7x31
/
shellcheck
mirror of https://github.com/koalaman/shellcheck.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added check for functions used with sudo/xargs/etc

This commit is contained in:
Vidar Holen 2013-07-02 21:35:17 -07:00
parent 99be2736a1
commit 5d46c8a53f
1 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
ShellCheck/Analytics.hs
View File

@ -38,6 +38,7 @@ genericChecks = [
,checkSpacefulness ,checkSpacefulness
,checkQuotesInLiterals ,checkQuotesInLiterals
,checkShebang ,checkShebang
,checkFunctionsUsedExternally
] ]
checksFor Sh = map runBasicAnalysis [ checksFor Sh = map runBasicAnalysis [
@ -871,6 +872,11 @@ isCommandMatch token matcher =
Just cmd -> matcher cmd Just cmd -> matcher cmd
Nothing -> False Nothing -> False
getCommandFor word =
case getLiteralString word of
Just str -> reverse . (takeWhile (/= '/')) . reverse $ str
Nothing -> ""
prop_checkPrintfVar1 = verify checkPrintfVar "printf \"Lol: $s\"" prop_checkPrintfVar1 = verify checkPrintfVar "printf \"Lol: $s\""
prop_checkPrintfVar2 = verifyNot checkPrintfVar "printf 'Lol: $s'" prop_checkPrintfVar2 = verifyNot checkPrintfVar "printf 'Lol: $s'"
prop_checkPrintfVar3 = verify checkPrintfVar "printf -v cow $(cmd)" prop_checkPrintfVar3 = verify checkPrintfVar "printf -v cow $(cmd)"
@ -1390,3 +1396,47 @@ checkQuotesInLiterals t =
Note WarningC "Embedded quotes in this variable will not be respected.") Note WarningC "Embedded quotes in this variable will not be respected.")
] ]
else return [] else return []
prop_checkFunctionsUsedExternally1 =
verifyFull checkFunctionsUsedExternally "foo() { :; }; sudo foo"
prop_checkFunctionsUsedExternally2 =
verifyFull checkFunctionsUsedExternally "alias f='a'; xargs -n 1 f"
prop_checkFunctionsUsedExternally3 =
verifyNotFull checkFunctionsUsedExternally "f() { :; }; echo f"
checkFunctionsUsedExternally t =
runBasicAnalysis checkCommand t
where
invokingCmds = [
"chroot",
"find",
"screen",
"ssh",
"su",
"sudo",
"xargs"
]
checkCommand t@(T_SimpleCommand _ _ (cmd:args)) =
let name = getCommandFor cmd in
when (name `elem` invokingCmds) $
mapM_ (checkArg name) args
checkCommand _ = return ()
functions = Map.fromList $ runBasicAnalysis findFunctions t
findFunctions (T_Function id name _) = modify ((name, id):)
findFunctions t@(T_SimpleCommand id _ (_:args))
| t `isUnqualifiedCommand` "alias" = mapM_ getAlias args
findFunctions _ = return ()
getAlias arg =
let string = concat $ deadSimple arg
in when ('=' `elem` string) $
modify ((takeWhile (/= '=') string, getId arg):)
checkArg cmd arg =
case Map.lookup (concat $ deadSimple arg) functions of
Nothing -> return ()
Just id -> do
warn (getId arg) $
"Shell functions can't be passed to external commands."
info id $
"Use own script or sh -c '..' to run this from " ++ cmd ++ "."