XR007

package
v0.28.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2022 License: MPL-2.0 Imports: 3 Imported by: 0

README

XR007

The XR007 analyzer reports usage of the os/exec.Command() function. Providers that are using Go language based SDKs likely want to prevent any execution of other binaries for various reasons such as security and unexpected requirements (e.g. tool installation outside Terraform).

Flagged Code

var sneaky = exec.Command

sneaky("evilprogram")

exec.Command("evilprogram")

Passing Code

// Not present :)

Ignoring Reports

Singular reports can be ignored by adding the a //lintignore:XR007 Go code comment at the end of the offending line or on the line immediately proceding, e.g.

//lintignore:XR007
exec.Command("evilprogram")

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Analyzer = analysisutils.AvoidSelectorExprAnalyzer(
	"XR007",
	osexeccommandcallexpr.Analyzer,
	osexeccommandselectorexpr.Analyzer,
	"os/exec",
	"Command",
)

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.