hexec

package
v0.1.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultAuth = Auth{
	Allow: security.MustNewWhitelist(
		"^(dart-)?sass(-embedded)?$",
		"^go$",
		"^npx$",
		"^postcss$",
	),

	OsEnv: security.MustNewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG|SYSTEMDRIVE)$`),
}
View Source
var WithContext = func(ctx context.Context) func(c *commandeer) {
	return func(c *commandeer) {
		c.ctx = ctx
	}
}
View Source
var WithDir = func(dir string) func(c *commandeer) {
	return func(c *commandeer) {
		c.dir = dir
	}
}
View Source
var WithEnviron = func(env []string) func(c *commandeer) {
	return func(c *commandeer) {
		setOrAppend := func(s string) {
			k1, _ := SplitEnvVar(s)
			var found bool
			for i, v := range c.env {
				k2, _ := SplitEnvVar(v)
				if k1 == k2 {
					found = true
					c.env[i] = s
				}
			}

			if !found {
				c.env = append(c.env, s)
			}
		}

		for _, s := range env {
			setOrAppend(s)
		}
	}
}
View Source
var WithStderr = func(w io.Writer) func(c *commandeer) {
	return func(c *commandeer) {
		c.stderr = w
	}
}
View Source
var WithStdin = func(r io.Reader) func(c *commandeer) {
	return func(c *commandeer) {
		c.stdin = r
	}
}
View Source
var WithStdout = func(w io.Writer) func(c *commandeer) {
	return func(c *commandeer) {
		c.stdout = w
	}
}

Functions

func InPath

func InPath(binaryName string) bool

InPath reports whether binaryName is in $PATH.

func IsNotFound

func IsNotFound(err error) bool

IsNotFound reports whether this is an error about a binary not found.

func LookPath

func LookPath(binaryName string) string

LookPath finds the path to binaryName in $PATH. Returns "" if not found.

func SafeCommand

func SafeCommand(name string, arg ...string) (*exec.Cmd, error)

SafeCommand is a wrapper around os/exec Command which uses a LookPath implementation that does not search in current directory before looking in PATH. See https://github.com/cli/safeexec and the linked issues.

func SplitEnvVar

func SplitEnvVar(v string) (string, string)

func ToSecurityMap

func ToSecurityMap(c any) map[string]any

ToSecurityMap converts c to a map with 'security' as the root key.

func ToTOML

func ToTOML(c any) string

ToTOML converts c to TOML with security as the root.

Types

type AccessDeniedError

type AccessDeniedError struct {
	Path     string
	Name     string
	Policies string
}

AccessDeniedError represents a security policy conflict.

func (*AccessDeniedError) Error

func (e *AccessDeniedError) Error() string

type Auth

type Auth struct {
	Allow security.Whitelist `json:"allow"`
	OsEnv security.Whitelist `json:"osEnv"`
}

func (Auth) CheckAllowedExec

func (c Auth) CheckAllowedExec(name string) error

func (Auth) OSEnvAccept

func (c Auth) OSEnvAccept(name string) bool

type Exec

type Exec struct {
	// contains filtered or unexported fields
}

Exec enforces a security policy for commands run via os/exec.

func New

func New() *Exec

New creates a new Exec using the provided security config.

func NewWithAuth

func NewWithAuth(au ExecAuth) *Exec

func (*Exec) New

func (e *Exec) New(name string, arg ...any) (Runner, error)

New will fail if name is not allowed according to the configured security policy. Else a configured Runner will be returned ready to be Run.

func (*Exec) Npx

func (e *Exec) Npx(name string, arg ...any) (Runner, error)

Npx is a convenience method to create a Runner running npx --no-install <name> <args.

func (*Exec) Sec

func (e *Exec) Sec() ExecAuth

Sec returns the security policies this Exec is configured with.

type ExecAuth

type ExecAuth interface {
	CheckAllowedExec(name string) error
	OSEnvAccept(name string) bool
}

type NotFoundError

type NotFoundError struct {
	// contains filtered or unexported fields
}

func (*NotFoundError) Error

func (e *NotFoundError) Error() string

type Runner

type Runner interface {
	Run() error
	StdinPipe() (io.WriteCloser, error)
}

Runner wraps a *os.Cmd.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL