openssl-0.9.7/util/point.sh
Showing 6 of 6 total issues
In POSIX sh, OSTYPE is undefined. Open
Open
if test "$OSTYPE" = msdosdjgpp; then- Read upRead up
- Exclude checks
if test "$OSTYPE" = msdosdjgpp; thenecho $1for i in $*; do :; done # this done and the next one also applies to expanding arrays.for i in $@; do :; doneecho "$1"for i in "$@"; do :; done # or, 'for i; do'The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."
The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.
Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.
Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:
$HOME/$dir/dist/bin/$file # Unquoted (bad)"$HOME"/"$dir"/dist/bin/"$file" # Minimal quoting (good)"$HOME/$dir/dist/bin/$file" # Canonical quoting (good)When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.
Note that $( ) starts a new context, and variables in it have to be quoted independently:
echo "This $variable is quoted $(but this $variable is not)"echo "This $variable is quoted $(and now this "$variable" is too)"Sometimes you want to split on spaces, like when building a command line:
options="-j 5 -B"make $options fileJust quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):
options=(-j 5 -B) # ksh: set -A options -- -j 5 -Bmake "${options[@]}" fileor a function (POSIX):
make_with_flags() { make -j 5 -B "$@"; }make_with_flags fileTo split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.
Similarly, you might want an optional argument:
debug=""[[ $1 == "--trace-commands" ]] && debug="-x"bash $debug scriptQuoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:
debug=""[[ $1 == "--trace-commands" ]] && debug="yes"bash ${debug:+"-x"} scriptThis is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.
As always, this warning can be [[ignore]]d on a case-by-case basis.
this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...
FLAGS="-av -e 'ssh -x' --delete --delete-excluded"...# shellcheck disable=SC2086eval rsync $FLAGS ~/dir remote_host:dirOriginal content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
echo $1for i in $*; do :; done # this done and the next one also applies to expanding arrays.for i in $@; do :; doneecho "$1"for i in "$@"; do :; done # or, 'for i; do'The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."
The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.
Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.
Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:
$HOME/$dir/dist/bin/$file # Unquoted (bad)"$HOME"/"$dir"/dist/bin/"$file" # Minimal quoting (good)"$HOME/$dir/dist/bin/$file" # Canonical quoting (good)When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.
Note that $( ) starts a new context, and variables in it have to be quoted independently:
echo "This $variable is quoted $(but this $variable is not)"echo "This $variable is quoted $(and now this "$variable" is too)"Sometimes you want to split on spaces, like when building a command line:
options="-j 5 -B"make $options fileJust quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):
options=(-j 5 -B) # ksh: set -A options -- -j 5 -Bmake "${options[@]}" fileor a function (POSIX):
make_with_flags() { make -j 5 -B "$@"; }make_with_flags fileTo split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.
Similarly, you might want an optional argument:
debug=""[[ $1 == "--trace-commands" ]] && debug="-x"bash $debug scriptQuoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:
debug=""[[ $1 == "--trace-commands" ]] && debug="yes"bash ${debug:+"-x"} scriptThis is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.
As always, this warning can be [[ignore]]d on a case-by-case basis.
this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...
FLAGS="-av -e 'ssh -x' --delete --delete-excluded"...# shellcheck disable=SC2086eval rsync $FLAGS ~/dir remote_host:dirOriginal content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
echo $1for i in $*; do :; done # this done and the next one also applies to expanding arrays.for i in $@; do :; doneecho "$1"for i in "$@"; do :; done # or, 'for i; do'The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."
The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.
Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.
Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:
$HOME/$dir/dist/bin/$file # Unquoted (bad)"$HOME"/"$dir"/dist/bin/"$file" # Minimal quoting (good)"$HOME/$dir/dist/bin/$file" # Canonical quoting (good)When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.
Note that $( ) starts a new context, and variables in it have to be quoted independently:
echo "This $variable is quoted $(but this $variable is not)"echo "This $variable is quoted $(and now this "$variable" is too)"Sometimes you want to split on spaces, like when building a command line:
options="-j 5 -B"make $options fileJust quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):
options=(-j 5 -B) # ksh: set -A options -- -j 5 -Bmake "${options[@]}" fileor a function (POSIX):
make_with_flags() { make -j 5 -B "$@"; }make_with_flags fileTo split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.
Similarly, you might want an optional argument:
debug=""[[ $1 == "--trace-commands" ]] && debug="-x"bash $debug scriptQuoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:
debug=""[[ $1 == "--trace-commands" ]] && debug="yes"bash ${debug:+"-x"} scriptThis is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.
As always, this warning can be [[ignore]]d on a case-by-case basis.
this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...
FLAGS="-av -e 'ssh -x' --delete --delete-excluded"...# shellcheck disable=SC2086eval rsync $FLAGS ~/dir remote_host:dirOriginal content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
echo $1for i in $*; do :; done # this done and the next one also applies to expanding arrays.for i in $@; do :; doneecho "$1"for i in "$@"; do :; done # or, 'for i; do'The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."
The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.
Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.
Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:
$HOME/$dir/dist/bin/$file # Unquoted (bad)"$HOME"/"$dir"/dist/bin/"$file" # Minimal quoting (good)"$HOME/$dir/dist/bin/$file" # Canonical quoting (good)When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.
Note that $( ) starts a new context, and variables in it have to be quoted independently:
echo "This $variable is quoted $(but this $variable is not)"echo "This $variable is quoted $(and now this "$variable" is too)"Sometimes you want to split on spaces, like when building a command line:
options="-j 5 -B"make $options fileJust quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):
options=(-j 5 -B) # ksh: set -A options -- -j 5 -Bmake "${options[@]}" fileor a function (POSIX):
make_with_flags() { make -j 5 -B "$@"; }make_with_flags fileTo split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.
Similarly, you might want an optional argument:
debug=""[[ $1 == "--trace-commands" ]] && debug="-x"bash $debug scriptQuoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:
debug=""[[ $1 == "--trace-commands" ]] && debug="yes"bash ${debug:+"-x"} scriptThis is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.
As always, this warning can be [[ignore]]d on a case-by-case basis.
this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...
FLAGS="-av -e 'ssh -x' --delete --delete-excluded"...# shellcheck disable=SC2086eval rsync $FLAGS ~/dir remote_host:dirOriginal content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
echo $1for i in $*; do :; done # this done and the next one also applies to expanding arrays.for i in $@; do :; doneecho "$1"for i in "$@"; do :; done # or, 'for i; do'The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."
The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.
Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.
Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:
$HOME/$dir/dist/bin/$file # Unquoted (bad)"$HOME"/"$dir"/dist/bin/"$file" # Minimal quoting (good)"$HOME/$dir/dist/bin/$file" # Canonical quoting (good)When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.
Note that $( ) starts a new context, and variables in it have to be quoted independently:
echo "This $variable is quoted $(but this $variable is not)"echo "This $variable is quoted $(and now this "$variable" is too)"Sometimes you want to split on spaces, like when building a command line:
options="-j 5 -B"make $options fileJust quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):
options=(-j 5 -B) # ksh: set -A options -- -j 5 -Bmake "${options[@]}" fileor a function (POSIX):
make_with_flags() { make -j 5 -B "$@"; }make_with_flags fileTo split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.
Similarly, you might want an optional argument:
debug=""[[ $1 == "--trace-commands" ]] && debug="-x"bash $debug scriptQuoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:
debug=""[[ $1 == "--trace-commands" ]] && debug="yes"bash ${debug:+"-x"} scriptThis is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.
As always, this warning can be [[ignore]]d on a case-by-case basis.
this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...
FLAGS="-av -e 'ssh -x' --delete --delete-excluded"...# shellcheck disable=SC2086eval rsync $FLAGS ~/dir remote_host:dirOriginal content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
You have declared that your script works with /bin/sh, but you are using features that have undefined behavior according to the POSIX specification.
It may currently work for you, but it can or will fail on other OS, the same OS with different configurations, from different contexts (like initramfs/chroot), or in different versions of the same OS, including future updates to your current system.
Either declare that your script requires a specific shell like #!/bin/bash or #!/bin/dash, or rewrite the script in a portable way.
For help with rewrites, the Ubuntu wiki has a list of portability issues that broke people's #!/bin/sh scripts when Ubuntu switched from Bash to Dash. See also Bashism on wooledge's wiki. ShellCheck may not warn about all these issues.
$'c-style-escapes'bash, ksh:
a=$' \t\n'POSIX:
a="$(printf '%b_' ' \t\n')"; a="${a%_}" # protect trailing \nWant some good news? See http://austingroupbugs.net/view.php?id=249#c590.
$"msgid"Bash:
echo $"foo $(bar) baz"POSIX:
. gettext.sh # GNU Gettext sh library# ...barout=$(bar)eval_gettext 'foo $barout baz' # See GNU Gettext doc for more info.Or you can change them to normal double quotes so you go without gettext.
for loopsBash:
for ((init; test; next)); do foo; donePOSIX:
: $((init))while [ $((test)) -ne 0 ]; do foo; : $((next)); doneBash:
printf "%s\n" "$(( 2**63 ))"POSIX:
The POSIX standard does not allow for exponents. However, you can replicate them completely built-in using a POSIX compatible function. As an example, the pow function from here.
pow () { set "$1" "$2" 1 while [ "$2" -gt 0 ]; do set "$1" $(($2-1)) $(($1*$3)) done # %d = signed decimal, %u = unsigned decimal # Either should overflow to 0 printf "%d\n" "$3"}To compare:
$ echo "$(( 2**62 ))"4611686018427387904$ pow 2 624611686018427387904Alternatively, if you don't mind using an external program, you can use bc. Be aware though: bash and other programs may abide by a certain maximum integer that bc does not (for bash that's: 64-bit signed long int, failing back to 32-bit signed long int).
Example:
# Note the overflow that gives a negative number$ echo "$(( 2**63 ))"-9223372036854775808 # No such problem$ echo 2^63 | bc9223372036854775808 # 'bc' just keeps on going$ echo 2^1280 | bc20815864389328798163850480654728171077230524494533409610638224700807\21611934672059602447888346464836968484322790856201558276713249664692\98162798132113546415258482590187784406915463666993231671009459188410\95379622423387354295096957733925002768876520583464697770622321657076\83317005651120933244966378183760369413644440628104205339687097746591\6057756101739472373801429441421111406337458176((..))
Bash:
((a=c+d))((d)) && echo d is true.POSIX:
: $((a=c+d)) # discard the output of the arith expn with `:` command[ $((d)) -ne 0 ] && echo d is true. # manually check non-zero => trueselect loopsIt takes extra care over terminal columns to make select loop look like bash's, which generates a list with multiple items on one line, or like ls.
It is, however, still possible to make a naive translation for select foo in bar baz; do eat; done:
while _i=0 _foo= foo= for _name in bar baz; do echo "$((_i+=1))) $_name"; done printf '$# '; read _foodo case _foo in 1) foo=bar;; 2) foo=baz;; *) continue;; esac eatdoneBash, ksh:
grep aaa <<< "$g"POSIX:
# not exactly the same -- <<< adds a trailing \n if $g doesn't end with \nprintf '%s' "$g" | grep aaaSee https://unix.stackexchange.com/tags/echo/info.
${var/pat/replacement}Bash:
echo "${TERM/%-256*}"POSIX:
echo "$TERM" | sed -e 's/-256.*$//g'# Special case for this since we are matching the end:echo "${TERM%-256*}"printf %qBash:
printf '%q ' "$@"POSIX:
# TODO: Interpret it back to printf escapes for hard-to-copy chars like \t?# See also: http://git.savannah.gnu.org/cgit/libtool.git/tree/gl/build-aux/funclib.sh?id=c60e054#n1029reuse_quote()( for i; do __i_quote=$(printf '%s\n' "$i" | sed -e "s/'/'\\\\''/g"; echo x) printf "'%s'" "${__i_quote%x}" done)reuse_quote "$@"Depends on what your expected POSIX shell providers would use.
Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.