From 648af6fc2bef10b39d37c6a27d51e7615c0b6c36 Mon Sep 17 00:00:00 2001 From: Gandalf- Date: Sat, 23 Mar 2019 19:41:36 -0700 Subject: [PATCH] Issue 1523 encourage basename '--' usage Addresses issue https://github.com/koalaman/shellcheck/issues/1523 Checks if '--' should be the first argument to basename, to protect against filenames being interpreted as options. --- src/ShellCheck/Checks/Commands.hs | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/ShellCheck/Checks/Commands.hs b/src/ShellCheck/Checks/Commands.hs index 346d880..856bd8b 100644 --- a/src/ShellCheck/Checks/Commands.hs +++ b/src/ShellCheck/Checks/Commands.hs @@ -69,6 +69,7 @@ commandChecks = [ ,checkMkdirDashPM ,checkNonportableSignals ,checkInteractiveSu + ,checkBasename ,checkSshCommandString ,checkPrintfVar ,checkUuoeCmd @@ -496,6 +497,28 @@ checkInteractiveSu = CommandCheck (Basename "su") f undirected _ = True +prop_checkBasename1 = verifyNot checkBasename "basename /path/to/file" +prop_checkBasename2 = verifyNot checkBasename "basename -- -file" +prop_checkBasename3 = verifyNot checkBasename "basename -- $file" +prop_checkBasename4 = verifyNot checkBasename "basename" +prop_checkBasename5 = verify checkBasename "basename $file" +prop_checkBasename6 = verify checkBasename "basename -file" +prop_checkBasename7 = verify checkBasename "basename first -second" +checkBasename = CommandCheck (Basename "basename") f + where + f cmd = + case tail $ oversimplify cmd of + [] -> return () + ("--":_) -> return () + args -> when (any suspicious args) $ + info (getId cmd) 2248 msg + + msg = "Use '--' so that basename will not interpret filenames as options." + + suspicious "--" = False + suspicious arg = any (`isPrefixOf` arg) ["-", "$"] + + -- This is hard to get right without properly parsing ssh args prop_checkSshCmdStr1 = verify checkSshCommandString "ssh host \"echo $PS1\"" prop_checkSshCmdStr2 = verifyNot checkSshCommandString "ssh host \"ls foo\""