Sign upLogin

ComplianceAsCode/content

View on GitHub
Star
build_product

Summary

Maintainability
Test Coverage

Quote this to prevent word splitting.
Open

    utils/build_profiler.sh `echo "${_arg_product[@]}" | sed 's/ /_/g'`
Severity: Minor
Found in build_product by shellcheck

Quote this to prevent word splitting

Problematic code:

ls -l $(getfilename)

Correct code:

# getfilename outputs 1 file
ls -l "$(getfilename)"

# getfilename outputs multiple files, linefeed separated
getfilename | while IFS='' read -r line
do
  ls -l "$line"
done

Rationale:

When command expansions are unquoted, word splitting and globbing will occur. This often manifests itself by breaking when filenames contain spaces.

Trying to fix it by adding quotes or escapes to the data will not work. Instead, quote the command substitution itself.

If the command substitution outputs multiple pieces of data, use a loop instead.

Exceptions

In rare cases you actually want word splitting, such as in

gcc $(pkg-config --libs openssl) client.c

This is because pkg-config outputs -lssl -lcrypto, which you want to break up by spaces into -lssl and -lcrypto. An alternative is to put the variables to an array and expand it:

args=( $(pkg-config --libs openssl) )
gcc "${args[@]}" client.c

The power of using an array becomes evident when you want to combine, for example, the command result with user-provided arguments:

compile () {
    args=( $(pkg-config --libs openssl) "${@}" )
    gcc "${args[@]}" client.c
}
compile -DDEBUG
+ gcc -lssl -lcrypto -DDEBUG client.c

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

See if you can use ${variable//search/replace} instead.
Open

    utils/build_profiler.sh `echo "${_arg_product[@]}" | sed 's/ /_/g'`
Severity: Minor
Found in build_product by shellcheck

SC2001: See if you can use ${variable//search/replace} instead.

Problematic code:

string="stirng" ; echo "$string" | sed -e "s/ir/ri/"

Correct code:

string="stirng" ; echo "${string//ir/ri}"

Rationale:

Let's assume somewhere earlier in your code you have put data into a variable (Ex: $string). Now you want to do a search and replace inside the contents of $string and echo the contents out. You could pass this to sed as done in the example above, but for simple substitutions utilizing the shell for the same feature is a lot simpler and should be utilized whenever possible.

Exceptions

Occasionally a more complex sed substitution is required. For example, getting the last character of a string.

string="stirng" ; echo "$string" | sed -e "s/^.*\(.\)$/\1/"

This is a bit simple for the example and there are alternative ways of doing this in the shell, but this SC2001 flags on several of my crazy complex sed commands which are beyond the scope of this example. Utilizing some of the more complex capabilities of sed is required occasionally and it is safe to ignore SC2001.

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Use $(..) instead of legacy ...
Open

    utils/build_profiler.sh `echo "${_arg_product[@]}" | sed 's/ /_/g'`
Severity: Minor
Found in build_product by shellcheck

Use $(STATEMENT) instead of legacy `STATEMENT`

Problematic code

echo "Current time: `date`"

Correct code

echo "Current time: $(date)"

Rationale

Backtick command substitution `STATEMENT` is legacy syntax with several issues.

  1. It has a series of undefined behaviors related to quoting in POSIX.
  2. It imposes a custom escaping mode with surprising results.
  3. It's exceptionally hard to nest.

$(STATEMENT) command substitution has none of these problems, and is therefore strongly encouraged.

Exceptions

None.

See also

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

There are no issues that match your filters.

Category
Status