gosec: G204 - Subproccess launched as function arg

G204 doesn't necessarily indicate a bad behaviour. But could help discover potential command injection vector.
2021-12-01 08:57:36 +01:00 · 2021-12-01 08:57:36 +01:00 · eb3fa3e5d4
commit eb3fa3e5d4
parent 0b9372fe0a
4 changed files with 12 additions and 1 deletions
--- a/internal/test/helpers.go
+++ b/internal/test/helpers.go
@ -212,6 +212,9 @@ func SetUpTemporaryRepository() (string, error) {
 	if err != nil {
 		return "", err
 	}
+
+	// There's no potential command injection vector here
+	/* #nosec G204 */
 	cmd := exec.Command("createrepo_c", path.Join(dir))
 	err = cmd.Start()
 	if err != nil {