Commit Graph

19 Commits

Author SHA1 Message Date
Tibor Vass 8d199d5bba Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Sebastiaan van Stijn 2c0e93063b
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-23 00:28:55 +01:00
Tonis Tiigi 27b2797f7d Remove docker api dependency from cli/config
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-01-31 21:25:43 +00:00
Euan Kemp 056015c3d8 config/credentials: don't run 'pass' to detect it
'CheckInitialized' in the credential-helper library actually invokes
`pass`, which isn't desirable (see #699).

This moves the check to be simpler, and then pass will only be invoked
when it's needed (such as for `docker login` or when pulling from a
private registry).

This logic could also reasonably live in the credential-helper library,
but it's simple enough it seems fine in either location.

Signed-off-by: Euan Kemp <euank@euank.com>
2018-06-29 11:38:39 -07:00
Vincent Demeester d9741fc96b
Update docker-credential-helpers dependency
This is mainly for the `pass` helper ; `pass` shouldn't be called
every docker command anymore ;).

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-28 14:44:53 +02:00
Vincent Demeester 2c4de4fb5e
Update tests to use gotest.tools 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 18:24:26 +02:00
Vincent Demeester 4290df3958 print a big warning about cleartext passwords
Signed-off-by: Tycho Andersen <tycho@docker.com>
2018-03-26 16:18:32 +02:00
Daniel Nephin baf65a5502 Convert to assert.NilError
Using:

  git grep -l '^\s\+assert\.Check(t, err)$' | \
    xargs sed -i -e 's/^\(\s\+assert\)\.Check(t, err)$/\1.NilError(t, err)/'

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-06 15:27:34 -05:00
Daniel Nephin 681c921528 Remove testutil
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-06 14:38:35 -05:00
Daniel Nephin 39c2ca57c1 Automated migration
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-05 19:41:17 -05:00
Ivan Markin 57c51c8af3 Fix compilation of defaultCredentialStore() on unsupported platforms
Signed-off-by: Ivan Markin <sw@nogoegst.net>
2018-02-10 15:30:32 +00:00
Tycho Andersen 713e87e780 prefer `pass` backend if it is available
Signed-off-by: Tycho Andersen <tycho@docker.com>
2017-09-20 11:15:49 -06:00
Tycho Andersen 4cf1849418 defaultCredentialStore: make this a function
In the next patch, we'll use this to implement some logic about which
password backend to use.

Signed-off-by: Tycho Andersen <tycho@docker.com>
2017-09-20 11:14:27 -06:00
Daniel Nephin 846a31aa50 Use new internal testutil.ErrorContains()
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-22 10:14:25 -04:00
Daniel Nephin 33cbb70270
Cleanup config/credentials, remove dependency on config file.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-27 13:45:50 +02:00
Daniel Nephin a8c70e43a3
Move config file loading to more appropriate packages.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-27 13:45:50 +02:00
Daniel Nephin 3724fb7f37 Add gosimple lint
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-14 16:55:08 -07:00
Daniel Nephin 10641c2aae Update imports.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:07:56 -04:00
Daniel Nephin 1630fc40f8 Import docker/docker/cli
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2017-04-17 17:40:59 -04:00