From 8bed447411106fe77817ee6de33b06b5356bd98f Mon Sep 17 00:00:00 2001
From: Vidar Holen <spam@vidarholen.net>
Date: Sat, 22 Nov 2014 12:16:30 -0800
Subject: [PATCH] Warn when trying to find -exec "shell command" \;

---
 ShellCheck/Analytics.hs | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/ShellCheck/Analytics.hs b/ShellCheck/Analytics.hs
index cbe4ef0..c367e0c 100644
--- a/ShellCheck/Analytics.hs
+++ b/ShellCheck/Analytics.hs
@@ -202,6 +202,7 @@ nodeChecks = [
     ,checkConcatenatedDollarAt
     ,checkFindActionPrecedence
     ,checkTildeInPath
+    ,checkFindExecWithSingleArgument
     ]
 
 
@@ -3026,6 +3027,24 @@ checkFindActionPrecedence params = checkCommand "find" (const f)
         return $ param `elem` strs
     warnFor t = warn (getId t) 2146 "This action ignores everything before the -o. Use \\( \\) to group."
 
+
+prop_checkFindExecWithSingleArgument1 = verify checkFindExecWithSingleArgument "find . -exec 'cat {} | wc -l' \\;"
+prop_checkFindExecWithSingleArgument2 = verify checkFindExecWithSingleArgument "find . -execdir 'cat {} | wc -l' +"
+prop_checkFindExecWithSingleArgument3 = verifyNot checkFindExecWithSingleArgument "find . -exec wc -l {} \\;"
+checkFindExecWithSingleArgument _ = checkCommand "find" (const f)
+  where
+    f = void . sequence . mapMaybe check . tails
+    check (exec:arg:term:_) = do
+        execS <- getLiteralString exec
+        termS <- getLiteralString term
+        cmdS <- getLiteralStringExt (const $ return " ") arg
+
+        guard $ execS `elem` ["-exec", "-execdir"] && termS `elem` [";", "+"]
+        guard $ cmdS `matches` commandRegex
+        return $ warn (getId exec) 2150 "-exec does not invoke a shell. Rewrite or use -exec sh -c .. ."
+    check _ = Nothing
+    commandRegex = mkRegex "[ |;]"
+
 return []
 runTests = $quickCheckAll