gosec: G204 - Subproccess launched as function arg

G204 doesn't necessarily indicate a bad behaviour. But could help
discover potential command injection vector.

cmd/osbuild-composer-cli-tests/main_test.go

@@ -270,6 +270,8 @@ func getComposeStatus(t *testing.T, uuid uuid.UUID) string {
 }
 
 func getLogs(t *testing.T, uuid uuid.UUID) string {
+	// There's no potential command injection vector here
+	/* #nosec G204 */
 	cmd := exec.Command("composer-cli", "compose", "log", uuid.String())
 	cmd.Stderr = os.Stderr
 	stdoutReader, err := cmd.StdoutPipe()

cmd/osbuild-koji-tests/main_test.go

@@ -196,6 +196,8 @@ func TestKojiImport(t *testing.T) {
 	require.NoError(t, err)
 
 	// check if the build is really there:
+	// There's no potential command injection vector here
+	/* #nosec G204 */
 	cmd := exec.Command(
 		"koji",
 		"--server", server,

internal/boot/netns.go

@@ -90,7 +90,9 @@ func newNetworkNamespace() (NetNS, error) {
 	if err != nil {
 		return "", fmt.Errorf("cannot set up a loopback device in the new namespace: %v", err)
 	}
-
+	
+	// There's no potential command injection vector here
+	/* #nosec G204 */
 	cmd = exec.Command("mount", "-o", "bind", "/proc/self/ns/net", f.Name())
 	cmd.Stderr = os.Stderr
 	cmd.Stdout = os.Stderr
@@ -131,6 +133,8 @@ func (n NetNS) Path() string {
 
 // Delete deletes the namespaces
 func (n NetNS) Delete() error {
+	// There's no potential command injection vector here
+        /* #nosec G204 */
 	cmd := exec.Command("umount", n.Path())
 	cmd.Stderr = os.Stderr
 	cmd.Stdout = os.Stdout

internal/test/helpers.go

@@ -212,6 +212,9 @@ func SetUpTemporaryRepository() (string, error) {
 	if err != nil {
 		return "", err
 	}
+
+	// There's no potential command injection vector here
+	/* #nosec G204 */
 	cmd := exec.Command("createrepo_c", path.Join(dir))
 	err = cmd.Start()
 	if err != nil {