Stable version 0.4.5

This release is dedicated to Google Inc for four great years of
employment and being good sports about hobby projects like this.

.gitignore

@@ -12,4 +12,4 @@ cabal-dev
 .cabal-sandbox/
 cabal.sandbox.config
 cabal.config
-
+.stack-work

.travis.yml

@@ -0,0 +1,21 @@
+sudo: required
+
+language: sh
+
+services:
+  - docker
+
+before_install:
+  - export DOCKER_REPO=koalaman/shellcheck
+  - |-
+    export TAG=$([ "$TRAVIS_BRANCH" == "master" ] && echo "latest" || echo $TRAVIS_BRANCH)
+
+script:
+  - docker build -t builder -f Dockerfile_builder .
+  - docker run --rm -it -v $(pwd):/mnt builder
+  - docker build -t $DOCKER_REPO:$TAG .
+
+after_success:
+  - docker login -e="$DOCKER_EMAIL" -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
+  - |-
+    [ "$TRAVIS_BRANCH" == "master" ] && docker push $DOCKER_REPO:$TAG

Dockerfile

@@ -0,0 +1,11 @@
+FROM alpine:latest
+
+MAINTAINER Nikyle Nguyen <NLKNguyen@MSN.com>
+
+COPY package/bin/shellcheck /usr/local/bin/
+COPY package/lib/           /usr/local/lib/
+
+RUN ldconfig /usr/local/lib
+
+WORKDIR /mnt
+ENTRYPOINT ["shellcheck"]

Dockerfile_builder

@@ -0,0 +1,54 @@
+FROM mitchty/alpine-ghc:latest
+
+MAINTAINER Nikyle Nguyen <NLKNguyen@MSN.com>
+
+RUN apk add --no-cache build-base
+
+RUN mkdir -p /usr/src/shellcheck
+WORKDIR /usr/src/shellcheck
+
+# # ------------------------------------------------------------
+# # Build & Test
+# # ------------------------------------------------------------
+
+# Obtain the dependencies first, which are less likely to change, in order to reduce
+# subsequent build time by leveraging image cache. This benefits developers when they
+# build their code with this image locally. In case of Travis CI, this doesn't help
+# reduce building time because Travis CI doesn't use cache.
+COPY ShellCheck.cabal .
+RUN cabal update && cabal install --only-dependencies
+
+# Copy the rest of the source files, including ShellCheck.cabal again but doesn't matter
+COPY . .
+
+# Build
+RUN cabal install
+
+# Test
+RUN cabal test
+
+# # ------------------------------------------------------------
+# # Set PATH
+# # ------------------------------------------------------------
+
+# Add runtime path to easily reach the executable file. This only exists during build.
+ENV PATH "/root/.cabal/bin:$PATH"
+
+# Make it permanent for someone who login to the container of this image
+RUN echo "export PATH=${PATH}" >>  /etc/profile
+
+# # ------------------------------------------------------------
+# # Extract Binaries
+# # ------------------------------------------------------------
+
+# Get shellcheck binary
+RUN mkdir -p /package/bin/
+RUN cp $(which shellcheck) /package/bin/
+
+# Get shared libraries using magic
+RUN mkdir -p /package/lib/
+RUN ldd $(which shellcheck) | grep "=> /" | awk '{print $3}' | xargs -I '{}' cp -v '{}' /package/lib/
+
+
+# Copy shellcheck package out to mounted directory
+CMD ["cp", "-avr", "/package", "/mnt/"]

README.md

@@ -1,26 +1,67 @@
 # ShellCheck - A shell script static analysis tool
 
-http://www.shellcheck.net
+ShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh shell scripts:
 
-Copyright 2012-2015, Vidar 'koala_man' Holen
+![Screenshot of a terminal showing problematic shell script lines highlighted](doc/terminal.png).
-Licensed under the GNU General Public License, v3
 
-The goals of ShellCheck are:
+The goals of ShellCheck are
 
-  - To point out and clarify typical beginner's syntax issues,
+  - To point out and clarify typical beginner's syntax issues
-    that causes a shell to give cryptic error messages.
+    that cause a shell to give cryptic error messages.
 
-  - To point out and clarify typical intermediate level semantic problems,
+  - To point out and clarify typical intermediate level semantic problems
-    that causes a shell to behave strangely and counter-intuitively.
+    that cause a shell to behave strangely and counter-intuitively.
 
-  - To point out subtle caveats, corner cases and pitfalls, that may cause an
+  - To point out subtle caveats, corner cases and pitfalls that may cause an
     advanced user's otherwise working script to fail under future circumstances.
 
-ShellCheck is written in Haskell, and requires 2 GB of memory to compile.
+See [the gallery of bad code](README.md#user-content-gallery-of-bad-code) for examples of what ShellCheck can help you identify!
+
+
+## How to use
+There are a variety of ways to use ShellCheck!
+
+
+#### On the web
+Paste a shell script on http://www.shellcheck.net for instant feedback.
+
+[ShellCheck.net](http://www.shellcheck.net) is always synchronized to the latest git commit, and is the simplest way to give ShellCheck a go. Tell your friends!
+
+
+#### From your terminal
+Run `shellcheck yourscript` in your terminal for instant output, as seen above.
+
+
+#### In your editor
+
+You can see ShellCheck suggestions directly in a variety of editors.
+
+* Vim, through [Syntastic](https://github.com/scrooloose/syntastic):
+
+![Screenshot of vim showing inlined shellcheck feedback](doc/vim-syntastic.png).
+
+* Emacs, through [Flycheck](https://github.com/flycheck/flycheck):
+
+![Screenshot of emacs showing inlined shellcheck feedback](doc/emacs-flycheck.png).
+
+* Sublime, through [SublimeLinter](https://github.com/SublimeLinter/SublimeLinter-shellcheck).
+
+* Atom, through [Linter](https://github.com/AtomLinter/linter-shellcheck).
+
+* Most other editors, through [GCC error compatibility](shellcheck.1.md#user-content-formats).
+
+
+#### In your build or test suites
+While ShellCheck is mostly intended for interactive use, it can easily be added to builds or test suites.
+
+Use ShellCheck's exit code, or its [CheckStyle compatible XML output](shellcheck.1.md#user-content-formats). There's also a simple JSON output format for easy integration.
+
 
 ## Installing
 
-On systems with Cabal:
+The easiest way to install ShellCheck locally is through your package manager.
+
+On systems with Cabal (installs to `~/.cabal/bin`):
 
     cabal update
     cabal install shellcheck
@@ -29,54 +70,64 @@ On Debian based distros:
 
     apt-get install shellcheck
 
+On Gentoo based distros:
+
+    emerge --ask shellcheck
+
+On Fedora based distros:
+
+    dnf install ShellCheck
+
 On OS X with homebrew:
 
     brew install shellcheck
 
-ShellCheck is also available as an online service:
+On OS X with MacPorts:
 
-    http://www.shellcheck.net
+    port install shellcheck
 
-## Building with Cabal
+On openSUSE:Tumbleweed:
 
-This sections describes how to build ShellCheck from a source directory.
+    zypper in ShellCheck
 
-First, make sure cabal is installed. On Debian based distros:
+On other openSUSE distributions:
 
-    apt-get install cabal-install
+add OBS devel:languages:haskell repository from https://build.opensuse.org/project/repositories/devel:languages:haskell
 
-On Fedora:
+    zypper ar http://download.opensuse.org/repositories/devel:/languages:/haskell/openSUSE_$(version)/devel:languages:haskell.repo
+    zypper in ShellCheck
 
-    yum install cabal-install
+or use OneClickInstall - https://software.opensuse.org/package/ShellCheck
 
-On Mac OS X with homebrew (http://brew.sh/):
 
-    brew install cabal-install
+## Compiling from source
 
-On Mac OS X with MacPorts (http://www.macports.org/):
+This section describes how to build ShellCheck from a source directory. ShellCheck is written in Haskell and requires 2GB of RAM to compile.
 
-    port install hs-cabal-install
 
-On native Windows (https://www.haskell.org/platform/):
+#### Installing Cabal
 
-    Download and install the latest version of the Haskell Platform.
+ShellCheck is built and packaged using Cabal. Install the package `cabal-install` from your system's package manager (with e.g. `apt-get`, `yum`, `zypper` or `brew`).
 
-Let cabal update itself, in case your distro version is outdated:
+On MacPorts, the package is instead called `hs-cabal-install`, while native Windows users should install the latest version of the Haskell platform from https://www.haskell.org/platform/
+
+Verify that `cabal` is installed and update its dependency list with
 
     $ cabal update
-    $ cabal install cabal-install
 
-With cabal installed, cd to the ShellCheck source directory and:
+#### Compiling ShellCheck
+
+`git clone` this repository, and `cd` to the ShellCheck source directory to build/install:
 
     $ cabal install
 
-This will install ShellCheck to your `~/.cabal/bin` directory.
+This will compile ShellCheck and install it to your `~/.cabal/bin` directory.
 
-Add the directory to your `PATH` (for bash, add this to your `~/.bashrc`):
+Add this directory to your `PATH` (for bash, add this to your `~/.bashrc`):
 
     export PATH="$HOME/.cabal/bin:$PATH"
 
-Verify that your PATH is set up correctly:
+Log out and in again, and verify that your PATH is set up correctly:
 
     $ which shellcheck
     ~/.cabal/bin/shellcheck
@@ -93,18 +144,175 @@ In Powershell ISE, you may need to additionally update the output encoding:
 
     > [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
 
-## Running tests
+#### Running tests
 
 To run the unit test suite:
 
-    cabal configure --enable-tests
+    $ cabal test
-    cabal build
+
-    cabal test
+
+## Gallery of bad code
+So what kind of things does ShellCheck look for? Here is an incomplete list of detected issues.
+
+#### Quoting
+
+ShellCheck can recognize several types of incorrect quoting:
+
+    echo $1                           # Unquoted variables
+    find . -name *.ogg                # Unquoted find/grep patterns
+    rm "~/my file.txt"                # Quoted tilde expansion
+    v='--verbose="true"'; cmd $v      # Literal quotes in variables
+    for f in "*.ogg"                  # Incorrectly quoted 'for' loops
+    touch $@                          # Unquoted $@
+    echo 'Don't forget to restart!'   # Singlequote closed by apostrophe
+    echo 'Don\'t try this at home'    # Attempting to escape ' in ''
+    echo 'Path is $PATH'              # Variables in single quotes
+    trap "echo Took ${SECONDS}s" 0    # Prematurely expanded trap
+
+
+#### Conditionals
+
+ShellCheck can recognize many types of incorrect test statements.
+
+    [[ n != 0 ]]                      # Constant test expressions
+    [[ -e *.mpg ]]                    # Existence checks of globs
+    [[ $foo==0 ]]                     # Always true due to missing spaces
+    [[ -n "$foo " ]]                  # Always true due to literals
+    [[ $foo =~ "fo+" ]]               # Quoted regex in =~
+    [ foo =~ re ]                     # Unsupported [ ] operators
+    [ $1 -eq "shellcheck" ]           # Numerical comparison of strings
+    [ $n && $m ]                      # && in [ .. ]
+    [ grep -q foo file ]              # Command without $(..)
+
+
+#### Frequently misused commands
+
+ShellCheck can recognize instances where commands are used incorrectly:
+
+    grep '*foo*' file                 # Globs in regex contexts
+    find . -exec foo {} && bar {} \;  # Prematurely terminated find -exec
+    sudo echo 'Var=42' > /etc/profile # Redirecting sudo
+    time --format=%s sleep 10         # Passing time(1) flags to time builtin
+    while read h; do ssh "$h" uptime  # Commands eating while loop input
+    alias archive='mv $1 /backup'     # Defining aliases with arguments
+    tr -cd '[a-zA-Z0-9]'              # [] around ranges in tr
+    exec foo; echo "Done!"            # Misused 'exec'
+    find -name \*.bak -o -name \*~ -delete  # Implicit precedence in find
+    f() { whoami; }; sudo f           # External use of internal functions
+
+
+#### Common beginner's mistakes
+
+ShellCheck recognizes many common beginner's syntax errors:
+
+    var = 42                          # Spaces around = in assignments
+    $foo=42                           # $ in assignments
+    for $var in *; do ...             # $ in for loop variables
+    var$n="Hello"                     # Wrong indirect assignment
+    echo ${var$n}                     # Wrong indirect reference
+    var=(1, 2, 3)                     # Comma separated arrays
+    echo "Argument 10 is $10"         # Positional parameter misreference
+    if $(myfunction); then ..; fi     # Wrapping commands in $()
+    else if othercondition; then ..   # Using 'else if'
+
+
+#### Style
+
+ShellCheck can make suggestions to improve style:
+
+    [[ -z $(find /tmp | grep mpg) ]]  # Use grep -q instead
+    a >> log; b >> log; c >> log      # Use a redirection block instead
+    echo "The time is `date`"         # Use $() instead
+    cd dir; process *; cd ..;         # Use subshells instead
+    echo $[1+2]                       # Use standard $((..)) instead of old $[]
+    echo $(($RANDOM % 6))             # Don't use $ on variables in $((..))
+    echo "$(date)"                    # Useless use of echo
+    cat file | grep foo               # Useless use of cat
+
+
+#### Data and typing errors
+
+ShellCheck can recognize issues related to data and typing:
+
+    args="$@"                         # Assigning arrays to strings
+    files=(foo bar); echo "$files"    # Referencing arrays as strings
+    printf "%s\n" "Arguments: $@."    # Concatenating strings and arrays.
+    [[ $# > 2 ]]                      # Comparing numbers as strings
+    var=World; echo "Hello " var      # Unused lowercase variables
+    echo "Hello $name"                # Unassigned lowercase variables
+    cmd | read bar; echo $bar         # Assignments in subshells
+
+
+#### Robustness
+
+ShellCheck can make suggestions for improving the robustness of a script:
+
+    rm -rf "$STEAMROOT/"*            # Catastrophic rm
+    touch ./-l; ls *                 # Globs that could become options
+    find . -exec sh -c 'a && b {}' \; # Find -exec shell injection
+    printf "Hello $name"             # Variables in printf format
+    for f in $(ls *.txt); do         # Iterating over ls output
+    export MYVAR=$(cmd)              # Masked exit codes
+
+
+#### Portability
+
+ShellCheck will warn when using features not supported by the shebang. For example, if you set the shebang to `#!/bin/sh`, ShellCheck will warn about portability issues similar to `checkbashisms`:
+
+
+    echo {1..$n}                     # Works in ksh, but not bash/dash/sh
+    echo {1..10}                     # Works in ksh and bash, but not dash/sh
+    echo -n 42                       # Works in ksh, bash and dash, undefined in sh
+    trap 'exit 42' sigint            # Unportable signal spec
+    cmd &> file                      # Unportable redirection operator
+    read foo < /dev/tcp/host/22      # Unportable intercepted files
+    foo-bar() { ..; }                # Undefined/unsupported function name
+    [ $UID = 0 ]                     # Variable undefined in dash/sh
+    local var=value                  # local is undefined in sh
+
+
+#### Miscellaneous
+
+ShellCheck recognizes a menagerie of other issues:
+
+    PS1='\e[0;32m\$\e[0m '            # PS1 colors not in \[..\]
+    PATH="$PATH:~/bin"                # Literal tilde in $PATH
+    rm “file”                         # Unicode quotes
+    echo "Hello world"                # Carriage return / DOS line endings
+    var=42 echo $var                  # Expansion of inlined environment
+    #!/bin/bash -x -e                 # Common shebang errors
+    echo $((n/180*100))               # Unnecessary loss of precision
+    ls *[:digit:].txt                 # Bad character class globs
+    sed 's/foo/bar/' file > file       # Redirecting to input
+
+
+## Testimonials
+
+> At first you're like "shellcheck is awesome" but then you're like "wtf are we still using bash"
+
+Alexander Tarasikov,
+[via Twitter](https://twitter.com/astarasikov/status/568825996532707330)
+
 
 ## Reporting bugs
 
-Please use the Github issue tracker for any bugs or feature suggestions:
+Please use the GitHub issue tracker for any bugs or feature suggestions:
 
 https://github.com/koalaman/shellcheck/issues
 
+
+## Contributing
+
+Please submit patches to code or documentation as GitHub pull requests!
+
+Contributions must be licensed under the GNU GPLv3.
+The contributor retains the copyright.
+
+
+## Copyright
+
+ShellCheck is licensed under the GNU General Public License, v3. A copy of this license is included in the file [LICENSE](LICENSE).
+
+Copyright 2012-2015, Vidar 'koala_man' Holen and contributors.
+
 Happy ShellChecking!

Setup.hs

@@ -8,21 +8,13 @@ import Distribution.Simple (
   simpleUserHooks )
 import Distribution.Simple.Setup ( SDistFlags )
 
--- | This requires the process package from,
+import System.Process ( system )
---
---   https://hackage.haskell.org/package/process
---
-import System.Process ( callCommand )
 
 
--- | This will use almost the default implementation, except we switch
---   out the default pre-sdist hook with our own, 'myPreSDist'.
---
 main = defaultMainWithHooks myHooks
   where
     myHooks = simpleUserHooks { preSDist = myPreSDist }
 
-
 -- | This hook will be executed before e.g. @cabal sdist@. It runs
 --   pandoc to create the man page from shellcheck.1.md. If the pandoc
 --   command is not found, this will fail with an error message:
@@ -35,9 +27,10 @@ main = defaultMainWithHooks myHooks
 --
 myPreSDist :: Args -> SDistFlags -> IO HookedBuildInfo
 myPreSDist _ _ = do
-  putStrLn "Building the man page..."
+  putStrLn "Building the man page (shellcheck.1) with pandoc..."
   putStrLn pandoc_cmd
-  callCommand pandoc_cmd
+  result <- system pandoc_cmd
+  putStrLn $ "pandoc exited with " ++ show result
   return emptyHookedBuildInfo
   where
     pandoc_cmd = "pandoc -s -t man shellcheck.1.md -o shellcheck.1"

ShellCheck.cabal

@@ -1,5 +1,5 @@
 Name:             ShellCheck
-Version:          0.4.1
+Version:          0.4.5
 Synopsis:         Shell script analysis tool
 License:          GPL-3
 License-file:     LICENSE
@@ -7,7 +7,7 @@ Category:         Static Analysis
 Author:           Vidar Holen
 Maintainer:       vidar@vidarholen.net
 Homepage:         http://www.shellcheck.net/
-Build-Type:       Simple
+Build-Type:       Custom
 Cabal-Version:    >= 1.8
 Bug-reports:      https://github.com/koalaman/shellcheck/issues
 Description:
@@ -44,13 +44,17 @@ library
       mtl >= 2.2.1,
       parsec,
       regex-tdfa,
-      QuickCheck >= 2.7.4
+      QuickCheck >= 2.7.4,
+      -- When cabal supports it, move this to setup-depends:
+      process
     exposed-modules:
       ShellCheck.AST
       ShellCheck.ASTLib
       ShellCheck.Analytics
       ShellCheck.Analyzer
+      ShellCheck.AnalyzerLib
       ShellCheck.Checker
+      ShellCheck.Checks.Commands
       ShellCheck.Data
       ShellCheck.Formatter.Format
       ShellCheck.Formatter.CheckStyle

ShellCheck/AST.hs

@@ -21,6 +21,7 @@ module ShellCheck.AST where
 
 import Control.Monad
 import Control.Monad.Identity
+import Text.Parsec
 import qualified ShellCheck.Regex as Re
 
 data Id = Id Int deriving (Show, Eq, Ord)
@@ -34,6 +35,7 @@ data CaseType = CaseBreak | CaseFallThrough | CaseContinue deriving (Show, Eq)
 
 data Token =
     TA_Binary Id String Token Token
+    | TA_Assignment Id String Token Token
     | TA_Expansion Id [Token]
     | TA_Index Id Token
     | TA_Sequence Id [Token]
@@ -49,8 +51,10 @@ data Token =
     | T_AndIf Id (Token) (Token)
     | T_Arithmetic Id Token
     | T_Array Id [Token]
-    | T_IndexedElement Id Token Token
+    | T_IndexedElement Id [Token] Token
-    | T_Assignment Id AssignmentMode String (Maybe Token) Token
+    -- Store the index as string, and parse as arithmetic or string later
+    | T_UnparsedIndex Id SourcePos String
+    | T_Assignment Id AssignmentMode String [Token] Token
     | T_Backgrounded Id Token
     | T_Backticked Id [Token]
     | T_Bang Id
@@ -95,6 +99,7 @@ data Token =
     | T_IfExpression Id [([Token],[Token])] [Token]
     | T_In  Id
     | T_IoFile Id Token Token
+    | T_IoDuplicate Id Token String
     | T_LESSAND Id
     | T_LESSGREAT Id
     | T_Lbrace Id
@@ -129,7 +134,11 @@ data Token =
     | T_Include Id Token Token -- . & source: SimpleCommand T_Script
     deriving (Show)
 
-data Annotation = DisableComment Integer | SourceOverride String deriving (Show, Eq)
+data Annotation =
+    DisableComment Integer
+    | SourceOverride String
+    | ShellOverride String
+    deriving (Show, Eq)
 data ConditionType = DoubleBracket | SingleBracket deriving (Show, Eq)
 
 -- This is an abomination.
@@ -140,7 +149,7 @@ tokenEquals a b = kludge a == kludge b
 instance Eq Token where
     (==) = tokenEquals
 
-analyze :: Monad m => (Token -> m ()) -> (Token -> m ()) -> (Token -> Token) -> Token -> m Token
+analyze :: Monad m => (Token -> m ()) -> (Token -> m ()) -> (Token -> m Token) -> Token -> m Token
 analyze f g i =
     round
   where
@@ -148,7 +157,7 @@ analyze f g i =
         f t
         newT <- delve t
         g t
-        return . i $ newT
+        i newT
     roundAll = mapM round
 
     roundMaybe Nothing = return Nothing
@@ -162,7 +171,7 @@ analyze f g i =
     dll l m v = do
         x <- roundAll l
         y <- roundAll m
-        return $ v x m
+        return $ v x y
     d1 t v = do
         x <- round t
         return $ v x
@@ -181,14 +190,18 @@ analyze f g i =
     delve (T_DollarArithmetic id c) = d1 c $ T_DollarArithmetic id
     delve (T_DollarBracket id c) = d1 c $ T_DollarBracket id
     delve (T_IoFile id op file) = d2 op file $ T_IoFile id
+    delve (T_IoDuplicate id op num) = d1 op $ \x -> T_IoDuplicate id x num
     delve (T_HereString id word) = d1 word $ T_HereString id
     delve (T_FdRedirect id v t) = d1 t $ T_FdRedirect id v
-    delve (T_Assignment id mode var index value) = do
+    delve (T_Assignment id mode var indices value) = do
-        a <- roundMaybe index
+        a <- roundAll indices
         b <- round value
         return $ T_Assignment id mode var a b
     delve (T_Array id t) = dl t $ T_Array id
-    delve (T_IndexedElement id t1 t2) = d2 t1 t2 $ T_IndexedElement id
+    delve (T_IndexedElement id indices t) = do
+        a <- roundAll indices
+        b <- round t
+        return $ T_IndexedElement id a b
     delve (T_Redirecting id redirs cmd) = do
         a <- roundAll redirs
         b <- round cmd
@@ -246,6 +259,7 @@ analyze f g i =
     delve (TC_Noary id typ token) = d1 token $ TC_Noary id typ
 
     delve (TA_Binary id op t1 t2) = d2 t1 t2 $ TA_Binary id op
+    delve (TA_Assignment id op t1 t2) = d2 t1 t2 $ TA_Assignment id op
     delve (TA_Unary id op t1) = d1 t1 $ TA_Unary id op
     delve (TA_Sequence id l) = dl l $ TA_Sequence id
     delve (TA_Trinary id t1 t2 t3) = do
@@ -306,6 +320,7 @@ getId t = case t of
         T_BraceExpansion id _  -> id
         T_DollarBraceCommandExpansion id _  -> id
         T_IoFile id _ _  -> id
+        T_IoDuplicate id _ _  -> id
         T_HereDoc id _ _ _ _ -> id
         T_HereString id _  -> id
         T_FdRedirect id _ _  -> id
@@ -340,6 +355,7 @@ getId t = case t of
         TC_Unary id _ _ _  -> id
         TC_Noary id _ _  -> id
         TA_Binary id _ _ _  -> id
+        TA_Assignment id _ _ _  -> id
         TA_Unary id _ _  -> id
         TA_Sequence id _  -> id
         TA_Trinary id _ _ _  -> id
@@ -356,10 +372,11 @@ getId t = case t of
         T_CoProc id _ _ -> id
         T_CoProcBody id _ -> id
         T_Include id _ _ -> id
+        T_UnparsedIndex id _ _ -> id
 
 blank :: Monad m => Token -> m ()
 blank = const $ return ()
-doAnalysis f = analyze f blank id
+doAnalysis f = analyze f blank (return . id)
-doStackAnalysis startToken endToken = analyze startToken endToken id
+doStackAnalysis startToken endToken = analyze startToken endToken (return . id)
-doTransform i = runIdentity . analyze blank blank i
+doTransform i = runIdentity . analyze blank blank (return . i)
 

ShellCheck/ASTLib.hs

@@ -21,6 +21,7 @@ module ShellCheck.ASTLib where
 
 import ShellCheck.AST
 
+import Control.Monad.Writer
 import Control.Monad
 import Data.List
 import Data.Maybe
@@ -54,6 +55,8 @@ isGlob _ = False
 -- Is this shell word a constant?
 isConstant token =
     case token of
+        -- This ignores some cases like ~"foo":
+        T_NormalWord _ (T_Literal _ ('~':_) : _)  -> False
         T_NormalWord _ l   -> all isConstant l
         T_DoubleQuoted _ l -> all isConstant l
         T_SingleQuoted _ _ -> True
@@ -93,14 +96,17 @@ oversimplify token =
 
 
 -- Turn a SimpleCommand foo -avz --bar=baz into args "a", "v", "z", "bar",
--- each in a tuple of (token, stringFlag).
+-- each in a tuple of (token, stringFlag). Non-flag arguments are added with
+-- stringFlag == "".
 getFlagsUntil stopCondition (T_SimpleCommand _ _ (_:args)) =
-    let textArgs = takeWhile (not . stopCondition . snd) $ map (\x -> (x, concat $ oversimplify x)) args in
+    let tokenAndText = map (\x -> (x, concat $ oversimplify x)) args
-        concatMap flag textArgs
+        (flagArgs, rest) = break (stopCondition . snd) tokenAndText
+    in
+        concatMap flag flagArgs ++ map (\(t, _) -> (t, "")) rest
   where
     flag (x, '-':'-':arg) = [ (x, takeWhile (/= '=') arg) ]
     flag (x, '-':args) = map (\v -> (x, [v])) args
-    flag _ = []
+    flag (x, _) = [ (x, "") ]
 getFlagsUntil _ _ = error "Internal shellcheck error, please report! (getFlags on non-command)"
 
 -- Get all flags in a GNU way, up until --
@@ -191,6 +197,8 @@ isLiteral t = isJust $ getLiteralString t
 -- Turn a NormalWord like foo="bar $baz" into a series of constituent elements like [foo=,bar ,$baz]
 getWordParts (T_NormalWord _ l)   = concatMap getWordParts l
 getWordParts (T_DoubleQuoted _ l) = l
+-- TA_Expansion is basically T_NormalWord for arithmetic expressions
+getWordParts (TA_Expansion _ l)   = concatMap getWordParts l
 getWordParts other                = [other]
 
 -- Return a list of NormalWords that would result from brace expansion
@@ -203,14 +211,32 @@ braceExpand (T_NormalWord id list) = take 1000 $ do
         braceExpand item
     part x = return x
 
--- Maybe get the command name of a token representing a command
+-- Maybe get a SimpleCommand from immediate wrappers like T_Redirections
-getCommandName t =
+getCommand t =
     case t of
-        T_Redirecting _ _ w -> getCommandName w
+        T_Redirecting _ _ w -> getCommand w
-        T_SimpleCommand _ _ (w:_) -> getLiteralString w
+        T_SimpleCommand _ _ (w:_) -> return t
-        T_Annotation _ _ t -> getCommandName t
+        T_Annotation _ _ t -> getCommand t
         otherwise -> Nothing
 
+-- Maybe get the command name of a token representing a command
+getCommandName t = do
+    (T_SimpleCommand _ _ (w:_)) <- getCommand t
+    getLiteralString w
+
+-- If a command substitution is a single command, get its name.
+--  $(date +%s) = Just "date"
+getCommandNameFromExpansion :: Token -> Maybe String
+getCommandNameFromExpansion t =
+    case t of
+        T_DollarExpansion _ [c] -> extract c
+        T_Backticked _ [c] -> extract c
+        T_DollarBraceCommandExpansion _ [c] -> extract c
+        otherwise -> Nothing
+  where
+    extract (T_Pipeline _ _ [cmd]) = getCommandName cmd
+    extract _ = Nothing
+
 -- Get the basename of a token representing a command
 getCommandBasename = liftM basename . getCommandName
   where
@@ -224,8 +250,18 @@ isAssignment t =
         T_Annotation _ _ w -> isAssignment w
         otherwise -> False
 
--- Get the list of commands from tokens that contain them, such as
+isOnlyRedirection t =
--- the body of while loops and if statements.
+    case t of
+        T_Pipeline _ _ [x] -> isOnlyRedirection x
+        T_Annotation _ _ w -> isOnlyRedirection w
+        T_Redirecting _ (_:_) c -> isOnlyRedirection c
+        T_SimpleCommand _ [] [] -> True
+        otherwise -> False
+
+isFunction t = case t of T_Function {} -> True; _ -> False
+
+-- Get the lists of commands from tokens that contain them, such as
+-- the body of while loops or branches of if statements.
 getCommandSequences t =
     case t of
         T_Script _ _ cmds -> [cmds]
@@ -238,3 +274,22 @@ getCommandSequences t =
         T_IfExpression _ thens elses -> map snd thens ++ [elses]
         otherwise -> []
 
+-- Get a list of names of associative arrays
+getAssociativeArrays t =
+    nub . execWriter $ doAnalysis f t
+  where
+    f :: Token -> Writer [String] ()
+    f t@(T_SimpleCommand {}) = fromMaybe (return ()) $ do
+        name <- getCommandName t
+        guard $ name == "declare"
+        let flags = getAllFlags t
+        guard $ elem "A" $ map snd flags
+        let args = map fst . filter ((==) "" . snd) $ flags
+        let names = mapMaybe (getLiteralStringExt nameAssignments) args
+        return $ tell names
+    f _ = return ()
+
+    nameAssignments t =
+        case t of
+            T_Assignment _ _ name _ _ -> return name
+            otherwise -> Nothing

ShellCheck/Analyzer.hs

@@ -19,9 +19,18 @@
 -}
 module ShellCheck.Analyzer (analyzeScript) where
 
-import ShellCheck.Interface
 import ShellCheck.Analytics
+import ShellCheck.AnalyzerLib
+import ShellCheck.Interface
+import Data.List
+import qualified ShellCheck.Checks.Commands
+
 
 -- TODO: Clean up the cruft this is layered on
 analyzeScript :: AnalysisSpec -> AnalysisResult
-analyzeScript = runAnalytics
+analyzeScript spec = AnalysisResult {
+    arComments =
+        filterByAnnotation (asScript spec) . nub $
+            runAnalytics spec
+            ++ ShellCheck.Checks.Commands.runChecks spec
+}

ShellCheck/AnalyzerLib.hs

@@ -0,0 +1,668 @@
+{-
+    Copyright 2012-2015 Vidar Holen
+
+    This file is part of ShellCheck.
+    http://www.vidarholen.net/contents/shellcheck
+
+    ShellCheck is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    ShellCheck is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-}
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE FlexibleContexts #-}
+module ShellCheck.AnalyzerLib where
+import ShellCheck.AST
+import ShellCheck.ASTLib
+import ShellCheck.Data
+import ShellCheck.Interface
+import ShellCheck.Parser
+import ShellCheck.Regex
+
+import Control.Arrow (first)
+import Control.Monad.Identity
+import Control.Monad.Reader
+import Control.Monad.State
+import Control.Monad.Writer
+import Data.Char
+import Data.List
+import Data.Maybe
+import qualified Data.Map as Map
+
+import Test.QuickCheck.All (forAllProperties)
+import Test.QuickCheck.Test (quickCheckWithResult, stdArgs, maxSuccess)
+
+type Analysis = ReaderT Parameters (Writer [TokenComment]) ()
+
+
+data Parameters = Parameters {
+    variableFlow :: [StackData],
+    parentMap :: Map.Map Id Token,
+    shellType :: Shell,
+    shellTypeSpecified :: Bool
+    }
+
+data Scope = SubshellScope String | NoneScope deriving (Show, Eq)
+data StackData =
+    StackScope Scope
+    | StackScopeEnd
+    -- (Base expression, specific position, var name, assigned values)
+    | Assignment (Token, Token, String, DataType)
+    | Reference (Token, Token, String)
+  deriving (Show)
+
+data DataType = DataString DataSource | DataArray DataSource
+  deriving (Show)
+
+data DataSource = SourceFrom [Token] | SourceExternal | SourceDeclaration | SourceInteger
+  deriving (Show)
+
+data VariableState = Dead Token String | Alive deriving (Show)
+
+defaultSpec root = AnalysisSpec {
+    asScript = root,
+    asShellType = Nothing,
+    asExecutionMode = Executed
+}
+
+pScript s =
+  let
+    pSpec = ParseSpec {
+        psFilename = "script",
+        psScript = s
+    }
+  in prRoot . runIdentity $ parseScript (mockedSystemInterface []) pSpec
+
+makeComment :: Severity -> Id -> Code -> String -> TokenComment
+makeComment severity id code note =
+    TokenComment id $ Comment severity code note
+
+addComment note = tell [note]
+
+warn :: MonadWriter [TokenComment] m => Id -> Code -> String -> m ()
+warn  id code str = addComment $ makeComment WarningC id code str
+err   id code str = addComment $ makeComment ErrorC id code str
+info  id code str = addComment $ makeComment InfoC id code str
+style id code str = addComment $ makeComment StyleC id code str
+
+makeParameters spec =
+    let params = Parameters {
+        shellType = fromMaybe (determineShell root) $ asShellType spec,
+        shellTypeSpecified = isJust $ asShellType spec,
+        parentMap = getParentTree root,
+        variableFlow =
+            getVariableFlow (shellType params) (parentMap params) root
+    } in params
+  where root = asScript spec
+
+prop_determineShell0 = determineShell (fromJust $ pScript "#!/bin/sh") == Sh
+prop_determineShell1 = determineShell (fromJust $ pScript "#!/usr/bin/env ksh") == Ksh
+prop_determineShell2 = determineShell (fromJust $ pScript "") == Bash
+prop_determineShell3 = determineShell (fromJust $ pScript "#!/bin/sh -e") == Sh
+prop_determineShell4 = determineShell (fromJust $ pScript
+    "#!/bin/ksh\n#shellcheck shell=sh\nfoo") == Sh
+prop_determineShell5 = determineShell (fromJust $ pScript
+    "#shellcheck shell=sh\nfoo") == Sh
+prop_determineShell6 = determineShell (fromJust $ pScript "#! /bin/sh") == Sh
+determineShell t = fromMaybe Bash $ do
+    shellString <- foldl mplus Nothing $ getCandidates t
+    shellForExecutable shellString
+  where
+    forAnnotation t =
+        case t of
+            (ShellOverride s) -> return s
+            _ -> fail ""
+    getCandidates :: Token -> [Maybe String]
+    getCandidates t@(T_Script {}) = [Just $ fromShebang t]
+    getCandidates (T_Annotation _ annotations s) =
+        map forAnnotation annotations ++
+           [Just $ fromShebang s]
+    fromShebang (T_Script _ s t) = shellFor s
+
+    shellFor s | "/env " `isInfixOf` s = head (drop 1 (words s)++[""])
+    shellFor s | ' ' `elem` s = shellFor $ takeWhile (/= ' ') s
+    shellFor s = reverse . takeWhile (/= '/') . reverse $ s
+
+
+--- Context seeking
+
+getParentTree t =
+    snd . snd $ runState (doStackAnalysis pre post t) ([], Map.empty)
+  where
+    pre t = modify (first ((:) t))
+    post t = do
+        (_:rest, map) <- get
+        case rest of [] -> put (rest, map)
+                     (x:_) -> put (rest, Map.insert (getId t) x map)
+
+getTokenMap t =
+    execState (doAnalysis f t) Map.empty
+  where
+    f t = modify (Map.insert (getId t) t)
+
+
+-- Is this node self quoting for a regular element?
+isQuoteFree = isQuoteFreeNode False
+
+-- Is this node striclty self quoting, for array expansions
+isStrictlyQuoteFree = isQuoteFreeNode True
+
+
+isQuoteFreeNode strict tree t =
+    (isQuoteFreeElement t == Just True) ||
+        head (mapMaybe isQuoteFreeContext (drop 1 $ getPath tree t) ++ [False])
+  where
+    -- Is this node self-quoting in itself?
+    isQuoteFreeElement t =
+        case t of
+            T_Assignment {} -> return True
+            T_FdRedirect {} -> return True
+            _ -> Nothing
+
+    -- Are any subnodes inherently self-quoting?
+    isQuoteFreeContext t =
+        case t of
+            TC_Noary _ DoubleBracket _ -> return True
+            TC_Unary _ DoubleBracket _ _ -> return True
+            TC_Binary _ DoubleBracket _ _ _ -> return True
+            TA_Sequence {} -> return True
+            T_Arithmetic {} -> return True
+            T_Assignment {} -> return True
+            T_Redirecting {} -> return $
+                if strict then False else
+                    -- Not true, just a hack to prevent warning about non-expansion refs
+                    any (isCommand t) ["local", "declare", "typeset", "export", "trap", "readonly"]
+            T_DoubleQuoted _ _ -> return True
+            T_DollarDoubleQuoted _ _ -> return True
+            T_CaseExpression {} -> return True
+            T_HereDoc {} -> return True
+            T_DollarBraced {} -> return True
+            -- When non-strict, pragmatically assume it's desirable to split here
+            T_ForIn {} -> return (not strict)
+            T_SelectIn {} -> return (not strict)
+            _ -> Nothing
+
+isParamTo tree cmd =
+    go
+  where
+    go x = case Map.lookup (getId x) tree of
+                Nothing -> False
+                Just parent -> check parent
+    check t =
+        case t of
+            T_SingleQuoted _ _ -> go t
+            T_DoubleQuoted _ _ -> go t
+            T_NormalWord _ _ -> go t
+            T_SimpleCommand {} -> isCommand t cmd
+            T_Redirecting {} -> isCommand t cmd
+            _ -> False
+
+getClosestCommand tree t =
+    msum . map getCommand $ getPath tree t
+  where
+    getCommand t@(T_Redirecting {}) = return t
+    getCommand _ = Nothing
+
+usedAsCommandName tree token = go (getId token) (tail $ getPath tree token)
+  where
+    go currentId (T_NormalWord id [word]:rest)
+        | currentId == getId word = go id rest
+    go currentId (T_DoubleQuoted id [word]:rest)
+        | currentId == getId word = go id rest
+    go currentId (T_SimpleCommand _ _ (word:_):_)
+        | currentId == getId word = True
+    go _ _ = False
+
+-- A list of the element and all its parents
+getPath tree t = t :
+    case Map.lookup (getId t) tree of
+        Nothing -> []
+        Just parent -> getPath tree parent
+
+isParentOf tree parent child =
+    elem (getId parent) . map getId $ getPath tree child
+
+parents params = getPath (parentMap params)
+
+pathTo t = do
+    parents <- reader parentMap
+    return $ getPath parents t
+
+-- Check whether a word is entirely output from a single command
+tokenIsJustCommandOutput t = case t of
+    T_NormalWord id [T_DollarExpansion _ cmds] -> check cmds
+    T_NormalWord id [T_DoubleQuoted _ [T_DollarExpansion _ cmds]] -> check cmds
+    T_NormalWord id [T_Backticked _ cmds] -> check cmds
+    T_NormalWord id [T_DoubleQuoted _ [T_Backticked _ cmds]] -> check cmds
+    _ -> False
+  where
+    check [x] = not $ isOnlyRedirection x
+    check _ = False
+
+-- TODO: Replace this with a proper Control Flow Graph
+getVariableFlow shell parents t =
+    let (_, stack) = runState (doStackAnalysis startScope endScope t) []
+    in reverse stack
+  where
+    startScope t =
+        let scopeType = leadType shell parents t
+        in do
+            when (scopeType /= NoneScope) $ modify (StackScope scopeType:)
+            when (assignFirst t) $ setWritten t
+
+    endScope t =
+        let scopeType = leadType shell parents t
+        in do
+            setRead t
+            unless (assignFirst t) $ setWritten t
+            when (scopeType /= NoneScope) $ modify (StackScopeEnd:)
+
+    assignFirst (T_ForIn {}) = True
+    assignFirst (T_SelectIn {}) = True
+    assignFirst _ = False
+
+    setRead t =
+        let read    = getReferencedVariables parents t
+        in mapM_ (\v -> modify (Reference v:)) read
+
+    setWritten t =
+        let written = getModifiedVariables t
+        in mapM_ (\v -> modify (Assignment v:)) written
+
+
+leadType shell parents t =
+    case t of
+        T_DollarExpansion _ _  -> SubshellScope "$(..) expansion"
+        T_Backticked _ _  -> SubshellScope "`..` expansion"
+        T_Backgrounded _ _  -> SubshellScope "backgrounding &"
+        T_Subshell _ _  -> SubshellScope "(..) group"
+        T_CoProcBody _ _  -> SubshellScope "coproc"
+        T_Redirecting {}  ->
+            if fromMaybe False causesSubshell
+            then SubshellScope "pipeline"
+            else NoneScope
+        _ -> NoneScope
+  where
+    parentPipeline = do
+        parent <- Map.lookup (getId t) parents
+        case parent of
+            T_Pipeline {} -> return parent
+            _ -> Nothing
+
+    causesSubshell = do
+        (T_Pipeline _ _ list) <- parentPipeline
+        if length list <= 1
+            then return False
+            else if lastCreatesSubshell
+                then return True
+                else return . not $ (getId . head $ reverse list) == getId t
+
+    lastCreatesSubshell =
+        case shell of
+            Bash -> True
+            Dash -> True
+            Sh -> True
+            Ksh -> False
+
+getModifiedVariables t =
+    case t of
+        T_SimpleCommand _ vars [] ->
+            concatMap (\x -> case x of
+                                T_Assignment id _ name _ w  ->
+                                    [(x, x, name, dataTypeFrom DataString w)]
+                                _ -> []
+                      ) vars
+        c@(T_SimpleCommand {}) ->
+            getModifiedVariableCommand c
+
+        TA_Unary _ "++|" var -> maybeToList $ do
+            name <- getLiteralString var
+            return (t, t, name, DataString $ SourceFrom [t])
+        TA_Unary _ "|++" var -> maybeToList $ do
+            name <- getLiteralString var
+            return (t, t, name, DataString $ SourceFrom [t])
+        TA_Assignment _ op lhs rhs -> maybeToList $ do
+            guard $ op `elem` ["=", "*=", "/=", "%=", "+=", "-=", "<<=", ">>=", "&=", "^=", "|="]
+            name <- getLiteralString lhs
+            return (t, t, name, DataString $ SourceFrom [rhs])
+
+        T_DollarBraced _ l -> maybeToList $ do
+            let string = bracedString t
+            let modifier = getBracedModifier string
+            guard $ ":=" `isPrefixOf` modifier
+            return (t, t, getBracedReference string, DataString $ SourceFrom [l])
+
+        t@(T_FdRedirect _ ('{':var) op) -> -- {foo}>&2 modifies foo
+            [(t, t, takeWhile (/= '}') var, DataString SourceInteger) | not $ isClosingFileOp op]
+
+        t@(T_CoProc _ name _) ->
+            [(t, t, fromMaybe "COPROC" name, DataArray SourceInteger)]
+
+        --Points to 'for' rather than variable
+        T_ForIn id str words _ -> [(t, t, str, DataString $ SourceFrom words)]
+        T_SelectIn id str words _ -> [(t, t, str, DataString $ SourceFrom words)]
+        _ -> []
+
+isClosingFileOp op =
+    case op of
+        T_IoFile _ (T_GREATAND _) (T_NormalWord _ [T_Literal _ "-"]) -> True
+        T_IoFile _ (T_LESSAND  _) (T_NormalWord _ [T_Literal _ "-"]) -> True
+        _ -> False
+
+
+-- Consider 'export/declare -x' a reference, since it makes the var available
+getReferencedVariableCommand base@(T_SimpleCommand _ _ (T_NormalWord _ (T_Literal _ x:_):rest)) =
+    case x of
+        "export" -> if "f" `elem` flags
+            then []
+            else concatMap getReference rest
+        "declare" -> if any (`elem` flags) ["x", "p"]
+            then concatMap getReference rest
+            else []
+        "readonly" ->
+            if any (`elem` flags) ["f", "p"]
+            then []
+            else concatMap getReference rest
+        "trap" ->
+            case rest of
+                head:_ -> map (\x -> (head, head, x)) $ getVariablesFromLiteralToken head
+                _ -> []
+        _ -> []
+  where
+    getReference t@(T_Assignment _ _ name _ value) = [(t, t, name)]
+    getReference t@(T_NormalWord _ [T_Literal _ name]) | not ("-" `isPrefixOf` name) = [(t, t, name)]
+    getReference _ = []
+    flags = map snd $ getAllFlags base
+
+getReferencedVariableCommand _ = []
+
+getModifiedVariableCommand base@(T_SimpleCommand _ _ (T_NormalWord _ (T_Literal _ x:_):rest)) =
+   filter (\(_,_,s,_) -> not ("-" `isPrefixOf` s)) $
+    case x of
+        "read" ->
+            let params = map getLiteral rest in
+                catMaybes . takeWhile isJust . reverse $ params
+        "getopts" ->
+            case rest of
+                opts:var:_ -> maybeToList $ getLiteral var
+                _ -> []
+
+        "let" -> concatMap letParamToLiteral rest
+
+        "export" ->
+            if "f" `elem` flags then [] else concatMap getModifierParamString rest
+
+        "declare" -> if any (`elem` flags) ["F", "f", "p"] then [] else declaredVars
+        "typeset" -> declaredVars
+
+        "local" -> concatMap getModifierParamString rest
+        "readonly" ->
+            if any (`elem` flags) ["f", "p"]
+            then []
+            else concatMap getModifierParamString rest
+        "set" -> maybeToList $ do
+            params <- getSetParams rest
+            return (base, base, "@", DataString $ SourceFrom params)
+
+        "printf" -> maybeToList $ getPrintfVariable rest
+
+        "mapfile" -> maybeToList $ getMapfileArray base rest
+        "readarray" -> maybeToList $ getMapfileArray base rest
+
+        _ -> []
+  where
+    flags = map snd $ getAllFlags base
+    stripEquals s = let rest = dropWhile (/= '=') s in
+        if rest == "" then "" else tail rest
+    stripEqualsFrom (T_NormalWord id1 (T_Literal id2 s:rs)) =
+        T_NormalWord id1 (T_Literal id2 (stripEquals s):rs)
+    stripEqualsFrom (T_NormalWord id1 [T_DoubleQuoted id2 [T_Literal id3 s]]) =
+        T_NormalWord id1 [T_DoubleQuoted id2 [T_Literal id3 (stripEquals s)]]
+    stripEqualsFrom t = t
+
+    declaredVars = concatMap (getModifierParam defaultType) rest
+      where
+        defaultType = if any (`elem` flags) ["a", "A"] then DataArray else DataString
+
+    getLiteral t = do
+        s <- getLiteralString t
+        when ("-" `isPrefixOf` s) $ fail "argument"
+        return (base, t, s, DataString SourceExternal)
+
+    getModifierParamString = getModifierParam DataString
+
+    getModifierParam def t@(T_Assignment _ _ name _ value) =
+        [(base, t, name, dataTypeFrom def value)]
+    getModifierParam def t@(T_NormalWord {}) = maybeToList $ do
+        name <- getLiteralString t
+        guard $ isVariableName name
+        return (base, t, name, def SourceDeclaration)
+    getModifierParam _ _ = []
+
+    letParamToLiteral token =
+          if var == ""
+            then []
+            else [(base, token, var, DataString $ SourceFrom [stripEqualsFrom token])]
+        where var = takeWhile isVariableChar $ dropWhile (`elem` "+-") $ concat $ oversimplify token
+
+    getSetParams (t:_:rest) | getLiteralString t == Just "-o" = getSetParams rest
+    getSetParams (t:rest) =
+        let s = getLiteralString t in
+            case s of
+                Just "--" -> return rest
+                Just ('-':_) -> getSetParams rest
+                _ -> return (t:fromMaybe [] (getSetParams rest))
+    getSetParams [] = Nothing
+
+    getPrintfVariable list = f $ map (\x -> (x, getLiteralString x)) list
+      where
+        f ((_, Just "-v") : (t, Just var) : _) = return (base, t, var, DataString $ SourceFrom list)
+        f (_:rest) = f rest
+        f [] = fail "not found"
+
+    -- mapfile has some curious syntax allowing flags plus 0..n variable names
+    -- where only the first non-option one is used if any. Here we cheat and
+    -- just get the last one, if it's a variable name.
+    getMapfileArray base arguments = do
+        lastArg <- listToMaybe (reverse arguments)
+        name <- getLiteralString lastArg
+        guard $ isVariableName name
+        return (base, lastArg, name, DataArray SourceExternal)
+
+getModifiedVariableCommand _ = []
+
+getIndexReferences s = fromMaybe [] $ do
+    match <- matchRegex re s
+    index <- match !!! 0
+    return $ matchAllStrings variableNameRegex index
+  where
+    re = mkRegex "(\\[.*\\])"
+
+getOffsetReferences mods = fromMaybe [] $ do
+    match <- matchRegex re mods
+    offsets <- match !!! 0
+    return $ matchAllStrings variableNameRegex offsets
+  where
+    re = mkRegex "^ *:(.*)"
+
+getReferencedVariables parents t =
+    case t of
+        T_DollarBraced id l -> let str = bracedString t in
+            (t, t, getBracedReference str) :
+                map (\x -> (l, l, x)) (
+                    getIndexReferences str
+                    ++ getOffsetReferences (getBracedModifier str))
+        TA_Expansion id _ ->
+            if isArithmeticAssignment t
+            then []
+            else getIfReference t t
+        T_Assignment id mode str _ word ->
+            [(t, t, str) | mode == Append] ++ specialReferences str t word
+
+        TC_Unary id _ "-v" token -> getIfReference t token
+        TC_Unary id _ "-R" token -> getIfReference t token
+        TC_Binary id DoubleBracket op lhs rhs ->
+            if isDereferencing op
+            then concatMap (getIfReference t) [lhs, rhs]
+            else []
+
+        t@(T_FdRedirect _ ('{':var) op) -> -- {foo}>&- references and closes foo
+            [(t, t, takeWhile (/= '}') var) | isClosingFileOp op]
+        x -> getReferencedVariableCommand x
+  where
+    -- Try to reduce false positives for unused vars only referenced from evaluated vars
+    specialReferences name base word =
+        if name `elem` [
+            "PS1", "PS2", "PS3", "PS4",
+            "PROMPT_COMMAND"
+          ]
+        then
+            map (\x -> (base, base, x)) $
+                getVariablesFromLiteralToken word
+        else []
+
+    literalizer (TA_Index {}) = return ""  -- x[0] becomes a reference of x
+    literalizer _ = Nothing
+
+    getIfReference context token = maybeToList $ do
+            str <- getLiteralStringExt literalizer token
+            guard . not $ null str
+            when (isDigit $ head str) $ fail "is a number"
+            return (context, token, getBracedReference str)
+
+    isDereferencing = (`elem` ["-eq", "-ne", "-lt", "-le", "-gt", "-ge"])
+
+    isArithmeticAssignment t = case getPath parents t of
+        this: TA_Assignment _ "=" lhs _ :_ -> lhs == t
+        _ -> False
+
+dataTypeFrom defaultType v = (case v of T_Array {} -> DataArray; _ -> defaultType) $ SourceFrom [v]
+
+
+--- Command specific checks
+
+isCommand token str = isCommandMatch token (\cmd -> cmd  == str || ('/' : str) `isSuffixOf` cmd)
+isUnqualifiedCommand token str = isCommandMatch token (== str)
+
+isCommandMatch token matcher = fromMaybe False $ do
+    cmd <- getCommandName token
+    return $ matcher cmd
+
+isConfusedGlobRegex ('*':_) = True
+isConfusedGlobRegex [x,'*'] | x /= '\\' = True
+isConfusedGlobRegex _ = False
+
+isVariableStartChar x = x == '_' || isAsciiLower x || isAsciiUpper x
+isVariableChar x = isVariableStartChar x || isDigit x
+variableNameRegex = mkRegex "[_a-zA-Z][_a-zA-Z0-9]*"
+
+prop_isVariableName1 = isVariableName "_fo123"
+prop_isVariableName2 = not $ isVariableName "4"
+prop_isVariableName3 = not $ isVariableName "test: "
+isVariableName (x:r) = isVariableStartChar x && all isVariableChar r
+isVariableName _ = False
+
+getVariablesFromLiteralToken token =
+    getVariablesFromLiteral (fromJust $ getLiteralStringExt (const $ return " ") token)
+
+-- Try to get referenced variables from a literal string like "$foo"
+-- Ignores tons of cases like arithmetic evaluation and array indices.
+prop_getVariablesFromLiteral1 =
+    getVariablesFromLiteral "$foo${bar//a/b}$BAZ" == ["foo", "bar", "BAZ"]
+getVariablesFromLiteral string =
+    map (!! 0) $ matchAllSubgroups variableRegex string
+  where
+    variableRegex = mkRegex "\\$\\{?([A-Za-z0-9_]+)"
+
+prop_getBracedReference1 = getBracedReference "foo" == "foo"
+prop_getBracedReference2 = getBracedReference "#foo" == "foo"
+prop_getBracedReference3 = getBracedReference "#" == "#"
+prop_getBracedReference4 = getBracedReference "##" == "#"
+prop_getBracedReference5 = getBracedReference "#!" == "!"
+prop_getBracedReference6 = getBracedReference "!#" == "#"
+prop_getBracedReference7 = getBracedReference "!foo#?" == "foo"
+prop_getBracedReference8 = getBracedReference "foo-bar" == "foo"
+prop_getBracedReference9 = getBracedReference "foo:-bar" == "foo"
+prop_getBracedReference10= getBracedReference "foo: -1" == "foo"
+prop_getBracedReference11= getBracedReference "!os*" == ""
+prop_getBracedReference12= getBracedReference "!os?bar**" == ""
+prop_getBracedReference13= getBracedReference "foo[bar]" == "foo"
+getBracedReference s = fromMaybe s $
+    nameExpansion s `mplus` takeName noPrefix `mplus` getSpecial noPrefix `mplus` getSpecial s
+  where
+    noPrefix = dropPrefix s
+    dropPrefix (c:rest) = if c `elem` "!#" then rest else c:rest
+    dropPrefix "" = ""
+    takeName s = do
+        let name = takeWhile isVariableChar s
+        guard . not $ null name
+        return name
+    getSpecial (c:_) =
+        if c `elem` "*@#?-$!" then return [c] else fail "not special"
+    getSpecial _ = fail "empty"
+
+    nameExpansion ('!':rest) = do -- e.g. ${!foo*bar*}
+        let suffix = dropWhile isVariableChar rest
+        guard $ suffix /= rest -- e.g. ${!@}
+        first <- suffix !!! 0
+        guard $ first `elem` "*?"
+        return ""
+    nameExpansion _ = Nothing
+
+prop_getBracedModifier1 = getBracedModifier "foo:bar:baz" == ":bar:baz"
+prop_getBracedModifier2 = getBracedModifier "!var:-foo" == ":-foo"
+prop_getBracedModifier3 = getBracedModifier "foo[bar]" == "[bar]"
+getBracedModifier s = fromMaybe "" . listToMaybe $ do
+    let var = getBracedReference s
+    a <- dropModifier s
+    dropPrefix var a
+  where
+    dropPrefix [] t = return t
+    dropPrefix (a:b) (c:d) | a == c = dropPrefix b d
+    dropPrefix _ _ = []
+
+    dropModifier (c:rest) | c `elem` "#!" = [rest, c:rest]
+    dropModifier x = [x]
+
+-- Useful generic functions
+potentially :: Monad m => Maybe (m ()) -> m ()
+potentially = fromMaybe (return ())
+
+headOrDefault _ (a:_) = a
+headOrDefault def _ = def
+
+(!!!) list i =
+    case drop i list of
+        [] -> Nothing
+        (r:_) -> Just r
+
+
+
+filterByAnnotation token =
+    filter (not . shouldIgnore)
+  where
+    idFor (TokenComment id _) = id
+    shouldIgnore note =
+        any (shouldIgnoreFor (getCode note)) $
+            getPath parents (T_Bang $ idFor note)
+    shouldIgnoreFor num (T_Annotation _ anns _) =
+        any hasNum anns
+      where
+        hasNum (DisableComment ts) = num == ts
+        hasNum _ = False
+    shouldIgnoreFor _ (T_Include {}) = True -- Ignore included files
+    shouldIgnoreFor _ _ = False
+    parents = getParentTree token
+    getCode (TokenComment _ (Comment _ c _)) = c
+
+
+return []
+runTests =  $( [| $(forAllProperties) (quickCheckWithResult (stdArgs { maxSuccess = 1 }) ) |])

ShellCheck/Checker.hs

@@ -39,7 +39,7 @@ import Test.QuickCheck.All
 
 tokenToPosition map (TokenComment id c) = fromMaybe fail $ do
     position <- Map.lookup id map
-    return $ PositionedComment position c
+    return $ PositionedComment position position c
   where
     fail = error "Internal shellcheck error: id doesn't exist. Please report!"
 
@@ -65,13 +65,13 @@ checkScript sys spec = do
         return . nub . sortMessages . filter shouldInclude $
             (parseMessages ++ map translator analysisMessages)
 
-    shouldInclude (PositionedComment _ (Comment _ code _)) =
+    shouldInclude (PositionedComment _ _ (Comment _ code _)) =
         code `notElem` csExcludedWarnings spec
 
     sortMessages = sortBy (comparing order)
-    order (PositionedComment pos (Comment severity code message)) =
+    order (PositionedComment pos _ (Comment severity code message)) =
         (posFile pos, posLine pos, posColumn pos, severity, code, message)
-    getPosition (PositionedComment pos _) = pos
+    getPosition (PositionedComment pos _ _) = pos
 
     analysisSpec root =
         AnalysisSpec {
@@ -84,7 +84,7 @@ getErrors sys spec =
     sort . map getCode . crComments $
         runIdentity (checkScript sys spec)
   where
-    getCode (PositionedComment _ (Comment _ code _)) = code
+    getCode (PositionedComment _ _ (Comment _ code _)) = code
 
 check = checkWithIncludes []
 
@@ -147,6 +147,9 @@ prop_canSourceBadSyntax =
 prop_cantSourceDynamic =
     [1090] == checkWithIncludes [("lib", "")] ". \"$1\""
 
+prop_cantSourceDynamic2 =
+    [1090] == checkWithIncludes [("lib", "")] "source ~/foo"
+
 prop_canSourceDynamicWhenRedirected =
     null $ checkWithIncludes [("lib", "")] "#shellcheck source=lib\n. \"$1\""
 

ShellCheck/Checks/Commands.hs

@@ -0,0 +1,623 @@
+{-
+    Copyright 2012-2015 Vidar Holen
+
+    This file is part of ShellCheck.
+    http://www.vidarholen.net/contents/shellcheck
+
+    ShellCheck is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    ShellCheck is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-}
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE FlexibleContexts #-}
+
+-- This module contains checks that examine specific commands by name.
+module ShellCheck.Checks.Commands (runChecks
+    , ShellCheck.Checks.Commands.runTests
+) where
+
+import ShellCheck.AST
+import ShellCheck.ASTLib
+import ShellCheck.AnalyzerLib
+import ShellCheck.Data
+import ShellCheck.Interface
+import ShellCheck.Parser
+import ShellCheck.Regex
+
+import Control.Monad
+import Control.Monad.Reader
+import Control.Monad.Writer
+import Data.Char
+import Data.List
+import Data.Maybe
+import qualified Data.Map as Map
+import Test.QuickCheck.All (forAllProperties)
+import Test.QuickCheck.Test (quickCheckWithResult, stdArgs, maxSuccess)
+
+data CommandName = Exactly String | Basename String
+    deriving (Eq, Ord)
+
+data CommandCheck =
+    CommandCheck CommandName (Token -> Analysis)
+
+nullCheck :: Token -> Analysis
+nullCheck _ = return ()
+
+
+verify :: CommandCheck -> String -> Bool
+verify f s = producesComments f s == Just True
+verifyNot f s = producesComments f s == Just False
+
+producesComments :: CommandCheck -> String -> Maybe Bool
+producesComments f s = do
+        root <- pScript s
+        return . not . null $ runList (defaultSpec root) [f]
+
+composeChecks f g t = do
+    f t
+    g t
+
+arguments (T_SimpleCommand _ _ (cmd:args)) = args
+
+commandChecks :: [CommandCheck]
+commandChecks = [
+    checkTr
+    ,checkFindNameGlob
+    ,checkNeedlessExpr
+    ,checkGrepRe
+    ,checkTrapQuotes
+    ,checkReturn
+    ,checkFindExecWithSingleArgument
+    ,checkUnusedEchoEscapes
+    ,checkInjectableFindSh
+    ,checkFindActionPrecedence
+    ,checkMkdirDashPM
+    ,checkNonportableSignals
+    ,checkInteractiveSu
+    ,checkSshCommandString
+    ,checkPrintfVar
+    ,checkUuoeCmd
+    ,checkSetAssignment
+    ,checkExportedExpansions
+    ,checkAliasesUsesArgs
+    ,checkAliasesExpandEarly
+    ,checkUnsetGlobs
+    ,checkFindWithoutPath
+    ]
+
+buildCommandMap :: [CommandCheck] -> Map.Map CommandName (Token -> Analysis)
+buildCommandMap = foldl' addCheck Map.empty
+  where
+    addCheck map (CommandCheck name function) =
+        Map.insertWith' composeChecks name function map
+
+
+checkCommand :: Map.Map CommandName (Token -> Analysis) -> Token -> Analysis
+checkCommand map t@(T_SimpleCommand id _ (cmd:rest)) = fromMaybe (return ()) $ do
+    name <- getLiteralString cmd
+    return $
+        if '/' `elem` name
+        then
+            Map.findWithDefault nullCheck (Basename $ basename name) map t
+        else do
+            Map.findWithDefault nullCheck (Exactly name) map t
+            Map.findWithDefault nullCheck (Basename name) map t
+
+  where
+    basename = reverse . takeWhile (/= '/') . reverse
+checkCommand _ _ = return ()
+
+runList spec list = notes
+    where
+        root = asScript spec
+        params = makeParameters spec
+        notes = execWriter $ runReaderT (doAnalysis (checkCommand map) root) params
+        map = buildCommandMap list
+
+runChecks spec = runList spec commandChecks
+
+
+prop_checkTr1 = verify checkTr "tr [a-f] [A-F]"
+prop_checkTr2 = verify checkTr "tr 'a-z' 'A-Z'"
+prop_checkTr2a= verify checkTr "tr '[a-z]' '[A-Z]'"
+prop_checkTr3 = verifyNot checkTr "tr -d '[:lower:]'"
+prop_checkTr3a= verifyNot checkTr "tr -d '[:upper:]'"
+prop_checkTr3b= verifyNot checkTr "tr -d '|/_[:upper:]'"
+prop_checkTr4 = verifyNot checkTr "ls [a-z]"
+prop_checkTr5 = verify checkTr "tr foo bar"
+prop_checkTr6 = verify checkTr "tr 'hello' 'world'"
+prop_checkTr8 = verifyNot checkTr "tr aeiou _____"
+prop_checkTr9 = verifyNot checkTr "a-z n-za-m"
+prop_checkTr10= verifyNot checkTr "tr --squeeze-repeats rl lr"
+prop_checkTr11= verifyNot checkTr "tr abc '[d*]'"
+checkTr = CommandCheck (Basename "tr") (mapM_ f . arguments)
+  where
+    f w | isGlob w = -- The user will go [ab] -> '[ab]' -> 'ab'. Fixme?
+        warn (getId w) 2060 "Quote parameters to tr to prevent glob expansion."
+    f word =
+      case getLiteralString word of
+        Just "a-z" -> info (getId word) 2018 "Use '[:lower:]' to support accents and foreign alphabets."
+        Just "A-Z" -> info (getId word) 2019 "Use '[:upper:]' to support accents and foreign alphabets."
+        Just s -> do  -- Eliminate false positives by only looking for dupes in SET2?
+          when (not ("-" `isPrefixOf` s || "[:" `isInfixOf` s) && duplicated s) $
+            info (getId word) 2020 "tr replaces sets of chars, not words (mentioned due to duplicates)."
+          unless ("[:" `isPrefixOf` s) $
+            when ("[" `isPrefixOf` s && "]" `isSuffixOf` s && (length s > 2) && ('*' `notElem` s)) $
+              info (getId word) 2021 "Don't use [] around classes in tr, it replaces literal square brackets."
+        Nothing -> return ()
+
+    duplicated s =
+        let relevant = filter isAlpha s
+        in relevant /= nub relevant
+
+prop_checkFindNameGlob1 = verify checkFindNameGlob "find / -name *.php"
+prop_checkFindNameGlob2 = verify checkFindNameGlob "find / -type f -ipath *(foo)"
+prop_checkFindNameGlob3 = verifyNot checkFindNameGlob "find * -name '*.php'"
+checkFindNameGlob = CommandCheck (Basename "find") (f . arguments)  where
+    acceptsGlob (Just s) = s `elem` [ "-ilname", "-iname", "-ipath", "-iregex", "-iwholename", "-lname", "-name", "-path", "-regex", "-wholename" ]
+    acceptsGlob _ = False
+    f [] = return ()
+    f [x] = return ()
+    f (a:b:r) = do
+        when (acceptsGlob (getLiteralString a) && isGlob b) $ do
+            let (Just s) = getLiteralString a
+            warn (getId b) 2061 $ "Quote the parameter to " ++ s ++ " so the shell won't interpret it."
+        f (b:r)
+
+
+prop_checkNeedlessExpr = verify checkNeedlessExpr "foo=$(expr 3 + 2)"
+prop_checkNeedlessExpr2 = verify checkNeedlessExpr "foo=`echo \\`expr 3 + 2\\``"
+prop_checkNeedlessExpr3 = verifyNot checkNeedlessExpr "foo=$(expr foo : regex)"
+prop_checkNeedlessExpr4 = verifyNot checkNeedlessExpr "foo=$(expr foo \\< regex)"
+checkNeedlessExpr = CommandCheck (Basename "expr") f where
+    f t =
+        when (all (`notElem` exceptions) (words $ arguments t)) $
+            style (getId t) 2003
+                "expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]."
+    -- These operators are hard to replicate in POSIX
+    exceptions = [ ":", "<", ">", "<=", ">=" ]
+    words = mapMaybe getLiteralString
+
+
+prop_checkGrepRe1 = verify checkGrepRe "cat foo | grep *.mp3"
+prop_checkGrepRe2 = verify checkGrepRe "grep -Ev cow*test *.mp3"
+prop_checkGrepRe3 = verify checkGrepRe "grep --regex=*.mp3 file"
+prop_checkGrepRe4 = verifyNot checkGrepRe "grep foo *.mp3"
+prop_checkGrepRe5 = verifyNot checkGrepRe "grep-v  --regex=moo *"
+prop_checkGrepRe6 = verifyNot checkGrepRe "grep foo \\*.mp3"
+prop_checkGrepRe7 = verify checkGrepRe "grep *foo* file"
+prop_checkGrepRe8 = verify checkGrepRe "ls | grep foo*.jpg"
+prop_checkGrepRe9 = verifyNot checkGrepRe "grep '[0-9]*' file"
+prop_checkGrepRe10= verifyNot checkGrepRe "grep '^aa*' file"
+prop_checkGrepRe11= verifyNot checkGrepRe "grep --include=*.png foo"
+
+checkGrepRe = CommandCheck (Basename "grep") (f . arguments) where
+    -- --regex=*(extglob) doesn't work. Fixme?
+    skippable (Just s) = not ("--regex=" `isPrefixOf` s) && "-" `isPrefixOf` s
+    skippable _ = False
+    f [] = return ()
+    f (x:r) | skippable (getLiteralStringExt (const $ return "_") x) = f r
+    f (re:_) = do
+        when (isGlob re) $
+            warn (getId re) 2062 "Quote the grep pattern so the shell won't interpret it."
+        let string = concat $ oversimplify re
+        if isConfusedGlobRegex string then
+            warn (getId re) 2063 "Grep uses regex, but this looks like a glob."
+          else potentially $ do
+            char <- getSuspiciousRegexWildcard string
+            return $ info (getId re) 2022 $
+                "Note that unlike globs, " ++ [char] ++ "* here matches '" ++ [char, char, char] ++ "' but not '" ++ wordStartingWith char ++ "'."
+
+    wordStartingWith c =
+        head . filter ([c] `isPrefixOf`) $ candidates
+      where
+        candidates =
+            sampleWords ++ map (\(x:r) -> toUpper x : r) sampleWords ++ [c:"test"]
+
+    getSuspiciousRegexWildcard str =
+        if not $ str `matches` contra
+        then do
+            match <- matchRegex suspicious str
+            str <- match !!! 0
+            str !!! 0
+        else
+            fail "looks good"
+      where
+        suspicious = mkRegex "([A-Za-z1-9])\\*"
+        contra = mkRegex "[^a-zA-Z1-9]\\*|[][^$+\\\\]"
+
+
+prop_checkTrapQuotes1 = verify checkTrapQuotes "trap \"echo $num\" INT"
+prop_checkTrapQuotes1a= verify checkTrapQuotes "trap \"echo `ls`\" INT"
+prop_checkTrapQuotes2 = verifyNot checkTrapQuotes "trap 'echo $num' INT"
+prop_checkTrapQuotes3 = verify checkTrapQuotes "trap \"echo $((1+num))\" EXIT DEBUG"
+checkTrapQuotes = CommandCheck (Exactly "trap") (f . arguments) where
+    f (x:_) = checkTrap x
+    f _ = return ()
+    checkTrap (T_NormalWord _ [T_DoubleQuoted _ rs]) = mapM_ checkExpansions rs
+    checkTrap _ = return ()
+    warning id = warn id 2064 "Use single quotes, otherwise this expands now rather than when signalled."
+    checkExpansions (T_DollarExpansion id _) = warning id
+    checkExpansions (T_Backticked id _) = warning id
+    checkExpansions (T_DollarBraced id _) = warning id
+    checkExpansions (T_DollarArithmetic id _) = warning id
+    checkExpansions _ = return ()
+
+
+prop_checkReturn1 = verifyNot checkReturn "return"
+prop_checkReturn2 = verifyNot checkReturn "return 1"
+prop_checkReturn3 = verifyNot checkReturn "return $var"
+prop_checkReturn4 = verifyNot checkReturn "return $((a|b))"
+prop_checkReturn5 = verify checkReturn "return -1"
+prop_checkReturn6 = verify checkReturn "return 1000"
+prop_checkReturn7 = verify checkReturn "return 'hello world'"
+checkReturn = CommandCheck (Exactly "return") (f . arguments)
+  where
+    f (first:second:_) =
+        err (getId second) 2151
+            "Only one integer 0-255 can be returned. Use stdout for other data."
+    f [value] =
+        when (isInvalid $ literal value) $
+            err (getId value) 2152
+                "Can only return 0-255. Other data should be written to stdout."
+    f _ = return ()
+
+    isInvalid s = s == "" || any (not . isDigit) s || length s > 5
+        || let value = (read s :: Integer) in value > 255
+
+    literal token = fromJust $ getLiteralStringExt lit token
+    lit (T_DollarBraced {}) = return "0"
+    lit (T_DollarArithmetic {}) = return "0"
+    lit (T_DollarExpansion {}) = return "0"
+    lit (T_Backticked {}) = return "0"
+    lit _ = return "WTF"
+
+
+prop_checkFindExecWithSingleArgument1 = verify checkFindExecWithSingleArgument "find . -exec 'cat {} | wc -l' \\;"
+prop_checkFindExecWithSingleArgument2 = verify checkFindExecWithSingleArgument "find . -execdir 'cat {} | wc -l' +"
+prop_checkFindExecWithSingleArgument3 = verifyNot checkFindExecWithSingleArgument "find . -exec wc -l {} \\;"
+checkFindExecWithSingleArgument = CommandCheck (Basename "find") (f . arguments)
+  where
+    f = void . sequence . mapMaybe check . tails
+    check (exec:arg:term:_) = do
+        execS <- getLiteralString exec
+        termS <- getLiteralString term
+        cmdS <- getLiteralStringExt (const $ return " ") arg
+
+        guard $ execS `elem` ["-exec", "-execdir"] && termS `elem` [";", "+"]
+        guard $ cmdS `matches` commandRegex
+        return $ warn (getId exec) 2150 "-exec does not invoke a shell. Rewrite or use -exec sh -c .. ."
+    check _ = Nothing
+    commandRegex = mkRegex "[ |;]"
+
+
+prop_checkUnusedEchoEscapes1 = verify checkUnusedEchoEscapes "echo 'foo\\nbar\\n'"
+prop_checkUnusedEchoEscapes2 = verifyNot checkUnusedEchoEscapes "echo -e 'foi\\nbar'"
+prop_checkUnusedEchoEscapes3 = verify checkUnusedEchoEscapes "echo \"n:\\t42\""
+prop_checkUnusedEchoEscapes4 = verifyNot checkUnusedEchoEscapes "echo lol"
+prop_checkUnusedEchoEscapes5 = verifyNot checkUnusedEchoEscapes "echo -n -e '\n'"
+checkUnusedEchoEscapes = CommandCheck (Basename "echo") (f . arguments)
+  where
+    isDashE = mkRegex "^-.*e"
+    hasEscapes = mkRegex "\\\\[rnt]"
+    f args | concat (concatMap oversimplify allButLast) `matches` isDashE =
+        return ()
+      where allButLast = reverse . drop 1 . reverse $ args
+    f args = mapM_ checkEscapes args
+
+    checkEscapes (T_NormalWord _ args) =
+        mapM_ checkEscapes args
+    checkEscapes (T_DoubleQuoted id args) =
+        mapM_ checkEscapes args
+    checkEscapes (T_Literal id str) = examine id str
+    checkEscapes (T_SingleQuoted id str) = examine id str
+    checkEscapes _ = return ()
+
+    examine id str =
+        when (str `matches` hasEscapes) $
+            info id 2028 "echo won't expand escape sequences. Consider printf."
+
+
+prop_checkInjectableFindSh1 = verify checkInjectableFindSh "find . -exec sh -c 'echo {}' \\;"
+prop_checkInjectableFindSh2 = verify checkInjectableFindSh "find . -execdir bash -c 'rm \"{}\"' ';'"
+prop_checkInjectableFindSh3 = verifyNot checkInjectableFindSh "find . -exec sh -c 'rm \"$@\"' _ {} \\;"
+checkInjectableFindSh = CommandCheck (Basename "find") (check . arguments)
+  where
+    check args = do
+        let idStrings = map (\x -> (getId x, onlyLiteralString x)) args
+        match pattern idStrings
+
+    match _ [] = return ()
+    match [] (next:_) = action next
+    match (p:tests) ((id, arg):args) = do
+        when (p arg) $ match tests args
+        match (p:tests) args
+
+    pattern = [
+        (`elem` ["-exec", "-execdir"]),
+        (`elem` ["sh", "bash", "ksh"]),
+        (== "-c")
+        ]
+    action (id, arg) =
+        when ("{}" `isInfixOf` arg) $
+            warn id 2156 "Injecting filenames is fragile and insecure. Use parameters."
+
+
+prop_checkFindActionPrecedence1 = verify checkFindActionPrecedence "find . -name '*.wav' -o -name '*.au' -exec rm {} +"
+prop_checkFindActionPrecedence2 = verifyNot checkFindActionPrecedence "find . -name '*.wav' -o \\( -name '*.au' -exec rm {} + \\)"
+prop_checkFindActionPrecedence3 = verifyNot checkFindActionPrecedence "find . -name '*.wav' -o -name '*.au'"
+checkFindActionPrecedence = CommandCheck (Basename "find") (f . arguments)
+  where
+    pattern = [isMatch, const True, isParam ["-o", "-or"], isMatch, const True, isAction]
+    f list | length list < length pattern = return ()
+    f list@(_:rest) =
+        if and (zipWith ($) pattern list)
+        then warnFor (list !! (length pattern - 1))
+        else f rest
+    isMatch = isParam [ "-name", "-regex", "-iname", "-iregex", "-wholename", "-iwholename" ]
+    isAction = isParam [ "-exec", "-execdir", "-delete", "-print", "-print0" ]
+    isParam strs t = fromMaybe False $ do
+        param <- getLiteralString t
+        return $ param `elem` strs
+    warnFor t = warn (getId t) 2146 "This action ignores everything before the -o. Use \\( \\) to group."
+
+
+prop_checkMkdirDashPM0 = verify checkMkdirDashPM "mkdir -p -m 0755 a/b"
+prop_checkMkdirDashPM1 = verify checkMkdirDashPM "mkdir -pm 0755 $dir"
+prop_checkMkdirDashPM2 = verify checkMkdirDashPM "mkdir -vpm 0755 a/b"
+prop_checkMkdirDashPM3 = verify checkMkdirDashPM "mkdir -pm 0755 -v a/b"
+prop_checkMkdirDashPM4 = verify checkMkdirDashPM "mkdir --parents --mode=0755 a/b"
+prop_checkMkdirDashPM5 = verify checkMkdirDashPM "mkdir --parents --mode 0755 a/b"
+prop_checkMkdirDashPM6 = verify checkMkdirDashPM "mkdir -p --mode=0755 a/b"
+prop_checkMkdirDashPM7 = verify checkMkdirDashPM "mkdir --parents -m 0755 a/b"
+prop_checkMkdirDashPM8 = verifyNot checkMkdirDashPM "mkdir -p a/b"
+prop_checkMkdirDashPM9 = verifyNot checkMkdirDashPM "mkdir -m 0755 a/b"
+prop_checkMkdirDashPM10 = verifyNot checkMkdirDashPM "mkdir a/b"
+prop_checkMkdirDashPM11 = verifyNot checkMkdirDashPM "mkdir --parents a/b"
+prop_checkMkdirDashPM12 = verifyNot checkMkdirDashPM "mkdir --mode=0755 a/b"
+prop_checkMkdirDashPM13 = verifyNot checkMkdirDashPM "mkdir_func -pm 0755 a/b"
+prop_checkMkdirDashPM14 = verifyNot checkMkdirDashPM "mkdir -p -m 0755 singlelevel"
+checkMkdirDashPM = CommandCheck (Basename "mkdir") check
+  where
+    check t = potentially $ do
+        let flags = getAllFlags t
+        dashP <- find ((\f -> f == "p" || f == "parents") . snd) flags
+        dashM <- find ((\f -> f == "m" || f == "mode") . snd) flags
+        guard $ any couldHaveSubdirs (drop 1 $ arguments t) -- mkdir -pm 0700 dir  is fine, but dir/subdir is not.
+        return $ warn (getId $ fst dashM) 2174 "When used with -p, -m only applies to the deepest directory."
+    couldHaveSubdirs t = fromMaybe True $ do
+        name <- getLiteralString t
+        return $ '/' `elem` name
+
+
+prop_checkNonportableSignals1 = verify checkNonportableSignals "trap f 8"
+prop_checkNonportableSignals2 = verifyNot checkNonportableSignals "trap f 0"
+prop_checkNonportableSignals3 = verifyNot checkNonportableSignals "trap f 14"
+prop_checkNonportableSignals4 = verify checkNonportableSignals "trap f SIGKILL"
+prop_checkNonportableSignals5 = verify checkNonportableSignals "trap f 9"
+prop_checkNonportableSignals6 = verify checkNonportableSignals "trap f stop"
+checkNonportableSignals = CommandCheck (Exactly "trap") (f . arguments)
+  where
+    f = mapM_ check
+    check param = potentially $ do
+        str <- getLiteralString param
+        let id = getId param
+        return $ sequence_ $ mapMaybe (\f -> f id str) [
+            checkNumeric,
+            checkUntrappable
+            ]
+
+    checkNumeric id str = do
+        guard $ not (null str)
+        guard $ all isDigit str
+        guard $ str /= "0" -- POSIX exit trap
+        guard $ str `notElem` ["1", "2", "3", "6", "9", "14", "15" ] -- XSI
+        return $ warn id 2172
+            "Trapping signals by number is not well defined. Prefer signal names."
+
+    checkUntrappable id str = do
+        guard $ map toLower str `elem` ["kill", "9", "sigkill", "stop", "sigstop"]
+        return $ err id 2173
+            "SIGKILL/SIGSTOP can not be trapped."
+
+
+prop_checkInteractiveSu1 = verify checkInteractiveSu "su; rm file; su $USER"
+prop_checkInteractiveSu2 = verify checkInteractiveSu "su foo; something; exit"
+prop_checkInteractiveSu3 = verifyNot checkInteractiveSu "echo rm | su foo"
+prop_checkInteractiveSu4 = verifyNot checkInteractiveSu "su root < script"
+checkInteractiveSu = CommandCheck (Basename "su") f
+  where
+    f cmd = when (length (arguments cmd) <= 1) $ do
+        path <- pathTo cmd
+        when (all undirected path) $
+            info (getId cmd) 2117
+                "To run commands as another user, use su -c or sudo."
+
+    undirected (T_Pipeline _ _ l) = length l <= 1
+    -- This should really just be modifications to stdin, but meh
+    undirected (T_Redirecting _ list _) = null list
+    undirected _ = True
+
+
+-- This is hard to get right without properly parsing ssh args
+prop_checkSshCmdStr1 = verify checkSshCommandString "ssh host \"echo $PS1\""
+prop_checkSshCmdStr2 = verifyNot checkSshCommandString "ssh host \"ls foo\""
+prop_checkSshCmdStr3 = verifyNot checkSshCommandString "ssh \"$host\""
+checkSshCommandString = CommandCheck (Basename "ssh") (f . arguments)
+  where
+    nonOptions =
+        filter (\x -> not $ "-" `isPrefixOf` concat (oversimplify x))
+    f args =
+        case nonOptions args of
+            (hostport:r@(_:_)) -> checkArg $ last r
+            _ -> return ()
+    checkArg (T_NormalWord _ [T_DoubleQuoted id parts]) =
+        case filter (not . isConstant) parts of
+            [] -> return ()
+            (x:_) -> info (getId x) 2029
+                "Note that, unescaped, this expands on the client side."
+    checkArg _ = return ()
+
+
+prop_checkPrintfVar1 = verify checkPrintfVar "printf \"Lol: $s\""
+prop_checkPrintfVar2 = verifyNot checkPrintfVar "printf 'Lol: $s'"
+prop_checkPrintfVar3 = verify checkPrintfVar "printf -v cow $(cmd)"
+prop_checkPrintfVar4 = verifyNot checkPrintfVar "printf \"%${count}s\" var"
+prop_checkPrintfVar5 = verify checkPrintfVar "printf '%s %s %s' foo bar"
+prop_checkPrintfVar6 = verify checkPrintfVar "printf foo bar baz"
+prop_checkPrintfVar7 = verify checkPrintfVar "printf -- foo bar baz"
+prop_checkPrintfVar8 = verifyNot checkPrintfVar "printf '%s %s %s' \"${var[@]}\""
+prop_checkPrintfVar9 = verifyNot checkPrintfVar "printf '%s %s %s\\n' *.png"
+prop_checkPrintfVar10= verifyNot checkPrintfVar "printf '%s %s %s' foo bar baz"
+checkPrintfVar = CommandCheck (Exactly "printf") (f . arguments) where
+    f (doubledash:rest) | getLiteralString doubledash == Just "--" = f rest
+    f (dashv:var:rest) | getLiteralString dashv == Just "-v" = f rest
+    f (format:params) = check format params
+    f _ = return ()
+
+    countFormats string =
+        case string of
+            '%':'%':rest -> countFormats rest
+            '%':rest -> 1 + countFormats rest
+            _:rest -> countFormats rest
+            [] -> 0
+
+    check format more = do
+        fromMaybe (return ()) $ do
+            string <- getLiteralString format
+            let vars = countFormats string
+
+            return $ do
+                when (vars == 0 && more /= []) $
+                    err (getId format) 2182
+                        "This printf format string has no variables. Other arguments are ignored."
+
+                when (vars > 0
+                        && length more < vars
+                        && all (not . mayBecomeMultipleArgs) more) $
+                    warn (getId format) 2183 $
+                        "This format string has " ++ show vars ++ " variables, but is passed " ++ show (length more) ++ " arguments."
+
+
+        unless ('%' `elem` concat (oversimplify format) || isLiteral format) $
+          info (getId format) 2059
+              "Don't use variables in the printf format string. Use printf \"..%s..\" \"$foo\"."
+
+
+
+
+prop_checkUuoeCmd1 = verify checkUuoeCmd "echo $(date)"
+prop_checkUuoeCmd2 = verify checkUuoeCmd "echo `date`"
+prop_checkUuoeCmd3 = verify checkUuoeCmd "echo \"$(date)\""
+prop_checkUuoeCmd4 = verify checkUuoeCmd "echo \"`date`\""
+prop_checkUuoeCmd5 = verifyNot checkUuoeCmd "echo \"The time is $(date)\""
+prop_checkUuoeCmd6 = verifyNot checkUuoeCmd "echo \"$(<file)\""
+checkUuoeCmd = CommandCheck (Exactly "echo") (f . arguments) where
+    msg id = style id 2005 "Useless echo? Instead of 'echo $(cmd)', just use 'cmd'."
+    f [token] = when (tokenIsJustCommandOutput token) $ msg (getId token)
+    f _ = return ()
+
+
+prop_checkSetAssignment1 = verify checkSetAssignment "set foo 42"
+prop_checkSetAssignment2 = verify checkSetAssignment "set foo = 42"
+prop_checkSetAssignment3 = verify checkSetAssignment "set foo=42"
+prop_checkSetAssignment4 = verifyNot checkSetAssignment "set -- if=/dev/null"
+prop_checkSetAssignment5 = verifyNot checkSetAssignment "set 'a=5'"
+prop_checkSetAssignment6 = verifyNot checkSetAssignment "set"
+checkSetAssignment = CommandCheck (Exactly "set") (f . arguments)
+  where
+    f (var:value:rest) =
+        let str = literal var in
+            when (isVariableName str || isAssignment str) $
+                msg (getId var)
+    f (var:_) =
+        when (isAssignment $ literal var) $
+            msg (getId var)
+    f _ = return ()
+
+    msg id = warn id 2121 "To assign a variable, use just 'var=value', no 'set ..'."
+
+    isAssignment str = '=' `elem` str
+    literal (T_NormalWord _ l) = concatMap literal l
+    literal (T_Literal _ str) = str
+    literal _ = "*"
+
+
+prop_checkExportedExpansions1 = verify checkExportedExpansions "export $foo"
+prop_checkExportedExpansions2 = verify checkExportedExpansions "export \"$foo\""
+prop_checkExportedExpansions3 = verifyNot checkExportedExpansions "export foo"
+checkExportedExpansions = CommandCheck (Exactly "export") (check . arguments)
+  where
+    check = mapM_ checkForVariables
+    checkForVariables f =
+        case getWordParts f of
+            [t@(T_DollarBraced {})] ->
+                warn (getId t) 2163 "Exporting an expansion rather than a variable."
+            _ -> return ()
+
+
+prop_checkAliasesUsesArgs1 = verify checkAliasesUsesArgs "alias a='cp $1 /a'"
+prop_checkAliasesUsesArgs2 = verifyNot checkAliasesUsesArgs "alias $1='foo'"
+prop_checkAliasesUsesArgs3 = verify checkAliasesUsesArgs "alias a=\"echo \\${@}\""
+checkAliasesUsesArgs = CommandCheck (Exactly "alias") (f . arguments)
+  where
+    re = mkRegex "\\$\\{?[0-9*@]"
+    f = mapM_ checkArg
+    checkArg arg =
+        let string = fromJust $ getLiteralStringExt (const $ return "_") arg in
+            when ('=' `elem` string && string `matches` re) $
+                err (getId arg) 2142
+                    "Aliases can't use positional parameters. Use a function."
+
+
+prop_checkAliasesExpandEarly1 = verify checkAliasesExpandEarly "alias foo=\"echo $PWD\""
+prop_checkAliasesExpandEarly2 = verifyNot checkAliasesExpandEarly "alias -p"
+prop_checkAliasesExpandEarly3 = verifyNot checkAliasesExpandEarly "alias foo='echo {1..10}'"
+checkAliasesExpandEarly = CommandCheck (Exactly "alias") (f . arguments)
+  where
+    f = mapM_ checkArg
+    checkArg arg | '=' `elem` concat (oversimplify arg) =
+        forM_ (take 1 $ filter (not . isLiteral) $ getWordParts arg) $
+            \x -> warn (getId x) 2139 "This expands when defined, not when used. Consider escaping."
+    checkArg _ = return ()
+
+
+prop_checkUnsetGlobs1 = verify checkUnsetGlobs "unset foo[1]"
+prop_checkUnsetGlobs2 = verifyNot checkUnsetGlobs "unset foo"
+checkUnsetGlobs = CommandCheck (Exactly "unset") (mapM_ check . arguments)
+  where
+    check arg =
+        when (isGlob arg) $
+            warn (getId arg) 2184 "Quote arguments to unset so they're not glob expanded."
+
+
+prop_checkFindWithoutPath1 = verify checkFindWithoutPath "find -type f"
+prop_checkFindWithoutPath2 = verify checkFindWithoutPath "find"
+prop_checkFindWithoutPath3 = verifyNot checkFindWithoutPath "find . -type f"
+prop_checkFindWithoutPath4 = verifyNot checkFindWithoutPath "find -H -L \"$path\" -print"
+checkFindWithoutPath = CommandCheck (Basename "find") f
+  where
+    f (T_SimpleCommand _ _ (cmd:args)) =
+        unless (hasPath args) $
+            info (getId cmd) 2185 "Some finds don't have a default path. Specify '.' explicitly."
+
+    -- This is a bit of a kludge. find supports flag arguments both before and after the path,
+    -- as well as multiple non-flag arguments that are not the path. We assume that all the
+    -- pre-path flags are single characters, which is generally the case.
+    hasPath (first:rest) =
+        let flag = fromJust $ getLiteralStringExt (const $ return "___") first in
+            not ("-" `isPrefixOf` flag) || length flag <= 2 && hasPath rest
+    hasPath [] = False
+
+
+return []
+runTests =  $( [| $(forAllProperties) (quickCheckWithResult (stdArgs { maxSuccess = 1 }) ) |])

ShellCheck/Data.hs

@@ -25,13 +25,14 @@ internalVariables = [
     "FUNCNEST", "GLOBIGNORE", "HISTCONTROL", "HISTFILE", "HISTFILESIZE",
     "HISTIGNORE", "HISTSIZE", "HISTTIMEFORMAT", "HOME", "HOSTFILE", "IFS",
     "IGNOREEOF", "INPUTRC", "LANG", "LC_ALL", "LC_COLLATE", "LC_CTYPE",
-    "LC_MESSAGES", "LC_NUMERIC", "LINES", "MAIL", "MAILCHECK", "MAILPATH",
+    "LC_MESSAGES", "LC_MONETARY", "LC_NUMERIC", "LC_TIME", "LINES", "MAIL",
-    "OPTERR", "PATH", "POSIXLY_CORRECT", "PROMPT_COMMAND",
+    "MAILCHECK", "MAILPATH", "OPTERR", "PATH", "POSIXLY_CORRECT",
-    "PROMPT_DIRTRIM", "PS1", "PS2", "PS3", "PS4", "SHELL", "TIMEFORMAT",
+    "PROMPT_COMMAND", "PROMPT_DIRTRIM", "PS1", "PS2", "PS3", "PS4", "SHELL",
-    "TMOUT", "TMPDIR", "auto_resume", "histchars", "COPROC",
+    "TIMEFORMAT", "TMOUT", "TMPDIR", "auto_resume", "histchars", "COPROC",
 
     -- Other
-    "USER", "TZ", "TERM"
+    "USER", "TZ", "TERM", "LOGNAME", "LD_LIBRARY_PATH", "LANGUAGE", "DISPLAY",
+    "HOSTNAME", "KRB5CCNAME", "XAUTHORITY"
   ]
 
 variablesWithoutSpaces = [
@@ -41,6 +42,12 @@ variablesWithoutSpaces = [
     "COLUMNS", "HISTFILESIZE", "HISTSIZE", "LINES"
   ]
 
+arrayVariables = [
+    "BASH_ALIASES", "BASH_ARGC", "BASH_ARGV", "BASH_CMDS", "BASH_LINENO",
+    "BASH_REMATCH", "BASH_SOURCE", "BASH_VERSINFO", "COMP_WORDS", "COPROC",
+    "DIRSTACK", "FUNCNAME", "GROUPS", "MAPFILE", "PIPESTATUS", "COMPREPLY"
+  ]
+
 commonCommands = [
     "admin", "alias", "ar", "asa", "at", "awk", "basename", "batch",
     "bc", "bg", "break", "c99", "cal", "cat", "cd", "cflow", "chgrp",
@@ -76,13 +83,12 @@ sampleWords = [
   ]
 
 shellForExecutable :: String -> Maybe Shell
-shellForExecutable "sh" = return Sh
+shellForExecutable name =
-shellForExecutable "ash" = return Sh
+    case name of
-shellForExecutable "dash" = return Sh
+        "sh"    -> return Sh
-
+        "bash"  -> return Bash
-shellForExecutable "ksh" = return Ksh
+        "dash"  -> return Dash
-shellForExecutable "ksh88" = return Ksh
+        "ksh"   -> return Ksh
-shellForExecutable "ksh93" = return Ksh
+        "ksh88" -> return Ksh
-
+        "ksh93" -> return Ksh
-shellForExecutable "bash" = return Bash
+        otherwise -> Nothing
-shellForExecutable _ = Nothing

ShellCheck/Formatter/Format.hs

@@ -30,13 +30,15 @@ data Formatter = Formatter {
     footer :: IO ()
 }
 
-lineNo (PositionedComment pos _) = posLine pos
+lineNo (PositionedComment pos _ _) = posLine pos
-colNo  (PositionedComment pos _) = posColumn pos
+endLineNo (PositionedComment _ end _) = posLine end
-codeNo (PositionedComment _ (Comment _ code _)) = code
+colNo  (PositionedComment pos _ _) = posColumn pos
-messageText (PositionedComment _ (Comment _ _ t)) = t
+endColNo  (PositionedComment _ end _) = posColumn end
+codeNo (PositionedComment _ _ (Comment _ code _)) = code
+messageText (PositionedComment _ _ (Comment _ _ t)) = t
 
 severityText :: PositionedComment -> String
-severityText (PositionedComment _ (Comment c _ _)) =
+severityText (PositionedComment _ _ (Comment c _ _)) =
     case c of
         ErrorC   -> "error"
         WarningC -> "warning"
@@ -48,12 +50,15 @@ makeNonVirtual comments contents =
     map fix comments
   where
     ls = lines contents
-    fix c@(PositionedComment pos comment) = PositionedComment pos {
+    fix c@(PositionedComment start end comment) = PositionedComment start {
-        posColumn =
+        posColumn = realignColumn lineNo colNo c
-            if lineNo c > 0 && lineNo c <= fromIntegral (length ls)
+    } end {
-            then real (ls !! fromIntegral (lineNo c - 1)) 0 0 (colNo c)
+        posColumn = realignColumn endLineNo endColNo c
-            else colNo c
     } comment
+    realignColumn lineNo colNo c =
+      if lineNo c > 0 && lineNo c <= fromIntegral (length ls)
+      then real (ls !! fromIntegral (lineNo c - 1)) 0 0 (colNo c)
+      else colNo c
     real _ r v target | target <= v = r
     real [] r v _ = r -- should never happen
     real ('\t':rest) r v target =

ShellCheck/Formatter/JSON.hs

@@ -37,10 +37,12 @@ format = do
     }
 
 instance JSON (PositionedComment) where
-  showJSON comment@(PositionedComment pos (Comment level code string)) = makeObj [
+  showJSON comment@(PositionedComment start end (Comment level code string)) = makeObj [
-      ("file", showJSON $ posFile pos),
+      ("file", showJSON $ posFile start),
-      ("line", showJSON $ posLine pos),
+      ("line", showJSON $ posLine start),
-      ("column", showJSON $ posColumn pos),
+      ("endLine", showJSON $ posLine end),
+      ("column", showJSON $ posColumn start),
+      ("endColumn", showJSON $ posColumn end),
       ("level", showJSON $ severityText comment),
       ("code", showJSON code),
       ("message", showJSON string)

ShellCheck/Formatter/TTY.hs

@@ -27,15 +27,15 @@ import GHC.Exts
 import System.Info
 import System.IO
 
-format :: IO Formatter
+format :: FormatterOptions -> IO Formatter
-format = return Formatter {
+format options = return Formatter {
     header = return (),
     footer = return (),
-    onFailure = outputError,
+    onFailure = outputError options,
-    onResult = outputResult
+    onResult = outputResult options
 }
 
-colorForLevel level = 
+colorForLevel level =
     case level of
         "error"   -> 31 -- red
         "warning" -> 33 -- yellow
@@ -44,13 +44,13 @@ colorForLevel level =
         "message" -> 1 -- bold
         "source"  -> 0 -- none
         otherwise -> 0 -- none
-    
+
-outputError file error = do
+outputError options file error = do
-    color <- getColorFunc
+    color <- getColorFunc $ foColorOption options
     hPutStrLn stderr $ color "error" $ file ++ ": " ++ error
 
-outputResult result contents = do
+outputResult options result contents = do
-    color <- getColorFunc
+    color <- getColorFunc $ foColorOption options
     let comments = crComments result
     let fileLines = lines contents
     let lineCount = fromIntegral $ length fileLines
@@ -75,10 +75,15 @@ cuteIndent comment =
 
 code code = "SC" ++ show code
 
-getColorFunc = do
+getColorFunc colorOption = do
     term <- hIsTerminalDevice stdout
     let windows = "mingw" `isPrefixOf` os
-    return $ if term && not windows then colorComment else const id
+    let isUsableTty = term && not windows
+    let useColor = case colorOption of
+                       ColorAlways -> True
+                       ColorNever -> False
+                       ColorAuto -> isUsableTty
+    return $ if useColor then colorComment else const id
   where
     colorComment level comment =
         ansi (colorForLevel level) ++ comment ++ clear

ShellCheck/Interface.hs

@@ -72,8 +72,15 @@ data AnalysisResult = AnalysisResult {
     arComments :: [TokenComment]
 }
 
+
+-- Formatter options
+data FormatterOptions = FormatterOptions {
+    foColorOption :: ColorOption
+}
+
+
 -- Supporting data types
-data Shell = Ksh | Sh | Bash deriving (Show, Eq)
+data Shell = Ksh | Sh | Bash | Dash deriving (Show, Eq)
 data ExecutionMode = Executed | Sourced deriving (Show, Eq)
 
 type ErrorMessage = String
@@ -87,9 +94,15 @@ data Position = Position {
 } deriving (Show, Eq)
 
 data Comment = Comment Severity Code String deriving (Show, Eq)
-data PositionedComment = PositionedComment Position Comment deriving (Show, Eq)
+data PositionedComment = PositionedComment Position Position Comment deriving (Show, Eq)
 data TokenComment = TokenComment Id Comment deriving (Show, Eq)
 
+data ColorOption =
+    ColorAuto
+    | ColorAlways
+    | ColorNever
+  deriving (Ord, Eq, Show)
+
 -- For testing
 mockedSystemInterface :: [(String, String)] -> SystemInterface Identity
 mockedSystemInterface files = SystemInterface {

quickrun

@@ -0,0 +1,5 @@
+#!/bin/bash
+# quickrun runs ShellCheck in an interpreted mode.
+# This allows testing changes without recompiling.
+
+runghc -idist/build/autogen shellcheck.hs "$@"

quicktest

@@ -0,0 +1,21 @@
+#!/bin/bash
+# quicktest runs the ShellCheck unit tests in an interpreted mode.
+# This allows running tests without compiling, which can be faster.
+# 'cabal test' remains the source of truth.
+
+(
+ var=$(echo 'liftM and $ sequence [
+  ShellCheck.Analytics.runTests
+  ,ShellCheck.Parser.runTests
+  ,ShellCheck.Checker.runTests
+  ,ShellCheck.Checks.Commands.runTests
+  ,ShellCheck.AnalyzerLib.runTests
+    ]' | tr -d '\n' | cabal repl 2>&1 | tee /dev/stderr)
+if [[ $var == *$'\nTrue'* ]]
+then
+  exit 0
+else
+  grep -C 3 -e "Fail" -e "Tracing" <<< "$var"
+  exit 1
+fi
+) 2>&1

shellcheck.1.md

@@ -16,7 +16,7 @@ errors and pitfalls where the shell just gives a cryptic error message or
 strange behavior, but it also reports on a few more advanced issues where
 corner cases can cause delayed failures.
 
-ShellCheck gives shell specific advice. Consider the line:
+ShellCheck gives shell specific advice. Consider this line:
 
     (( area = 3.14*r*r ))
 
@@ -32,6 +32,12 @@ not warn at all, as `ksh` supports decimals in arithmetic contexts.
 
 # OPTIONS
 
+**-C**[*WHEN*],\ **--color**[=*WHEN*]
+
+:   For TTY output, enable colors *always*, *never* or *auto*. The default
+    is *auto*. **--color** without an argument is equivalent to
+    **--color=always**.
+
 **-e**\ *CODE1*[,*CODE2*...],\ **--exclude=***CODE1*[,*CODE2*...]
 
 :   Explicitly exclude the specified codes from the report. Subsequent **-e**
@@ -46,7 +52,7 @@ not warn at all, as `ksh` supports decimals in arithmetic contexts.
 
 **-s**\ *shell*,\ **--shell=***shell*
 
-:   Specify Bourne shell dialect. Valid values are *sh*, *bash* and *ksh*.
+:   Specify Bourne shell dialect. Valid values are *sh*, *bash*, *dash* and *ksh*.
     The default is to use the file's shebang, or *bash* if the target shell
     can't be determined.
 
@@ -54,7 +60,7 @@ not warn at all, as `ksh` supports decimals in arithmetic contexts.
 
 :   Print version information and exit.
 
-**-x**,\ **-external-sources**
+**-x**,\ **--external-sources**
 
 :   Follow 'source' statements even when the file is not specified as input.
     By default, `shellcheck` will only follow files specified on the command
@@ -159,6 +165,16 @@ The environment variable `SHELLCHECK_OPTS` can be set with default flags:
 Its value will be split on spaces and prepended to the command line on each
 invocation.
 
+# RETURN VALUES
+
+ShellCheck uses the follow exit codes:
+
++ 0: All files successfully scanned with no issues.
++ 1: All files successfully scanned with some issues.
++ 2: Some files could not be processed (e.g. file not found).
++ 3: ShellCheck was invoked with bad syntax (e.g. unknown flag).
++ 4: ShellCheck was invoked with bad options (e.g. unknown formatter).
+
 # AUTHOR
 ShellCheck is written and maintained by Vidar Holen.
 

shellcheck.hs

@@ -48,7 +48,6 @@ data Flag = Flag String String
 data Status =
     NoProblems
     | SomeProblems
-    | BadInput
     | SupportFailure
     | SyntaxFailure
     | RuntimeException
@@ -60,12 +59,16 @@ instance Monoid Status where
 
 data Options = Options {
     checkSpec :: CheckSpec,
-    externalSources :: Bool
+    externalSources :: Bool,
+    formatterOptions :: FormatterOptions
 }
 
 defaultOptions = Options {
     checkSpec = emptyCheckSpec,
-    externalSources = False
+    externalSources = False,
+    formatterOptions = FormatterOptions {
+        foColorOption = ColorAuto
+    }
 }
 
 usageHeader = "Usage: shellcheck [OPTIONS...] FILES..."
@@ -74,8 +77,11 @@ options = [
         (ReqArg (Flag "exclude") "CODE1,CODE2..") "exclude types of warnings",
     Option "f" ["format"]
         (ReqArg (Flag "format") "FORMAT") "output format",
+    Option "C" ["color"]
+        (OptArg (maybe (Flag "color" "always") (Flag "color")) "WHEN")
+        "Use color (auto, always, never)",
     Option "s" ["shell"]
-        (ReqArg (Flag "shell") "SHELLNAME") "Specify dialect (bash,sh,ksh)",
+        (ReqArg (Flag "shell") "SHELLNAME") "Specify dialect (sh,bash,dash,ksh)",
     Option "x" ["external-sources"]
         (NoArg $ Flag "externals" "true") "Allow 'source' outside of FILES.",
     Option "V" ["version"]
@@ -92,12 +98,12 @@ parseArguments argv =
             printErr $ concat errors ++ "\n" ++ usageInfo usageHeader options
             throwError SyntaxFailure
 
-formats :: Map.Map String (IO Formatter)
+formats :: FormatterOptions -> Map.Map String (IO Formatter)
-formats = Map.fromList [
+formats options = Map.fromList [
     ("checkstyle", ShellCheck.Formatter.CheckStyle.format),
     ("gcc",  ShellCheck.Formatter.GCC.format),
     ("json", ShellCheck.Formatter.JSON.format),
-    ("tty",  ShellCheck.Formatter.TTY.format)
+    ("tty",  ShellCheck.Formatter.TTY.format options)
     ]
 
 getOption [] _ = Nothing
@@ -144,7 +150,6 @@ statusToCode status =
     case status of
         NoProblems -> ExitSuccess
         SomeProblems -> ExitFailure 1
-        BadInput -> ExitFailure 5
         SyntaxFailure -> ExitFailure 3
         SupportFailure -> ExitFailure 4
         RuntimeException -> ExitFailure 2
@@ -154,12 +159,13 @@ process flags files = do
     options <- foldM (flip parseOption) defaultOptions flags
     verifyFiles files
     let format = fromMaybe "tty" $ getOption flags "format"
+    let formatters = formats $ formatterOptions options
     formatter <-
-        case Map.lookup format formats of
+        case Map.lookup format formatters of
             Nothing -> do
                 printErr $ "Unknown format " ++ format
                 printErr "Supported formats:"
-                mapM_ (printErr . write) $ Map.keys formats
+                mapM_ (printErr . write) $ Map.keys formatters
                 throwError SupportFailure
               where write s = "  " ++ s
             Just f -> ExceptT $ fmap Right f
@@ -197,6 +203,13 @@ runFormatter sys format options files = do
             then NoProblems
             else SomeProblems
 
+parseColorOption colorOption =
+    case colorOption of
+        "auto" -> ColorAuto
+        "always" -> ColorAlways
+        "never" -> ColorNever
+        _ -> error $ "Bad value for --color `" ++ colorOption ++ "'"
+
 parseOption flag options =
     case flag of
         Flag "shell" str ->
@@ -221,11 +234,18 @@ parseOption flag options =
             liftIO printVersion
             throwError NoProblems
 
-        Flag "externals" _ -> do
+        Flag "externals" _ ->
             return options {
                 externalSources = True
             }
 
+        Flag "color" color ->
+            return options {
+                formatterOptions = (formatterOptions options) {
+                    foColorOption = parseColorOption color
+                }
+            }
+
         _ -> return options
   where
     die s = do

stack.yaml

@@ -0,0 +1,35 @@
+# This file was automatically generated by stack init
+# For more information, see: http://docs.haskellstack.org/en/stable/yaml_configuration/
+
+# Specifies the GHC version and set of packages available (e.g., lts-3.5, nightly-2015-09-21, ghc-7.10.2)
+resolver: lts-5.5
+
+# Local packages, usually specified by relative directory name
+packages:
+- '.'
+# Packages to be pulled from upstream that are not in the resolver (e.g., acme-missiles-0.3)
+extra-deps: []
+
+# Override default flag values for local packages and extra-deps
+flags: {}
+
+# Extra package databases containing global packages
+extra-package-dbs: []
+
+# Control whether we use the GHC we find on the path
+# system-ghc: true
+
+# Require a specific version of stack, using version ranges
+# require-stack-version: -any # Default
+# require-stack-version: >= 1.0.0
+
+# Override the architecture used by stack, especially useful on Windows
+# arch: i386
+# arch: x86_64
+
+# Extra directories used by stack for building
+# extra-include-dirs: [/path/to/dir]
+# extra-lib-dirs: [/path/to/dir]
+
+# Allow a newer minor version of GHC than the snapshot specifies
+# compiler-check: newer-minor

test/shellcheck.hs

@@ -4,13 +4,17 @@ import Control.Monad
 import System.Exit
 import qualified ShellCheck.Checker
 import qualified ShellCheck.Analytics
+import qualified ShellCheck.AnalyzerLib
 import qualified ShellCheck.Parser
+import qualified ShellCheck.Checks.Commands
 
 main = do
     putStrLn "Running ShellCheck tests..."
     results <- sequence [
         ShellCheck.Checker.runTests,
+        ShellCheck.Checks.Commands.runTests,
         ShellCheck.Analytics.runTests,
+        ShellCheck.AnalyzerLib.runTests,
         ShellCheck.Parser.runTests
       ]
     if and results