Issue 1523 encourage basename '--' usage

Addresses issue https://github.com/koalaman/shellcheck/issues/1523 Checks if '--' should be the first argument to basename, to protect against filenames being interpreted as options.
2025-08-22 06:13:54 -07:00 · 2019-03-23 19:41:36 -07:00 · 2019-03-23 19:41:36 -07:00 · 648af6fc2b
commit 648af6fc2b
parent f514f5f735
1 changed files with 23 additions and 0 deletions
--- a/src/ShellCheck/Checks/Commands.hs
+++ b/src/ShellCheck/Checks/Commands.hs
@ -69,6 +69,7 @@ commandChecks = [
    ,checkMkdirDashPM
    ,checkNonportableSignals
    ,checkInteractiveSu
+    ,checkBasename
    ,checkSshCommandString
    ,checkPrintfVar
    ,checkUuoeCmd
@ -496,6 +497,28 @@ checkInteractiveSu = CommandCheck (Basename "su") f
    undirected _ = True


+prop_checkBasename1 = verifyNot checkBasename "basename /path/to/file"
+prop_checkBasename2 = verifyNot checkBasename "basename -- -file"
+prop_checkBasename3 = verifyNot checkBasename "basename -- $file"
+prop_checkBasename4 = verifyNot checkBasename "basename"
+prop_checkBasename5 = verify checkBasename "basename $file"
+prop_checkBasename6 = verify checkBasename "basename -file"
+prop_checkBasename7 = verify checkBasename "basename first -second"
+checkBasename = CommandCheck (Basename "basename") f
+  where
+    f cmd =
+        case tail $ oversimplify cmd of
+            []       -> return ()
+            ("--":_) -> return ()
+            args     -> when (any suspicious args) $
+                            info (getId cmd) 2248 msg
+
+    msg = "Use '--' so that basename will not interpret filenames as options."
+
+    suspicious "--" = False
+    suspicious arg = any (`isPrefixOf` arg) ["-", "$"]
+
+
 -- This is hard to get right without properly parsing ssh args
 prop_checkSshCmdStr1 = verify checkSshCommandString "ssh host \"echo $PS1\""
 prop_checkSshCmdStr2 = verifyNot checkSshCommandString "ssh host \"ls foo\""