _ := SplitEnvVar(s)
			var found bool
			for i, v := range c.env {
				k2, _ := SplitEnvVar(v)
				if k1 == k2 {
					found = true
					c.env[i] = s
				}
			}

			if !found {
				c.env = append(c.env, s)
			}
		}

		for _, s := range env {
			setOrAppend(s)
		}
	}
}
View Source 
var WithStderr = func(w io.Writer) func(c *commandeer) {
	return func(c *commandeer) {
		c.stderr = w
	}
}
View Source 
var WithStdin = func(r io.Reader) func(c *commandeer) {
	return func(c *commandeer) {
		c.stdin = r
	}
}
View Source 
var WithStdout = func(w io.Writer) func(c *commandeer) {
	return func(c *commandeer) {
		c.stdout = w
	}
}

Functions

func InPath 

func InPath(binaryName string) bool

InPath reports whether binaryName is in $PATH.

func IsNotFound 

func IsNotFound(err error) bool

IsNotFound reports whether this is an error about a binary not found.

func LookPath 

func LookPath(binaryName string) string

LookPath finds the path to binaryName in $PATH. Returns "" if not found.

func SafeCommand 

func SafeCommand(name string, arg ...string) (*exec.Cmd, error)

SafeCommand is a wrapper around os/exec Command which uses a LookPath implementation that does not search in current directory before looking in PATH. See https://github.com/cli/safeexec and the linked issues.

func SplitEnvVar 

func SplitEnvVar(v string) (string, string)

func ToSecurityMap 

func ToSecurityMap(c any) map[string]any

ToSecurityMap converts c to a map with 'security' as the root key.

func ToTOML 

func ToTOML(c any) string

ToTOML converts c to TOML with security as the root.

Types

type AccessDeniedError 

type AccessDeniedError struct {
	Path     string
	Name     string
	Policies string
}

AccessDeniedError represents a security policy conflict.

func (*AccessDeniedError) Error 

func (e *AccessDeniedError) Error() string

type Auth 

type Auth struct {
	Allow security.Whitelist `json:"allow"`
	OsEnv security.Whitelist `json:"osEnv"`
}

func (Auth) CheckAllowedExec 

func (c Auth) CheckAllowedExec(name string) error

func (Auth) OSEnvAccept 

func (c Auth) OSEnvAccept(name string) bool

type Exec 

type Exec struct {
	// contains filtered or unexported fields
}

Exec enforces a security policy for commands run via os/exec.

func New 

func New() *Exec

New creates a new Exec using the provided security config.

func NewWithAuth 

func NewWithAuth(au ExecAuth) *Exec

func (*Exec) New 

func (e *Exec) New(name string, arg ...any) (Runner, error)

New will fail if name is not allowed according to the configured security policy. Else a configured Runner will be returned ready to be Run.

func (*Exec) Npx 

func (e *Exec) Npx(name string, arg ...any) (Runner, error)

Npx is a convenience method to create a Runner running npx --no-install <name> <args.

func (*Exec) Sec 

func (e *Exec) Sec() ExecAuth

Sec returns the security policies this Exec is configured with.

type ExecAuth 

type ExecAuth interface {
	CheckAllowedExec(name string) error
	OSEnvAccept(name string) bool
}

type NotFoundError 

type NotFoundError struct {
	// contains filtered or unexported fields
}

func (*NotFoundError) Error 

func (e *NotFoundError) Error() string

type Runner 

type Runner interface {
	Run() error
	StdinPipe() (io.WriteCloser, error)
}

Runner wraps a *os.Cmd.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.