Sign upLogin

cyberark/conjur-api-ruby

View on GitHub
Star
dev/start

Summary

Maintainability
Test Coverage

Declare and assign separately to avoid masking return values.
Open

  local api_key=$(docker compose exec -T conjur rake 'role:retrieve-key[cucumber:user:admin]')
Severity: Minor
Found in dev/start by shellcheck

Declare and assign separately to avoid masking return values.

Problematic code:

export foo="$(mycmd)"

Correct code:

foo=$(mycmd)
export foo

Rationale:

In the original code, the return value of mycmd is ignored, and export will instead always return true. This may prevent conditionals, set -e and traps from working correctly.

When first marked for export and assigned separately, the return value of the assignment will be that of mycmd. This avoids the problem.

Exceptions:

If you intend to ignore the return value of an assignment, you can either ignore this warning or use

foo=$(mycmd) || true
export foo

Shellcheck does not warn about export foo=bar because bar is a literal and not a command substitution with an independent return value. It also does not warn about local -r foo=$(cmd), where declaration and assignment must be in the same command.

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Want to escape a single quote? echo 'This is how it'''s done'.
Open

  docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker compose ps -q gem) bash
Severity: Minor
Found in dev/start by shellcheck

Want to escape a single quote? echo 'This is how it'\''s done'.

(Note: in v0.4.6, the error message was accidentally missing the backslash)

Problematic code:

echo 'This is not how it\'s done'.

Correct code:

echo 'This is how it'\''s done'.

Rationale

In POSIX shell, the shell cares about nothing but another single quote to terminate the quoted segment. Not even backslashes are interpreted.

POSIX.1 Shell Command Language ยง 2.2.2 Single Quotes:

Enclosing characters in single-quotes ( '' ) shall preserve the literal value of each character within the single-quotes. A single-quote cannot occur within single-quotes.

Exceptions

If you want your single quoted string to end in a backslash, you can rewrite as 'string'\\ or [[ignore]] this warning.

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Quote this to prevent word splitting.
Open

  docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker compose ps -q gem) bash
Severity: Minor
Found in dev/start by shellcheck

Quote this to prevent word splitting

Problematic code:

ls -l $(getfilename)

Correct code:

# getfilename outputs 1 file
ls -l "$(getfilename)"

# getfilename outputs multiple files, linefeed separated
getfilename | while IFS='' read -r line
do
  ls -l "$line"
done

Rationale:

When command expansions are unquoted, word splitting and globbing will occur. This often manifests itself by breaking when filenames contain spaces.

Trying to fix it by adding quotes or escapes to the data will not work. Instead, quote the command substitution itself.

If the command substitution outputs multiple pieces of data, use a loop instead.

Exceptions

In rare cases you actually want word splitting, such as in

gcc $(pkg-config --libs openssl) client.c

This is because pkg-config outputs -lssl -lcrypto, which you want to break up by spaces into -lssl and -lcrypto. An alternative is to put the variables to an array and expand it:

args=( $(pkg-config --libs openssl) )
gcc "${args[@]}" client.c

The power of using an array becomes evident when you want to combine, for example, the command result with user-provided arguments:

compile () {
    args=( $(pkg-config --libs openssl) "${@}" )
    gcc "${args[@]}" client.c
}
compile -DDEBUG
+ gcc -lssl -lcrypto -DDEBUG client.c

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

There are no issues that match your filters.

Category
Status