fix(bigtable): replace unsafe exec in cbt (#3591)

Replace exec with execabs in this cbt command due to a vulnerability on Windows. See https://blog.golang.org/path-security for more information.
googleapis · Jan 21, 2021 · 7c1b0c2 · 7c1b0c2
1 parent 85758d3
commit 7c1b0c2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/bigtable/go.mod b/bigtable/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.0.5
 	golang.org/x/mod v0.4.1 // indirect
 	golang.org/x/oauth2 v0.0.0-20210113160501-8b1d76fa0423
+	golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4
 	golang.org/x/tools v0.1.0 // indirect
 	google.golang.org/api v0.36.0
 	google.golang.org/genproto v0.0.0-20210120162456-f5e8c5e2aaf2

diff --git a/bigtable/internal/cbtconfig/cbtconfig.go b/bigtable/internal/cbtconfig/cbtconfig.go
@@ -28,13 +28,13 @@ import (
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"time"
 
 	"golang.org/x/oauth2"
+	"golang.org/x/sys/execabs"
 	"google.golang.org/grpc/credentials"
 )
 
@@ -211,7 +211,7 @@ func (g *GcloudCmdTokenSource) Token() (*oauth2.Token, error) {
 // LoadGcloudConfig retrieves the gcloud configuration values we need use via the
 // 'config-helper' command
 func LoadGcloudConfig(gcloudCmd string, gcloudCmdArgs []string) (*GcloudConfig, error) {
-	out, err := exec.Command(gcloudCmd, gcloudCmdArgs...).Output()
+	out, err := execabs.Command(gcloudCmd, gcloudCmdArgs...).Output()
 	if err != nil {
 		return nil, fmt.Errorf("Could not retrieve gcloud configuration")
 	}