Add quote warning specific to : ${var=val}. Fixes #1084

2018-01-06 10:53:53 -08:00 · 2018-01-06 10:53:53 -08:00 · 3c5c74ff04
parent 9657e8dda3
commit 3c5c74ff04
2 changed files with 21 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,7 @@
+## Latest - ???
+### Added
+- SC2223: Quote warning specific to `: ${var=value}`
+
 ## v0.4.7 - 2017-12-08
 ### Added
 - Statically linked binaries for Linux and Windows (see README.md)!
--- a/ShellCheck/Analytics.hs
+++ b/ShellCheck/Analytics.hs
@ -1617,16 +1617,23 @@ checkSpacefulness params t =
        modify $ Map.insert name bool

    readF _ token name = do
-        spaced <- hasSpaces name
-        return [makeComment InfoC (getId token) 2086 warning |
-                  isExpansion token && spaced
+        spaces <- hasSpaces name
+        return [warning |
+                  isExpansion token && spaces
                  && not (isArrayExpansion token) -- There's another warning for this
                  && not (isCountingReference token)
                  && not (isQuoteFree parents token)
                  && not (isQuotedAlternativeReference token)
                  && not (usedAsCommandName parents token)]
      where
-        warning = "Double quote to prevent globbing and word splitting."
+        warning =
+            if isDefaultAssignment (parentMap params) token
+            then
+                makeComment InfoC (getId token) 2223
+                    "This default assignment may cause DoS due to globbing. Quote it."
+            else
+                makeComment InfoC (getId token) 2086
+                    "Double quote to prevent globbing and word splitting."

    writeF _ _ name (DataString SourceExternal) = setSpaces name True >> return []
    writeF _ _ name (DataString SourceInteger) = setSpaces name False >> return []
@ -1665,6 +1672,12 @@ checkSpacefulness params t =
        globspace = "*?[] \t\n"
        containsAny s = any (`elem` s)

+    isDefaultAssignment parents token =
+        let modifier = getBracedModifier $ bracedString token in
+            isExpansion token
+            && any (`isPrefixOf` modifier) ["=", ":="]
+            && isParamTo parents ":" token
+
 prop_checkQuotesInLiterals1 = verifyTree checkQuotesInLiterals "param='--foo=\"bar\"'; app $param"
 prop_checkQuotesInLiterals1a= verifyTree checkQuotesInLiterals "param=\"--foo='lolbar'\"; app $param"
 prop_checkQuotesInLiterals2 = verifyNotTree checkQuotesInLiterals "param='--foo=\"bar\"'; app \"$param\""