How to ignore the semgrep check in this condition

Question

My code as following:

// nosemgrep: go.lang.security.audit.dangerous-exec-command.dangerous-exec-command
func run(path string) error {
    cmd := exec.Command(path)
    cmd.Stdout = os.Stdout
    cmd.Stderr = os.Stderr
    return cmd.Run()
}

But no help. And the I config a .semgrepignore such as the following:

# Common large paths
launcher/

Nothing help also.

The error when github ci checking is :

  go.lang.security.audit.dangerous-exec-command.dangerous-exec-command     
          Detected non-static command inside Command. Audit the input to        
  'exec.Command'. If unverified                                                 
          user data can reach this call site, this is a code injection          
  vulnerability. A malicious                                                    
          actor can inject a malicious script to execute arbitrary code.        
          Details: https://sg.run/W8lA                                          
                                                                                
           37┆ cmd := exec.Command(path)
                            
  BLOCKING CODE RULES FIRED:
    go.lang.security.audit.dangerous-exec-command.dangerous-exec-command

How to solve?

How to ignore the semgrep check in this condition

0 Answers0