plumbing: transport/file, replace os/exec with golang.org/x/sys/execa…

…bs to improve path security

go.mod

@@ -21,6 +21,7 @@ require (
 	github.com/xanzy/ssh-agent v0.3.0
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
 	golang.org/x/net v0.0.0-20210326060303-6b1517762897
+	golang.org/x/sys v0.0.0-20210415045647-66c3f260301c // indirect
 	golang.org/x/text v0.3.3
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
 	gopkg.in/warnings.v0 v0.1.2 // indirect

go.sum

@@ -101,6 +101,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210324051608-47abb6519492 h1:Paq34FxTluEPvVyayQqMPgHm+vTOrIifmcYxFBx9TLg=
 golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210415045647-66c3f260301c h1:6L+uOeS3OQt/f4eFHXZcTxeZrGCuz+CLElgEBjbcTA4=
+golang.org/x/sys v0.0.0-20210415045647-66c3f260301c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=

plumbing/transport/file/client.go

@@ -6,12 +6,12 @@ import (
 	"errors"
 	"io"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/internal/common"
+	"golang.org/x/sys/execabs"
 )
 
 // DefaultClient is the default local client.
@@ -36,7 +36,7 @@ func NewClient(uploadPackBin, receivePackBin string) transport.Transport {
 
 func prefixExecPath(cmd string) (string, error) {
 	// Use `git --exec-path` to find the exec path.
-	execCmd := exec.Command("git", "--exec-path")
+	execCmd := execabs.Command("git", "--exec-path")
 
 	stdout, err := execCmd.StdoutPipe()
 	if err != nil {
@@ -54,7 +54,7 @@ func prefixExecPath(cmd string) (string, error) {
 		return "", err
 	}
 	if isPrefix {
-		return "", errors.New("Couldn't read exec-path line all at once")
+		return "", errors.New("couldn't read exec-path line all at once")
 	}
 
 	err = execCmd.Wait()
@@ -66,7 +66,7 @@ func prefixExecPath(cmd string) (string, error) {
 	cmd = filepath.Join(execPath, cmd)
 
 	// Make sure it actually exists.
-	_, err = exec.LookPath(cmd)
+	_, err = execabs.LookPath(cmd)
 	if err != nil {
 		return "", err
 	}
@@ -83,9 +83,9 @@ func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.Auth
 		cmd = r.ReceivePackBin
 	}
 
-	_, err := exec.LookPath(cmd)
+	_, err := execabs.LookPath(cmd)
 	if err != nil {
-		if e, ok := err.(*exec.Error); ok && e.Err == exec.ErrNotFound {
+		if e, ok := err.(*execabs.Error); ok && e.Err == execabs.ErrNotFound {
 			cmd, err = prefixExecPath(cmd)
 			if err != nil {
 				return nil, err
@@ -95,11 +95,11 @@ func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.Auth
 		}
 	}
 
-	return &command{cmd: exec.Command(cmd, ep.Path)}, nil
+	return &command{cmd: execabs.Command(cmd, ep.Path)}, nil
 }
 
 type command struct {
-	cmd          *exec.Cmd
+	cmd          *execabs.Cmd
 	stderrCloser io.Closer
 	closed       bool
 }
@@ -148,7 +148,7 @@ func (c *command) Close() error {
 	}
 
 	// When a repository does not exist, the command exits with code 128.
-	if _, ok := err.(*exec.ExitError); ok {
+	if _, ok := err.(*execabs.ExitError); ok {
 		return nil
 	}