github/shellcheck
1
0
Fork 0
mirror of https://github.com/koalaman/shellcheck synced 2025-07-06 21:11:35 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Warn about client side expansion in ssh strings/heredocs.

Browse source
This commit is contained in:
Vidar Holen 2013-08-03 21:19:32 -07:00
parent 07b1fd6f44
commit de1fa61560
3 changed files with 37 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

34
ShellCheck/Analytics.hs
View file

@ -129,6 +129,8 @@ basicChecks = [
,checkSpuriousExpansion
,checkUnusedEchoEscapes
,checkDollarBrackets
,checkSshHereDoc
,checkSshCommandString
]
treeChecks = [
checkUnquotedExpansions
@ -1287,6 +1289,38 @@ checkDollarBrackets (T_DollarBracket id _) =
style id "Use $((..)) instead of deprecated $[..]"
checkDollarBrackets _ = return ()
prop_checkSshHereDoc1 = verify checkSshHereDoc "ssh host << foo\necho $PATH\nfoo"
prop_checkSshHereDoc2 = verifyNot checkSshHereDoc "ssh host << 'foo'\necho $PATH\nfoo"
checkSshHereDoc (T_Redirecting _ redirs cmd)
| cmd `isCommand` "ssh" =
mapM_ checkHereDoc redirs
where
hasVariables = mkRegex "[`$]"
checkHereDoc (T_FdRedirect _ _ (T_HereDoc id _ False token str))
| isJust $ matchRegex hasVariables str =
warn id $ "Quote '" ++ token ++ "' to make here document expansions happen on the server side rather than on the client."
checkHereDoc _ = return ()
checkSshHereDoc _ = return ()
-- This is hard to get right without properly parsing ssh args
prop_checkSshCmdStr1 = verify checkSshCommandString "ssh host \"echo $PS1\""
prop_checkSshCmdStr2 = verifyNot checkSshCommandString "ssh host \"ls foo\""
prop_checkSshCmdStr3 = verifyNot checkSshCommandString "ssh \"$host\""
checkSshCommandString = checkCommand "ssh" f
where
nonOptions args =
filter (\x -> not $ "-" `isPrefixOf` (concat $ deadSimple x)) args
f args =
case nonOptions args of
(hostport:r@(_:_)) -> checkArg $ last r
_ -> return ()
checkArg (T_NormalWord _ [T_DoubleQuoted id parts]) =
case filter (not . isConstant) parts of
[] -> return ()
(x:_) -> info (getId x) $
"Note that, unescaped, this expands on the client side."
checkArg _ = return ()
--- Subshell detection
prop_subshellAssignmentCheck = verifyFull subshellAssignmentCheck "cat foo | while read bar; do a=$bar; done; echo \"$a\""