Sign upLogin

librenms/librenms

View on GitHub
Star
scripts/Migration/XML_Conversion/destwork.sh

Summary

Maintainability
Test Coverage

Use a ( subshell ) to avoid having to cd back.
Open

        cd ..;
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Use a ( subshell ) to avoid having to cd back.

Problematic code:

for dir in */
do
  cd "$dir"
  convert index.png index.jpg
  cd ..
done

Correct code:

for dir in */
do
  (
  cd "$dir" || exit
  convert index.png index.jpg
  )
done

or

for dir in */
do
  cd "$dir" || exit
  convert index.png index.jpg
  cd ..
done

Rationale:

When doing cd dir; somestuff; cd .., cd dir can fail when permissions are lacking, if the dir was deleted, or if dir is actually a file.

In this case, somestuff will run in the wrong directory and cd .. will take you to an even more wrong directory. In a loop, this will likely cause the next cd to fail as well, propagating this error and running these commands far away from the intended directories.

Check cds exit status and/or use subshells to limit the effects of cd.

Exceptions

If you set variables you can't use a subshell. In that case, you should definitely check the exit status of cd, which will also silence this suggestion.

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Quote this to prevent word splitting.
Open

        for f in *.xml; do rrdtool restore ${f} `echo ${f} | cut -f1 -d .`.rrd; done;
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Quote this to prevent word splitting

Problematic code:

ls -l $(getfilename)

Correct code:

# getfilename outputs 1 file
ls -l "$(getfilename)"

# getfilename outputs multiple files, linefeed separated
getfilename | while IFS='' read -r line
do
  ls -l "$line"
done

Rationale:

When command expansions are unquoted, word splitting and globbing will occur. This often manifests itself by breaking when filenames contain spaces.

Trying to fix it by adding quotes or escapes to the data will not work. Instead, quote the command substitution itself.

If the command substitution outputs multiple pieces of data, use a loop instead.

Exceptions

In rare cases you actually want word splitting, such as in

gcc $(pkg-config --libs openssl) client.c

This is because pkg-config outputs -lssl -lcrypto, which you want to break up by spaces into -lssl and -lcrypto. An alternative is to put the variables to an array and expand it:

args=( $(pkg-config --libs openssl) )
gcc "${args[@]}" client.c

The power of using an array becomes evident when you want to combine, for example, the command result with user-provided arguments:

compile () {
    args=( $(pkg-config --libs openssl) "${@}" )
    gcc "${args[@]}" client.c
}
compile -DDEBUG
+ gcc -lssl -lcrypto -DDEBUG client.c

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Use ./*glob* or -- *glob* so names with dashes won't become options.
Open

        rm *.xml;
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Use ./*glob* or -- *glob* so names with dashes won't become options.

Problematic code:

rm *

Correct code:

rm ./*

or

rm -- *

Rationale

Since files and arguments are strings passed the same way, programs can't properly determine which is which, and rely on dashes to determine what's what.

A file named -f (touch -- -f) will not be deleted by the problematic code. It will instead be interpreted as a command line option, and rm will even report success.

Using ./* will instead cause the glob to be expanded into ./-f, which no program will treat as an option.

Similarly, -- by convention indicates the end of options, and nothing after it will be treated like flags (except for some programs possibly still special casing - as e.g. stdin).

Note that changing * to ./* in GNU Tar parameters will add ./ prefix to path names in the created archive. This may cause subtle problems (eg. to search for a specific file in archive, the ./ prefix must be specified as well). So using -- * is a safer fix for GNU Tar commands.

For more information, see "Filenames and Pathnames in Shell: How to do it Correctly".

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Double quote to prevent globbing and word splitting.
Open

        for f in *.xml; do rrdtool restore ${f} `echo ${f} | cut -f1 -d .`.rrd; done;
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Double quote to prevent globbing and word splitting.

Problematic code:

echo $1
for i in $*; do :; done # this done and the next one also applies to expanding arrays.
for i in $@; do :; done

Correct code:

echo "$1"
for i in "$@"; do :; done # or, 'for i; do'

Rationale

The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."

The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.

Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.

Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:

$HOME/$dir/dist/bin/$file        # Unquoted (bad)
"$HOME"/"$dir"/dist/bin/"$file"  # Minimal quoting (good)
"$HOME/$dir/dist/bin/$file"      # Canonical quoting (good)

When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.

Note that $( ) starts a new context, and variables in it have to be quoted independently:

echo "This $variable is quoted $(but this $variable is not)"
echo "This $variable is quoted $(and now this "$variable" is too)"

Exceptions

Sometimes you want to split on spaces, like when building a command line:

options="-j 5 -B"
make $options file

Just quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):

options=(-j 5 -B) # ksh: set -A options -- -j 5 -B
make "${options[@]}" file

or a function (POSIX):

make_with_flags() { make -j 5 -B "$@"; }
make_with_flags file

To split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.

Similarly, you might want an optional argument:

debug=""
[[ $1 == "--trace-commands" ]] && debug="-x"
bash $debug script

Quoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:

debug=""
[[ $1 == "--trace-commands" ]] && debug="yes"
bash ${debug:+"-x"} script

This is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.

As always, this warning can be [[ignore]]d on a case-by-case basis.

this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...

FLAGS="-av -e 'ssh -x' --delete --delete-excluded"
...
# shellcheck disable=SC2086
eval rsync $FLAGS ~/dir remote_host:dir

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
Open

    do cd $L_RRDPATH"${line%/*}"
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Use cd ... || exit in case cd fails.

Problematic code:

cd generated_files
rm -r *.c

func(){
  cd foo
  do_something
}

Correct code:

cd generated_files || exit
rm -r *.c

# For functions, you may want to use return:
func(){
  cd foo || return
  do_something
}

Rationale:

cd can fail for a variety of reasons: misspelled paths, missing directories, missing permissions, broken symlinks and more.

If/when it does, the script will keep going and do all its operations in the wrong directory. This can be messy, especially if the operations involve creating or deleting a lot of files.

To avoid this, make sure you handle the cases when cd fails. Ways to do this include

  • cd foo || exit as suggested to just abort immediately
  • if cd foo; then echo "Ok"; else echo "Fail"; fi for custom handling
  • <(cd foo && cmd) as an alternative to <(cd foo || exit; cmd) in <(..), $(..) or ( )

Exceptions:

ShellCheck does not give this warning when cd is on the left of a || or &&, or the condition of a if, while or until loop. Having a set -e command anywhere in the script will disable this message, even though it won't necessarily prevent the issue.

If you are accounting for cd failures in a way shellcheck doesn't realize, you can disable this message with a [[directive]].

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

read without -r will mangle backslashes.
Open

while read line
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

read without -r mangle backslashes

Problematic code:

echo "Enter name:"
read name

Correct code:

echo "Enter name:"
read -r name

Rationale:

By default, read will interpret backslashes before spaces and line feeds, and otherwise strip them. This is rarely expected or desired.

Normally you just want to read data, which is what read -r does. You should always use -r unless you have a good reason not to.

Note that read -r will still strip leading and trailing spaces. IFS="" read -r prevents this.

Exceptions:

If you want backslashes to affect field splitting and line terminators instead of being read, you can disable this message with a [[directive]].

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Double quote to prevent globbing and word splitting.
Open

        for f in *.xml; do rrdtool restore ${f} `echo ${f} | cut -f1 -d .`.rrd; done;
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Double quote to prevent globbing and word splitting.

Problematic code:

echo $1
for i in $*; do :; done # this done and the next one also applies to expanding arrays.
for i in $@; do :; done

Correct code:

echo "$1"
for i in "$@"; do :; done # or, 'for i; do'

Rationale

The first code looks like "print the first argument". It's actually "Split the first argument by IFS (spaces, tabs and line feeds). Expand each of them as if it was a glob. Join all the resulting strings and filenames with spaces. Print the result."

The second one looks like "iterate through all arguments". It's actually "join all the arguments by the first character of IFS (space), split them by IFS and expand each of them as globs, and iterate on the resulting list". The third one skips the joining part.

Quoting variables prevents word splitting and glob expansion, and prevents the script from breaking when input contains spaces, line feeds, glob characters and such.

Strictly speaking, only expansions themselves need to be quoted, but for stylistic reasons, entire arguments with multiple variable and literal parts are often quoted as one:

$HOME/$dir/dist/bin/$file        # Unquoted (bad)
"$HOME"/"$dir"/dist/bin/"$file"  # Minimal quoting (good)
"$HOME/$dir/dist/bin/$file"      # Canonical quoting (good)

When quoting composite arguments, make sure to exclude globs and brace expansions, which lose their special meaning in double quotes: "$HOME/$dir/src/*.c" will not expand, but "$HOME/$dir/src"/*.c will.

Note that $( ) starts a new context, and variables in it have to be quoted independently:

echo "This $variable is quoted $(but this $variable is not)"
echo "This $variable is quoted $(and now this "$variable" is too)"

Exceptions

Sometimes you want to split on spaces, like when building a command line:

options="-j 5 -B"
make $options file

Just quoting this doesn't work. Instead, you should have used an array (bash, ksh, zsh):

options=(-j 5 -B) # ksh: set -A options -- -j 5 -B
make "${options[@]}" file

or a function (POSIX):

make_with_flags() { make -j 5 -B "$@"; }
make_with_flags file

To split on spaces but not perform glob expansion, Posix has a set -f to disable globbing. You can disable word splitting by setting IFS=''.

Similarly, you might want an optional argument:

debug=""
[[ $1 == "--trace-commands" ]] && debug="-x"
bash $debug script

Quoting this doesn't work, since in the default case, "$debug" would expand to one empty argument while $debug would expand into zero arguments. In this case, you can use an array with zero or one elements as outlined above, or you can use an unquoted expansion with an alternate value:

debug=""
[[ $1 == "--trace-commands" ]] && debug="yes"
bash ${debug:+"-x"} script

This is better than an unquoted value because the alternative value can be properly quoted, e.g. wget ${output:+ -o "$output"}.

As always, this warning can be [[ignore]]d on a case-by-case basis.

this is especially relevant when BASH many not be available for the array work around. For example, use in eval or in command options where script has total control of the variables...

FLAGS="-av -e 'ssh -x' --delete --delete-excluded"
...
# shellcheck disable=SC2086
eval rsync $FLAGS ~/dir remote_host:dir

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Use $(..) instead of legacy ...
Open

        for f in *.xml; do rrdtool restore ${f} `echo ${f} | cut -f1 -d .`.rrd; done;
Severity: Minor
Found in scripts/Migration/XML_Conversion/destwork.sh by shellcheck

Use $(STATEMENT) instead of legacy `STATEMENT`

Problematic code

echo "Current time: `date`"

Correct code

echo "Current time: $(date)"

Rationale

Backtick command substitution `STATEMENT` is legacy syntax with several issues.

  1. It has a series of undefined behaviors related to quoting in POSIX.
  2. It imposes a custom escaping mode with surprising results.
  3. It's exceptionally hard to nest.

$(STATEMENT) command substitution has none of these problems, and is therefore strongly encouraged.

Exceptions

None.

See also

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

There are no issues that match your filters.

Category
Status