DockerCLI/cli/command/image
Tibor Vass 48d30b5b32 Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8d199d5bba)
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-28 22:27:59 +00:00
..
build Use golang.org/x/sys/execabs 2021-01-28 22:27:59 +00:00
testdata formatter: reduce minimum width for columns in table-view 2020-08-31 16:31:15 +02:00
build.go build: remove PersistentPreRunE hack for experimental --platform 2020-11-16 14:58:11 +01:00
build_buildkit.go build: display [auth] output 2020-12-02 21:22:36 +00:00
build_session.go cli/command/image/build_session.go:133:45: getBuildSharedKey - result 1 (error) is always nil (unparam) 2019-10-31 19:22:18 +01:00
build_test.go vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06 2020-09-09 15:19:02 +02:00
client_test.go Switch from x/net/context to context 2018-05-11 16:49:43 -07:00
cmd.go Move credential getting functions to the ConfigFile. 2017-06-27 13:46:47 +02:00
formatter_history.go formatter package heavy refactoring 2018-10-23 17:05:44 +02:00
formatter_history_test.go formatter: reduce minimum width for columns in table-view 2020-08-31 16:31:15 +02:00
history.go Replace 'numeric' with object in -q description 2020-03-02 10:28:52 +01:00
history_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
import.go LCOW: --platform on import (already in API) 2018-09-13 15:04:04 -07:00
import_test.go Add test-case for env with, and without = 2020-09-23 20:33:48 +02:00
inspect.go Switch from x/net/context to context 2018-05-11 16:49:43 -07:00
inspect_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
list.go Remove 'images' alias from 'image ls' command 2020-06-15 17:48:43 +02:00
list_test.go Remove 'images' alias from 'image ls' command 2020-06-15 17:48:43 +02:00
load.go Switch from x/net/context to context 2018-05-11 16:49:43 -07:00
load_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
prune.go prune: use filters.Args.Clone() 2018-12-10 16:48:59 +00:00
prune_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
pull.go Add option to pull images quietly 2018-12-19 13:48:41 +01:00
pull_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
push.go implement docker push -a/--all-tags 2020-01-28 16:21:06 +01:00
push_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
remove.go Switch from x/net/context to context 2018-05-11 16:49:43 -07:00
remove_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
save.go Prevent overwriting irregular files (cp, save, export commands) 2019-02-07 09:17:35 +01:00
save_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
tag.go Switch from x/net/context to context 2018-05-11 16:49:43 -07:00
tag_test.go Replace deprecated Cobra command.SetOutput() with command.SetOut() 2020-05-07 14:25:59 +02:00
trust.go implement docker push -a/--all-tags 2020-01-28 16:21:06 +01:00
trust_test.go test: make sure environment vars are reset after tests 2020-04-09 13:40:45 +02:00