Stable version 0.5.0

This release is dedicated to Valve for keeping PC gaming awesome.
Also, for that time they proved the need for a tool like ShellCheck.

.ghci

@@ -1 +1 @@
-:set -idist/build/autogen
+:set -idist/build/autogen -isrc

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,27 @@
+#### For bugs
+- Rule Id (if any, e.g. SC1000): 
+- My shellcheck version (`shellcheck --version` or "online"): 
+- [ ] I tried on shellcheck.net and verified that this is still a problem on the latest commit
+- [ ] It's not reproducible on shellcheck.net, but I think that's because it's an OS, configuration or encoding issue
+
+#### For new checks and feature suggestions
+- [ ] shellcheck.net (i.e. the latest commit) currently gives no useful warnings about this
+- [ ] I searched through https://github.com/koalaman/shellcheck/issues and didn't find anything related
+
+
+#### Here's a snippet or screenshot that shows the problem:
+
+```sh
+
+#!/your/interpreter
+your script here
+
+```
+
+#### Here's what shellcheck currently says:
+
+
+
+#### Here's what I wanted or expected to see:
+
+

.gitignore

@@ -1,4 +1,4 @@
-# Created by http://www.gitignore.io
+# Created by https://www.gitignore.io
 
 ### Haskell ###
 dist
@@ -12,4 +12,11 @@ cabal-dev
 .cabal-sandbox/
 cabal.sandbox.config
 cabal.config
+.stack-work
 
+### Snap ###
+/snap/.snapcraft/
+/stage/
+/parts/
+/prime/
+*.snap

.prepare_deploy

@@ -0,0 +1,42 @@
+#!/bin/bash
+# This script packages up Travis compiled binaries
+set -ex
+shopt -s nullglob
+cd deploy
+
+cp ../LICENSE LICENSE.txt
+sed -e $'s/$/\r/' > README.txt << END
+This is a precompiled ShellCheck binary.
+      https://www.shellcheck.net/
+
+ShellCheck is a static analysis tool for shell scripts.
+It's licensed under the GNU General Public License v3.0.
+Information and source code is available on the website.
+
+This binary was compiled on $(date -u).
+
+
+
+      ====== Latest commits ======
+
+$(git log -n 3)
+END
+
+for file in ./*.exe
+do
+  zip "${file%.*}.zip" README.txt LICENSE.txt "$file"
+done
+
+for file in *.linux
+do
+  base="${file%.*}"
+  cp "$file" "shellcheck"
+  tar -cJf "$base.linux.x86_64.tar.xz" --transform="s:^:$base/:" README.txt LICENSE.txt shellcheck
+  rm "shellcheck"
+done
+
+for file in ./*
+do
+  sha512sum "$file" > "$file.sha512sum"
+done
+

.travis.yml

@@ -0,0 +1,76 @@
+sudo: required
+
+language: sh
+
+services:
+  - docker
+
+before_install:
+  - DOCKER_BASE="$DOCKER_USERNAME/shellcheck"
+  - DOCKER_BUILDS=""
+  - TAGS=""
+  - test "$TRAVIS_BRANCH" = master && TAGS="$TAGS latest" || true
+  - test -n "$TRAVIS_TAG"          && TAGS="$TAGS stable $TRAVIS_TAG" || true
+
+script:
+  - mkdir deploy
+  # Remove all tests to reduce binary size
+  - ./striptests
+  # Linux Docker image
+  - name="$DOCKER_BASE"
+  - DOCKER_BUILDS="$DOCKER_BUILDS $name"
+  - docker build -t "$name:current" .
+  - docker run "$name:current" --version
+  - printf '%s\n' "#!/bin/sh" "echo 'hello world'" > myscript
+  - docker run -v "$PWD:/mnt" "$name:current" myscript
+  # Copy static executable from docker image
+  - id=$(docker create "$name:current")
+  - docker cp "$id:/bin/shellcheck" "shellcheck"
+  - docker rm "$id"
+  - ls -l shellcheck
+  - ./shellcheck myscript
+  - for tag in $TAGS; do cp "shellcheck" "deploy/shellcheck-$tag.linux"; done
+  # Linux Alpine based Docker image
+  - name="$DOCKER_BASE-alpine"
+  - DOCKER_BUILDS="$DOCKER_BUILDS $name"
+  - sed -e '/DELETE-MARKER/,$d' Dockerfile > Dockerfile.alpine
+  - docker build -f Dockerfile.alpine -t "$name:current" .
+  - docker run "$name:current" sh -c 'shellcheck --version'
+  # Windows .exe
+  - docker pull koalaman/winghc
+  - docker run --user="$UID" --rm -v "$PWD:/appdata" koalaman/winghc cuib
+  - for tag in $TAGS; do cp "dist/build/ShellCheck/shellcheck.exe" "deploy/shellcheck-$tag.exe"; done
+  - rm -rf dist || true
+  # Misc packaging
+  - ./.prepare_deploy
+
+after_success:
+  - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
+  - for repo in $DOCKER_BUILDS;
+    do
+      for tag in $TAGS;
+      do
+        echo "Deploying $repo:current as $repo:$tag...";
+        docker tag "$repo:current" "$repo:$tag" || exit 1;
+        docker push "$repo:$tag" || exit 1;
+      done;
+    done;
+
+after_failure:
+  - id
+  - pwd
+  - df -h
+  - find . -name '*.log' -type f -exec grep "" /dev/null {} +
+  - find . -ls
+
+deploy:
+  provider: gcs
+  skip_cleanup: true
+  access_key_id: GOOG7MDN7WEH6IIGBDCA
+  secret_access_key:
+    secure: Bcx2cT0/E2ikj7sdamVq52xlLZF9dz9ojGPtoKfPyQhkkZa+McVI4xgUSuyyoSxyKj77sofx2y8m6PJYYumT4g5hREV1tfeUkl0J2DQFMbGDYEt7kxVkXCxojNvhHwTzLFv0ezstrxWWxQm81BfQQ4U9lggRXtndAP4czZnOeHPINPSiue1QNwRAEw05r5UoIUJXy/5xyUrjIxn381pAs+gJqP2COeN9kTKYH53nS/AAws29RprfZFnPlo7xxWmcjRcdS5KPdGXI/c6tQp5zl2iTh510VC1PN2w1Wvnn/oNWhiNdqPyVDsojIX5+sS3nejzJA+KFMxXSBlyXIY3wPpS/MdscU79X6Q5f9ivsFfsm7gNBmxHUPNn0HAvU4ROT/CCE9j6jSbs5PC7QBo3CK4++jxAwE/pd9HUc2rs3k0ofx3rgveJ7txpy5yPKfwIIBi98kVKlC4w7dLvNTOfjW1Imt2yH87XTfsE0UIG9st1WII6s4l/WgBx2GuwKdt6+3QUYiAlCFckkxWi+fAvpHZUEL43Qxub5fN+ZV7Zib1n7opchH4QKGBb6/y0WaDCmtCfu0lppoe/TH6saOTjDFj67NJSElK6ZDxGZ3uw4R+ret2gm6WRKT2Oeub8J33VzSa7VkmFpMPrAAfPa9N1Z4ewBLoTmvxSg2A0dDrCdJio=
+  bucket: shellcheck
+  local-dir: deploy
+  on:
+    repo: koalaman/shellcheck
+    all_branches: true

CHANGELOG.md

@@ -0,0 +1,336 @@
+## v0.5.0 - 2018-05-31
+### Added
+- SC2233/SC2234/SC2235: Suggest removing or replacing (..) around tests
+- SC2232: Warn about invalid arguments to sudo
+- SC2231: Suggest quoting expansions in for loop globs
+- SC2229: Warn about 'read $var'
+- SC2227: Warn about redirections in the middle of 'find' commands
+- SC2224/SC2225/SC2226: Warn when using mv/cp/ln without a destination
+- SC2223: Quote warning specific to `: ${var=value}`
+- SC1131: Warn when using `elseif` or `elsif`
+- SC1128: Warn about blanks/comments before shebang
+- SC1127: Warn about C-style comments
+
+### Fixed
+- Annotations intended for a command's here documents now work
+- Escaped characters inside groups in =~ regexes now parse
+- Associative arrays are now respected in arithmetic contexts
+- SC1087 about `$var[@]` now correctly triggers on any index
+- Bad expansions in here documents are no longer ignored
+- FD move operations like {fd}>1- now parse correctly
+
+### Changed
+- Here docs are now terminated as per spec, rather than by presumed intent
+- SC1073: 'else if' is now parsed correctly and not like 'elif'
+- SC2163: 'export $name' can now be silenced with 'export ${name?}'
+- SC2183: Now warns when printf arg count is not a multiple of format count
+
+## v0.4.7 - 2017-12-08
+### Added
+- Statically linked binaries for Linux and Windows (see README.md)!
+- `-a` flag to also include warnings in `source`d files
+- SC2221/SC2222: Warn about overridden case branches
+- SC2220: Warn about unhandled error cases in getopt loops
+- SC2218: Warn when using functions before they're defined
+- SC2216/SC2217: Warn when piping/redirecting to mv/cp and other non-readers
+- SC2215: Warn about commands starting with leading dash
+- SC2214: Warn about superfluous getopt flags
+- SC2213: Warn about unhandled getopt flags
+- SC2212: Suggest `false` over `[ ]`
+- SC2211: Warn when using a glob as a command name
+- SC2210: Warn when redirecting to an integer, e.g. `foo 1>2`
+- SC2206/SC2207: Suggest alternatives when using word splitting in arrays
+- SC1117: Warn about double quoted, undefined backslash sequences
+- SC1113/SC1114/SC1115: Recognized more malformed shebangs
+
+### Fixed
+- `[ -v foo ]` no longer warns if `foo` is undefined
+- SC2037 is now suppressed by quotes, e.g. `PAGER="cat" man foo`
+- Ksh nested array declarations now parse correctly
+- Parameter Expansion without colons are now recognized, e.g. `${foo+bar}`
+- The `lastpipe` option is now respected with regard to subshell warnings
+- `\(` is now respected for grouping in `[`
+- Leading `\` is now ignored for commands, to allow alias suppression
+- Comments are now allowed after directives to e.g. explain 'disable'
+
+
+## v0.4.6 - 2017-03-26
+### Added
+- SC2204/SC2205: Warn about `( -z foo )` and `( foo -eq bar )`
+- SC2200/SC2201: Warn about brace expansion in [/[[
+- SC2198/SC2199: Warn about arrays in [/[[
+- SC2196/SC2197: Warn about deprected egrep/fgrep
+- SC2195: Warn about unmatchable case branches
+- SC2194: Warn about constant 'case' statements
+- SC2193: Warn about `[[ file.png == *.mp3 ]]` and other unmatchables
+- SC2188/SC2189: Warn about redirections without commands
+- SC2186: Warn about deprecated `tempfile`
+- SC1109: Warn when finding `&`/`>`/`<` unquoted
+- SC1108: Warn about missing spaces in `[ var= foo ]`
+
+### Changed
+- All files are now read as UTF-8 with lenient latin1 fallback, ignoring locale
+- Unicode quotes are no longer considered syntactic quotes
+- `ash` scripts will now be checked as `dash` with a warning
+
+### Fixed
+- `-c` no longer suggested when using `grep -o | wc`
+- Comments and whitespace are now allowed before filewide directives
+- Here doc delimters with esoteric quoting like `foo""` are now handled
+- SC2095 about `ssh` in while read loops is now suppressed when using `-n`
+- `%(%Y%M%D)T` now recognized as a single formatter in `printf` checks
+- `grep -F` now suppresses regex related suggestions
+- Command name checks now recognize busybox applet names
+
+
+## v0.4.5 - 2016-10-21
+### Added
+- A Docker build (thanks, kpankonen!)
+- SC2185: Suggest explicitly adding path for `find`
+- SC2184: Warn about unsetting globs (e.g. `unset foo[1]`)
+- SC2183: Warn about `printf` with more formatters than variables
+- SC2182: Warn about ignored arguments with `printf` 
+- SC2181: Suggest using command directly instead of `if [ $? -eq 0 ]`
+- SC1106: Warn when using `test` operators in `(( 1 -eq 2 ))`
+
+### Changed
+- Unrecognized directives now causes a warning rather than parse failure.
+
+### Fixed
+- Indices in associative arrays are now parsed correctly
+- Missing shebang warning squashed when specifying with a directive
+- Ksh multidimensional arrays are now supported
+- Variables in substring ${a:x:y} expansions now count as referenced
+- SC1102 now also handles ambiguous `$((`
+- Using `$(seq ..)` will no longer suggest quoting
+- SC2148 (missing shebang) is now suppressed when using shell directives
+- `[ a '>' b ]` is now recognized as being correctly escaped
+
+
+## v0.4.4 - 2016-05-15
+### Added
+- Haskell Stack support (thanks,  Arguggi!)
+- SC2179/SC2178: Warn when assigning/appending strings to arrays
+- SC1102: Warn about ambiguous `$(((`
+- SC1101: Warn when \\ linebreaks have trailing spaces
+
+### Changed
+- Directives directly after the shebang now apply to the entire file
+
+### Fixed
+- `{$i..10}` is now flagged similar to `{1..$i}`
+
+
+## v0.4.3 - 2016-01-13
+### Fixed
+- Build now works on GHC 7.6.3 as found on Debian Stable/Ubuntu LTS
+
+
+## v0.4.2 - 2016-01-09
+### Added
+- First class support for the `dash` shell
+- The `--color` flag similar to ls/grep's (thanks, haguenau!)
+- SC2174: Warn about unexpected behavior of `mkdir -pm` (thanks, eatnumber1!)
+- SC2172: Warn about non-portable use of signal numbers in `trap`
+- SC2171: Warn about `]]` without leading `[[`
+- SC2168: Warn about `local` outside functions
+
+### Fixed
+- Warnings about unchecked `cd` will no longer trigger with `set -e`
+- `[ a -nt/-ot/-ef b ]` no longer warns about being constant
+- Quoted test operators like `[ foo "<" bar ]` now parse
+- Escaped quotes in backticks now parse correctly
+
+
+## v0.4.1 - 2015-09-05
+### Fixed
+- Added missing files to Cabal, fixing the build
+
+
+## v0.4.0 - 2015-09-05
+### Added
+- Support for following `source`d files
+- Support for setting default flags in `SHELLCHECK_OPTS`
+- An `--external-sources` flag for following arbitrary `source`d files
+- A `source` directive to override the filename to `source`
+- SC2166: Suggest using `[ p ] && [ q ]` over `[ p -a q ]`
+- SC2165: Warn when nested `for` loops use the same variable name
+- SC2164: Warn when using `cd` without checking that it succeeds
+- SC2163: Warn about `export $var`
+- SC2162: Warn when using `read` without `-r`
+- SC2157: Warn about `[ "$var " ]` and similar never-empty string matches
+
+### Fixed
+- `cat -vnE file` and similar will no longer flag as UUOC
+- Nested trinary operators in `(( ))` now parse correctly
+- Ksh `${ ..; }` command expansions now parse
+
+
+## v0.3.8 - 2015-06-20
+### Changed
+- ShellCheck's license has changed from AGPLv3 to GPLv3.
+
+### Added
+- SC2156: Warn about injecting filenames in `find -exec sh -c "{}" \;`
+
+### Fixed
+- Variables and command substitutions in brace expansions are now parsed
+- ANSI colors are now disabled on Windows
+- Empty scripts now parse
+
+
+## v0.3.7 - 2015-04-16
+### Fixed
+- Build now works on GHC 7.10
+- Use `regex-tdfa` over `regex-compat` since the latter crashes on OS X.
+
+## v0.3.6 - 2015-03-28
+### Added
+- SC2155: Warn about masked return values in `export foo=$(exit 1)`
+- SC2154: Warn when a lowercase variable is referenced but not assigned
+- SC2152/SC2151: Warn about bad `return` values like `1234` and `"foo"`
+- SC2150: Warn about `find -exec "shell command" \;`
+
+### Fixed
+- `coproc` is now supported
+- Trinary operator now recognized in `((..))`
+
+### Removed
+- Zsh support has been removed
+
+
+## v0.3.5 - 2014-11-09
+### Added
+- SC2148: Warn when not including a shebang
+- SC2147: Warn about literal ~ in PATH
+- SC1086: Warn about `$` in for loop variables, e.g. `for $i in ..`
+- SC1084: Warn when the shebang uses `!#` instead of `#!`
+
+### Fixed
+- Empty and comment-only backtick expansions now parse
+- Variables used in PS1/PROMPT\_COMMAND/trap now count as referenced
+- ShellCheck now skips unreadable files and directories
+- `-f gcc` on empty files no longer crashes
+- Variables in $".." are now considered quoted
+- Warnings about expansions in single quotes now include backticks
+
+
+## v0.3.4 - 2014-07-08
+### Added
+- SC2146: Warn about precedence when combining `find -o` with actions
+- SC2145: Warn when concatenating arrays and strings
+
+### Fixed
+- Case statements now support `;&` and `;;&`
+- Indices in array declarations now parse correctly
+- `let` expressions now parsed as arithmetic expressions
+- Escaping is now respected in here documents
+
+### Changed
+- Completely drop Makefile in favor of Cabal (thanks rodrigosetti!)
+
+
+## v0.3.3 - 2014-05-29
+### Added
+- SC2144: Warn when using globs in `[/[[`
+- SC2143: Suggesting using `grep -q` over `[ "$(.. | grep)" ]`
+- SC2142: Warn when referencing positional parameters in aliases
+- SC2141: Warn about suspicious IFS assignments like `IFS="\n"`
+- SC2140: Warn about bad embedded quotes like `echo "var="value""`
+- SC2130: Warn when using `-eq` on strings
+- SC2139: Warn about define time expansions in alias definitions
+- SC2129: Suggest command grouping over `a >> log; b >> log; c >> log`
+- SC2128: Warn when expanding arrays without an index
+- SC2126: Suggest `grep -c` over `grep|wc`
+- SC2123: Warn about accidentally overriding `$PATH`, e.g. `PATH=/my/dir`
+- SC1083: Warn about literal `{/}` outside of quotes
+- SC1082: Warn about UTF-8 BOMs
+
+### Fixed
+- SC2051 no longer triggers for `{1,$n}`, only `{1..$n}`
+- Improved detection of single quoted `sed` variables, e.g. `sed '$s///'`
+- Stop warning about single quoted variables in `PS1` and similar
+- Support for Zsh short form loops, `=(..)`
+
+### Removed
+- SC1000 about unescaped lonely `$`, e.g. `grep "^foo$"`
+
+
+## v0.3.2 - 2014-03-22
+### Added
+- SC2121: Warn about trying to `set` variables, e.g. `set var = value`
+- SC2120/SC2119: Warn when a function uses `$1..` if none are ever passed
+- SC2117: Warn when using `su` in interactive mode, e.g. `su foo; whoami` 
+- SC2116: Detect useless use of echo, e.g. `for i in $(echo $var)`
+- SC2115/SC2114: Detect some catastrophic `rm -r "$empty/"` mistakes
+- SC1081: Warn when capitalizing keywords like `While`
+- SC1077: Warn when using acute accents instead of backticks
+
+### Fixed
+- Shells are now properly recognized in shebangs containing flags
+- Stop warning about math on decimals in ksh/zsh
+- Stop warning about decimal comparisons with `=`, e.g. `[ $version = 1.2 ]`
+- Parsing of `|&`
+- `${a[x]}` not counting as a reference of `x`
+- `(( x[0] ))` not counting as a reference of `x`
+
+
+## v0.3.1 - 2014-02-03
+### Added
+- The `-s` flag to specify shell dialect
+- SC2105/SC2104: Warn about `break/continue` outside loops
+- SC1076: Detect invalid `[/[[` arithmetic like `[ 1 + 2 = 3 ]`
+- SC1075: Suggest using `elif` over `else if`
+
+### Fixed
+- Don't warn when comma separating elements in brace expansions
+- Improved detection of single quoted `sed` variables, e.g. `sed '$d'`
+- Parsing of arithmetic for loops using `{..}` instead of `do..done`
+- Don't treat the last pipeline stage as a subshell in ksh/zsh
+
+
+## v0.3.0 - 2014-01-19
+### Added
+- A man page (thanks Dridi!)
+- GCC compatible error reporting (`shellcheck -f gcc`)
+- CheckStyle compatible XML error reporting (`shellcheck -f checkstyle`)
+- Error codes for each warning, e.g. SC1234
+- Allow disabling warnings with `# shellcheck disable=SC1234`
+- Allow disabling warnings with `--exclude`
+- SC2103: Suggest using subshells over `cd foo; bar; cd ..`
+- SC2102: Warn about duplicates in char ranges, e.g. `[10-15]`
+- SC2101: Warn about named classes not inside a char range, e.g. `[:digit:]`
+- SC2100/SC2099: Warn about bad math expressions like `i=i+5`
+- SC2098/SC2097: Warn about `foo=bar echo $foo`
+- SC2095: Warn when using `ssh`/`ffmpeg` in `while read` loops
+- Better warnings for missing here doc tokens
+
+### Fixed
+- Don't warn when single quoting variables with `ssh/perl/eval`
+- `${!var}` is now counted as a variable reference
+
+### Removed
+- Suggestions about using parameter expansion over basename
+- The `jsoncheck` binary. Use `shellcheck -f json` instead. 
+
+
+## v0.2.0 - 2013-10-27
+### Added
+- Suggest `./*` instead of `*` when passing globs to commands
+- Suggest `pgrep` over `ps | grep`
+- Warn about unicode quotes
+- Warn about assigned but unused variables
+- Inform about client side expansion when using `ssh`
+
+### Fixed
+- CLI tool now uses exit codes and stderr canonically
+- Parsing of extglobs containing empty patterns
+- Parsing of bash style `eval foo=(bar)`
+- Parsing of expansions in here documents
+- Parsing of function names containing :+-
+- Don't warn about `find|xargs` when using `-print0`
+
+
+## v0.1.0 - 2013-07-23
+### Added
+- First release

Dockerfile

@@ -0,0 +1,36 @@
+# Build-only image
+FROM ubuntu:17.10 AS build
+USER root
+WORKDIR /opt/shellCheck
+
+# Install OS deps
+RUN apt-get update && apt-get install -y ghc cabal-install
+
+# Install Haskell deps
+# (This is a separate copy/run so that source changes don't require rebuilding)
+COPY ShellCheck.cabal ./
+RUN cabal update && cabal install --dependencies-only
+
+# Copy source and build it
+COPY LICENSE Setup.hs shellcheck.hs ./
+COPY src src
+RUN cabal build Paths_ShellCheck && \
+  ghc -optl-static -optl-pthread -isrc -idist/build/autogen --make shellcheck && \
+  strip --strip-all shellcheck
+
+RUN mkdir -p /out/bin && \
+  cp shellcheck  /out/bin/
+
+# Resulting Alpine image
+FROM alpine:latest
+LABEL maintainer="Vidar Holen <vidar@vidarholen.net>"
+COPY --from=build /out /
+
+# DELETE-MARKER (Remove everything below to keep the alpine image)
+
+# Resulting ShellCheck image
+FROM scratch
+LABEL maintainer="Vidar Holen <vidar@vidarholen.net>"
+WORKDIR /mnt
+COPY --from=build /out /
+ENTRYPOINT ["/bin/shellcheck"]

LICENSE

@@ -1,7 +1,7 @@
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box".
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
 
   The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+<https://www.gnu.org/philosophy/why-not-lgpl.html>.

README.md

@@ -1,3 +1,5 @@
+[![Build Status](https://travis-ci.org/koalaman/shellcheck.svg?branch=master)](https://travis-ci.org/koalaman/shellcheck)
+
 # ShellCheck - A shell script static analysis tool
 
 ShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh shell scripts:
@@ -6,39 +8,67 @@ ShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh shell
 
 The goals of ShellCheck are
 
-  - To point out and clarify typical beginner's syntax issues
-    that causes a shell to give cryptic error messages.
+- To point out and clarify typical beginner's syntax issues that cause a shell
+  to give cryptic error messages.
 
-  - To point out and clarify typical intermediate level semantic problems
-    that causes a shell to behave strangely and counter-intuitively.
+- To point out and clarify typical intermediate level semantic problems that
+  cause a shell to behave strangely and counter-intuitively.
 
 - To point out subtle caveats, corner cases and pitfalls that may cause an
   advanced user's otherwise working script to fail under future circumstances.
 
 See [the gallery of bad code](README.md#user-content-gallery-of-bad-code) for examples of what ShellCheck can help you identify!
 
+## Table of Contents
+
+- [How to use](#how-to-use)
+  - [On the web](#on-the-web)
+  - [From your terminal](#from-your-terminal)
+  - [In your editor](#in-your-editor)
+  - [In your build or test suites](#in-your-build-or-test-suites)
+- [Installing](#installing)
+- [Travis CI](#travis-ci)
+- [Compiling from source](#compiling-from-source)
+  - [Installing Cabal](#installing-cabal)
+  - [Compiling ShellCheck](#compiling-shellcheck)
+  - [Running tests](#running-tests)
+- [Gallery of bad code](#gallery-of-bad-code)
+  - [Quoting](#quoting)
+  - [Conditionals](#conditionals)
+  - [Frequently misused commands](#frequently-misused-commands)
+  - [Common beginner's mistakes](#common-beginners-mistakes)
+  - [Style](#style)
+  - [Data and typing errors](#data-and-typing-errors)
+  - [Robustness](#robustness)
+  - [Portability](#portability)
+  - [Miscellaneous](#miscellaneous)
+- [Testimonials](#testimonials)
+- [Ignoring issues](#ignoring-issues)
+- [Reporting bugs](#reporting-bugs)
+- [Contributing](#contributing)
+- [Copyright](#copyright)
 
 ## How to use
-There are a variety of ways to use ShellCheck!
 
+There are a number of ways to use ShellCheck!
 
-#### On the web
-Paste a shell script on http://www.shellcheck.net for instant feedback.
+### On the web
 
-[ShellCheck.net](http://www.shellcheck.net) is always synchronized to the latest git commit, and is the simplest way to give ShellCheck a go. Tell your friends!
+Paste a shell script on https://www.shellcheck.net for instant feedback.
 
+[ShellCheck.net](https://www.shellcheck.net) is always synchronized to the latest git commit, and is the easiest way to give ShellCheck a go. Tell your friends!
+
+### From your terminal
 
-#### From your terminal
 Run `shellcheck yourscript` in your terminal for instant output, as seen above.
 
-
-#### In your editor
+### In your editor
 
 You can see ShellCheck suggestions directly in a variety of editors.
 
-* Vim, through [Syntastic](https://github.com/scrooloose/syntastic):
+* Vim, through [ALE](https://github.com/w0rp/ale), [Neomake](https://github.com/neomake/neomake), or [Syntastic](https://github.com/scrooloose/syntastic):
 
-![Screenshot of vim showing inlined shellcheck feedback](doc/vim-syntastic.png).
+![Screenshot of Vim showing inlined shellcheck feedback](doc/vim-syntastic.png).
 
 * Emacs, through [Flycheck](https://github.com/flycheck/flycheck):
 
@@ -48,14 +78,15 @@ You can see ShellCheck suggestions directly in a variety of editors.
 
 * Atom, through [Linter](https://github.com/AtomLinter/linter-shellcheck).
 
-* Most other editors, through [GCC error compatibility](blob/master/shellcheck.1.md#user-content-formats).
+* VSCode, through [vscode-shellcheck](https://github.com/timonwong/vscode-shellcheck).
 
+* Most other editors, through [GCC error compatibility](shellcheck.1.md#user-content-formats).
+
+### In your build or test suites
 
-#### In your build or test suites
 While ShellCheck is mostly intended for interactive use, it can easily be added to builds or test suites.
 
-Use ShellCheck's exit code, or it's [CheckStyle compatible XML output](blob/master/shellcheck.1.md#user-content-formats). There's also a simple JSON output format for easy integration.
-
+ShellCheck makes canonical use of exit codes, and can output simple JSON, CheckStyle compatible XML, GCC compatible warnings as well as human readable text (with or without ANSI colors). See the [Integration](https://github.com/koalaman/shellcheck/wiki/Integration) wiki page for more documentation.
 
 ## Installing
 
@@ -64,46 +95,109 @@ The easiest way to install ShellCheck locally is through your package manager.
 On systems with Cabal (installs to `~/.cabal/bin`):
 
     cabal update
-    cabal install shellcheck
+    cabal install ShellCheck
+
+On systems with Stack (installs to `~/.local/bin`):
+
+    stack update
+    stack install ShellCheck
 
 On Debian based distros:
 
     apt-get install shellcheck
 
+On Arch Linux based distros:
+
+    pacman -S shellcheck
+
+or get the dependency free [shellcheck-static](https://aur.archlinux.org/packages/shellcheck-static/) from the AUR.
+
+On Gentoo based distros:
+
+    emerge --ask shellcheck
+
+On EPEL based distros:
+
+    yum -y install epel-release
+    yum install ShellCheck
+
 On Fedora based distros:
 
     dnf install ShellCheck
 
+On FreeBSD:
+
+    pkg install hs-ShellCheck
+
 On OS X with homebrew:
 
     brew install shellcheck
 
-On OS X with MacPorts:
-
-    port install shellcheck
-
-On openSUSE:Tumbleweed:
+On openSUSE
 
     zypper in ShellCheck
 
-On other openSUSE distributions:
+Or use OneClickInstall - https://software.opensuse.org/package/ShellCheck
 
-add OBS devel:languages:haskell repository from https://build.opensuse.org/project/repositories/devel:languages:haskell
+On Solus:
 
-    zypper ar http://download.opensuse.org/repositories/devel:/languages:/haskell/openSUSE_$(version)/devel:languages:haskell.repo
-    zypper in ShellCheck
+    eopkg install shellcheck
     
-or use OneClickInstall - https://software.opensuse.org/package/ShellCheck
+On Windows (via [scoop](http://scoop.sh)):
 
+    scoop install shellcheck
+
+From Snap Store:
+
+    snap install --channel=edge shellcheck
+
+From Docker Hub:
+
+```sh
+docker pull koalaman/shellcheck:stable  # Or :v0.4.7 for that version, or :latest for daily builds
+docker run -v "$PWD:/mnt" koalaman/shellcheck myscript
+```
+
+or use `koalaman/shellcheck-alpine` if you want a larger Alpine Linux based image to extend. It works exactly like a regular Alpine image, but has shellcheck preinstalled.
+
+Alternatively, you can download pre-compiled binaries for the latest release here:
+
+* [Linux, x86_64](https://storage.googleapis.com/shellcheck/shellcheck-stable.linux.x86_64.tar.xz) (statically linked)
+* [Windows, x86](https://storage.googleapis.com/shellcheck/shellcheck-stable.zip)
+
+or see the [storage bucket listing](https://shellcheck.storage.googleapis.com/index.html) for checksums, older versions and the latest daily builds.
+
+## Travis CI
+
+Travis CI has now integrated ShellCheck by default, so you don't need to manually install it.
+
+If you still want to do so in order to upgrade at your leisure or ensure the latest release:
+
+    install:
+
+      # Install a custom version of shellcheck instead of Travis CI's default
+      - scversion="stable" # or "v0.4.7", or "latest"
+      - wget "https://storage.googleapis.com/shellcheck/shellcheck-$scversion.linux.x86_64.tar.xz"
+      - tar --xz -xvf "shellcheck-$scversion.linux.x86_64.tar.xz"
+      - shellcheck() { "shellcheck-$scversion/shellcheck" "$@"; }
+      - shellcheck --version
+
+    script:
+      - shellcheck *.sh
 
 ## Compiling from source
 
-This sections describes how to build ShellCheck from a source directory. ShellCheck is written in Haskell and requires 2GB of RAM to compile.
+This section describes how to build ShellCheck from a source directory. ShellCheck is written in Haskell and requires 2GB of RAM to compile.
 
+### Installing Cabal
 
-#### Installing Cabal
+ShellCheck is built and packaged using Cabal. Install the package `cabal-install` from your system's package manager (with e.g. `apt-get`, `brew`, `emerge`, `yum`, or `zypper`).
 
-ShellCheck is built and packaged using Cabal. Install the package `cabal-install` from your system's package manager (with e.g. `apt-get`, `yum`, `zypper` or `brew`).
+On MacOS (OS X), you can do a fast install of Cabal using brew, which takes a couple of minutes instead of more than 30 minutes if you try to compile it from source.
+
+    brew install cask
+    brew cask install haskell-platform
+    cabal install cabal-install
 
 On MacPorts, the package is instead called `hs-cabal-install`, while native Windows users should install the latest version of the Haskell platform from https://www.haskell.org/platform/
 
@@ -111,22 +205,30 @@ Verify that `cabal` is installed and update its dependency list with
 
     $ cabal update
 
-#### Compiling ShellCheck
+### Compiling ShellCheck
 
 `git clone` this repository, and `cd` to the ShellCheck source directory to build/install:
 
     $ cabal install
 
+Or if you intend to run the tests:
+
+    $ cabal install --enable-tests
+
 This will compile ShellCheck and install it to your `~/.cabal/bin` directory.
 
 Add this directory to your `PATH` (for bash, add this to your `~/.bashrc`):
 
+```sh
 export PATH="$HOME/.cabal/bin:$PATH"
+```
 
 Log out and in again, and verify that your PATH is set up correctly:
 
+```sh
 $ which shellcheck
 ~/.cabal/bin/shellcheck
+```
 
 On native Windows, the `PATH` should already be set up, but the system
 may use a legacy codepage. In `cmd.exe`, `powershell.exe` and Powershell ISE,
@@ -140,20 +242,21 @@ In Powershell ISE, you may need to additionally update the output encoding:
 
     > [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
 
-#### Running tests
+### Running tests
 
 To run the unit test suite:
 
     $ cabal test
 
-
 ## Gallery of bad code
+
 So what kind of things does ShellCheck look for? Here is an incomplete list of detected issues.
 
-#### Quoting
+### Quoting
 
 ShellCheck can recognize several types of incorrect quoting:
 
+```sh
 echo $1                           # Unquoted variables
 find . -name *.ogg                # Unquoted find/grep patterns
 rm "~/my file.txt"                # Quoted tilde expansion
@@ -164,12 +267,13 @@ ShellCheck can recognize several types of incorrect quoting:
 echo 'Don\'t try this at home'    # Attempting to escape ' in ''
 echo 'Path is $PATH'              # Variables in single quotes
 trap "echo Took ${SECONDS}s" 0    # Prematurely expanded trap
+```
 
-
-#### Conditionals
+### Conditionals
 
 ShellCheck can recognize many types of incorrect test statements.
 
+```sh
 [[ n != 0 ]]                      # Constant test expressions
 [[ -e *.mpg ]]                    # Existence checks of globs
 [[ $foo==0 ]]                     # Always true due to missing spaces
@@ -179,12 +283,15 @@ ShellCheck can recognize many types of incorrect test statements.
 [ $1 -eq "shellcheck" ]           # Numerical comparison of strings
 [ $n && $m ]                      # && in [ .. ]
 [ grep -q foo file ]              # Command without $(..)
+[[ "$$file" == *.jpg ]]           # Comparisons that can't succeed
+(( 1 -lt 2 ))                     # Using test operators in ((..))
+```
 
-
-#### Frequently misused commands
+### Frequently misused commands
 
 ShellCheck can recognize instances where commands are used incorrectly:
 
+```sh
 grep '*foo*' file                 # Globs in regex contexts
 find . -exec foo {} && bar {} \;  # Prematurely terminated find -exec
 sudo echo 'Var=42' > /etc/profile # Redirecting sudo
@@ -194,28 +301,36 @@ ShellCheck can recognize instances where commands are used incorrectly:
 tr -cd '[a-zA-Z0-9]'              # [] around ranges in tr
 exec foo; echo "Done!"            # Misused 'exec'
 find -name \*.bak -o -name \*~ -delete  # Implicit precedence in find
+# find . -exec foo > bar \;       # Redirections in find
 f() { whoami; }; sudo f           # External use of internal functions
+```
 
-
-#### Common beginner's mistakes
+### Common beginner's mistakes
 
 ShellCheck recognizes many common beginner's syntax errors:
 
+```sh
 var = 42                          # Spaces around = in assignments
 $foo=42                           # $ in assignments
 for $var in *; do ...             # $ in for loop variables
 var$n="Hello"                     # Wrong indirect assignment
 echo ${var$n}                     # Wrong indirect reference
 var=(1, 2, 3)                     # Comma separated arrays
+array=( [index] = value )         # Incorrect index initialization
+echo $var[14]                     # Missing {} in array references
 echo "Argument 10 is $10"         # Positional parameter misreference
 if $(myfunction); then ..; fi     # Wrapping commands in $()
 else if othercondition; then ..   # Using 'else if'
+f; f() { echo "hello world; }     # Using function before definition
+[ false ]                         # 'false' being true
+if ( -f file )                    # Using (..) instead of test
+```
 
-
-#### Style
+### Style
 
 ShellCheck can make suggestions to improve style:
 
+```sh
 [[ -z $(find /tmp | grep mpg) ]]  # Use grep -q instead
 a >> log; b >> log; c >> log      # Use a redirection block instead
 echo "The time is `date`"         # Use $() instead
@@ -224,38 +339,44 @@ ShellCheck can make suggestions to improve style:
 echo $(($RANDOM % 6))             # Don't use $ on variables in $((..))
 echo "$(date)"                    # Useless use of echo
 cat file | grep foo               # Useless use of cat
+```
 
-
-#### Data and typing errors
+### Data and typing errors
 
 ShellCheck can recognize issues related to data and typing:
 
+```sh
 args="$@"                         # Assigning arrays to strings
 files=(foo bar); echo "$files"    # Referencing arrays as strings
-    printf "%s\n" "Arguments: $@."    # Concatenating strings and arrays.
+declare -A arr=(foo bar)          # Associative arrays without index
+printf "%s\n" "Arguments: $@."    # Concatenating strings and arrays
 [[ $# > 2 ]]                      # Comparing numbers as strings
 var=World; echo "Hello " var      # Unused lowercase variables
 echo "Hello $name"                # Unassigned lowercase variables
 cmd | read bar; echo $bar         # Assignments in subshells
+cat foo | cp bar                  # Piping to commands that don't read
+printf '%s: %s\n' foo             # Mismatches in printf argument count
+```
 
-
-#### Robustness
+### Robustness
 
 ShellCheck can make suggestions for improving the robustness of a script:
 
+```sh
 rm -rf "$STEAMROOT/"*            # Catastrophic rm
 touch ./-l; ls *                 # Globs that could become options
 find . -exec sh -c 'a && b {}' \; # Find -exec shell injection
 printf "Hello $name"             # Variables in printf format
 for f in $(ls *.txt); do         # Iterating over ls output
 export MYVAR=$(cmd)              # Masked exit codes
+case $version in 2.*) :;; 2.6.*) # Shadowed case branches
+```
 
-
-#### Portability
+### Portability
 
 ShellCheck will warn when using features not supported by the shebang. For example, if you set the shebang to `#!/bin/sh`, ShellCheck will warn about portability issues similar to `checkbashisms`:
 
-
+```sh
 echo {1..$n}                     # Works in ksh, but not bash/dash/sh
 echo {1..10}                     # Works in ksh and bash, but not dash/sh
 echo -n 42                       # Works in ksh, bash and dash, undefined in sh
@@ -265,22 +386,26 @@ ShellCheck will warn when using features not supported by the shebang. For examp
 foo-bar() { ..; }                # Undefined/unsupported function name
 [ $UID = 0 ]                     # Variable undefined in dash/sh
 local var=value                  # local is undefined in sh
+time sleep 1 | sleep 5           # Undefined uses of 'time'
+```
 
-
-#### Miscellaneous
+### Miscellaneous
 
 ShellCheck recognizes a menagerie of other issues:
 
+```sh
 PS1='\e[0;32m\$\e[0m '            # PS1 colors not in \[..\]
 PATH="$PATH:~/bin"                # Literal tilde in $PATH
 rm “file”                         # Unicode quotes
 echo "Hello world"                # Carriage return / DOS line endings
+echo hello \                      # Trailing spaces after \
 var=42 echo $var                  # Expansion of inlined environment
 #!/bin/bash -x -e                 # Common shebang errors
 echo $((n/180*100))               # Unnecessary loss of precision
 ls *[:digit:].txt                 # Bad character class globs
-    sed 's/foo/bar/ file > file       # Redirecting to input
-
+sed 's/foo/bar/' file > file      # Redirecting to input
+while getopts "a" f; do case $f in "b") # Unhandled getopts flags
+```
 
 ## Testimonials
 
@@ -289,26 +414,31 @@ ShellCheck recognizes a menagerie of other issues:
 Alexander Tarasikov,
 [via Twitter](https://twitter.com/astarasikov/status/568825996532707330)
 
+## Ignoring issues
+
+Issues can be ignored via environmental variable, command line, individually or globally within a file:
+
+https://github.com/koalaman/shellcheck/wiki/Ignore
 
 ## Reporting bugs
 
-Please use the Github issue tracker for any bugs or feature suggestions:
+Please use the GitHub issue tracker for any bugs or feature suggestions:
 
 https://github.com/koalaman/shellcheck/issues
 
-
 ## Contributing
 
-Please submit patches to code or documentation as Github pull requests!
+Please submit patches to code or documentation as GitHub pull requests! Check
+out the [DevGuide](https://github.com/koalaman/shellcheck/wiki/DevGuide) on the
+ShellCheck Wiki.
 
 Contributions must be licensed under the GNU GPLv3.
 The contributor retains the copyright.
 
-
 ## Copyright
 
 ShellCheck is licensed under the GNU General Public License, v3. A copy of this license is included in the file [LICENSE](LICENSE).
 
-Copyright 2012-2015, Vidar 'koala_man' Holen and contributors.
+Copyright 2012-2018, Vidar 'koala_man' Holen and contributors.
 
 Happy ShellChecking!

Setup.hs

@@ -8,21 +8,13 @@ import Distribution.Simple (
   simpleUserHooks )
 import Distribution.Simple.Setup ( SDistFlags )
 
--- | This requires the process package from,
---
---   https://hackage.haskell.org/package/process
---
-import System.Process ( callCommand )
+import System.Process ( system )
 
 
--- | This will use almost the default implementation, except we switch
---   out the default pre-sdist hook with our own, 'myPreSDist'.
---
 main = defaultMainWithHooks myHooks
   where
     myHooks = simpleUserHooks { preSDist = myPreSDist }
 
-
 -- | This hook will be executed before e.g. @cabal sdist@. It runs
 --   pandoc to create the man page from shellcheck.1.md. If the pandoc
 --   command is not found, this will fail with an error message:
@@ -35,9 +27,10 @@ main = defaultMainWithHooks myHooks
 --
 myPreSDist :: Args -> SDistFlags -> IO HookedBuildInfo
 myPreSDist _ _ = do
-  putStrLn "Building the man page..."
+  putStrLn "Building the man page (shellcheck.1) with pandoc..."
   putStrLn pandoc_cmd
-  callCommand pandoc_cmd
+  result <- system pandoc_cmd
+  putStrLn $ "pandoc exited with " ++ show result
   return emptyHookedBuildInfo
   where
     pandoc_cmd = "pandoc -s -t man shellcheck.1.md -o shellcheck.1"

ShellCheck.cabal

@@ -1,12 +1,12 @@
 Name:             ShellCheck
-Version:          0.4.2
+Version:          0.5.0
 Synopsis:         Shell script analysis tool
 License:          GPL-3
 License-file:     LICENSE
 Category:         Static Analysis
 Author:           Vidar Holen
 Maintainer:       vidar@vidarholen.net
-Homepage:         http://www.shellcheck.net/
+Homepage:         https://www.shellcheck.net/
 Build-Type:       Custom
 Cabal-Version:    >= 1.8
 Bug-reports:      https://github.com/koalaman/shellcheck/issues
@@ -31,26 +31,44 @@ Extra-Source-Files:
     -- tests
     test/shellcheck.hs
 
+custom-setup
+  setup-depends:
+    base    >= 4    && <5,
+    process >= 1.0  && <1.7,
+    Cabal   >= 1.10 && <2.3
+
 source-repository head
     type: git
     location: git://github.com/koalaman/shellcheck.git
 
 library
+    hs-source-dirs: src
+    if impl(ghc < 8.0)
       build-depends:
-      base >= 4 && < 5,
-      containers,
+        semigroups
+    build-depends:
+      -- GHC 7.6.3 (base 4.6.0.1) is buggy (#1131, #1119) in optimized mode.
+      -- Just disable that version entirely to fail fast.
+      aeson,
+      base > 4.6.0.1 && < 5,
+      bytestring,
+      containers >= 0.5,
       directory,
-      json,
       mtl >= 2.2.1,
       parsec,
       regex-tdfa,
-      QuickCheck >= 2.7.4
+      QuickCheck >= 2.7.4,
+      -- When cabal supports it, move this to setup-depends:
+      process
     exposed-modules:
       ShellCheck.AST
       ShellCheck.ASTLib
       ShellCheck.Analytics
       ShellCheck.Analyzer
+      ShellCheck.AnalyzerLib
       ShellCheck.Checker
+      ShellCheck.Checks.Commands
+      ShellCheck.Checks.ShellSupport
       ShellCheck.Data
       ShellCheck.Formatter.Format
       ShellCheck.Formatter.CheckStyle
@@ -64,29 +82,34 @@ library
       Paths_ShellCheck
 
 executable shellcheck
+    if impl(ghc < 8.0)
       build-depends:
-      ShellCheck,
+        semigroups
+    build-depends:
+      aeson,
       base >= 4 && < 5,
+      bytestring,
+      ShellCheck,
       containers,
       directory,
-      json,
       mtl >= 2.2.1,
-      parsec,
-      regex-tdfa,
-      QuickCheck >= 2.7.4
+      parsec >= 3.0,
+      QuickCheck >= 2.7.4,
+      regex-tdfa
     main-is: shellcheck.hs
 
 test-suite test-shellcheck
     type: exitcode-stdio-1.0
     build-depends:
-      ShellCheck,
+      aeson,
       base >= 4 && < 5,
+      bytestring,
+      ShellCheck,
       containers,
       directory,
-      json,
       mtl >= 2.2.1,
       parsec,
-      regex-tdfa,
-      QuickCheck >= 2.7.4
+      QuickCheck >= 2.7.4,
+      regex-tdfa
     main-is: test/shellcheck.hs
 

nextnumber

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# TODO: Find a less trashy way to get the next available error code
+if ! shopt -s globstar
+then
+  echo "Error: This script depends on Bash 4." >&2
+  exit 1
+fi
+
+for i in 1 2
+do
+  last=$(grep -hv "^prop" ./**/*.hs | grep -Ewo "$i[0-9]{3}" | sort -n | tail -n 1)
+  echo "Next ${i}xxx: $((last+1))"
+done

quickrun

@@ -2,4 +2,4 @@
 # quickrun runs ShellCheck in an interpreted mode.
 # This allows testing changes without recompiling.
 
-runghc -idist/build/autogen shellcheck.hs "$@"
+runghc -isrc -idist/build/autogen shellcheck.hs "$@"

quicktest

@@ -4,12 +4,19 @@
 # 'cabal test' remains the source of truth.
 
 (
- var=$(echo 'liftM and $ sequence [ShellCheck.Analytics.runTests, ShellCheck.Parser.runTests, ShellCheck.Checker.runTests]' | cabal repl | tee /dev/stderr)
+ var=$(echo 'liftM and $ sequence [
+  ShellCheck.Analytics.runTests
+  ,ShellCheck.Parser.runTests
+  ,ShellCheck.Checker.runTests
+  ,ShellCheck.Checks.Commands.runTests
+  ,ShellCheck.Checks.ShellSupport.runTests
+  ,ShellCheck.AnalyzerLib.runTests
+    ]' | tr -d '\n' | cabal repl 2>&1 | tee /dev/stderr)
 if [[ $var == *$'\nTrue'* ]]
 then
   exit 0
 else
-  grep -C 3 "Fail" <<< "$var"
+  grep -C 3 -e "Fail" -e "Tracing" <<< "$var"
   exit 1
 fi
 ) 2>&1

shellcheck.1.md

@@ -32,9 +32,15 @@ not warn at all, as `ksh` supports decimals in arithmetic contexts.
 
 # OPTIONS
 
+**-a**,\ **--check-sourced**
+
+:   Emit warnings in sourced files. Normally, `shellcheck` will only warn
+    about issues in the specified files. With this option, any issues in
+    sourced files files will also be reported.
+
 **-C**[*WHEN*],\ **--color**[=*WHEN*]
 
-:   For TTY outut, enable colors *always*, *never* or *auto*. The default
+:   For TTY output, enable colors *always*, *never* or *auto*. The default
     is *auto*. **--color** without an argument is equivalent to
     **--color=always**.
 
@@ -67,6 +73,7 @@ not warn at all, as `ksh` supports decimals in arithmetic contexts.
     line (plus `/dev/null`). This option allows following any file the script
     may `source`.
 
+
 # FORMATS
 
 **tty**
@@ -157,6 +164,11 @@ Valid keys are:
     used to tell shellcheck where to look for a file whose name is determined
     at runtime, or to skip a source by telling it to use `/dev/null`.
 
+**shell**
+:   Overrides the shell detected from the shebang.  This is useful for
+    files meant to be included (and thus lacking a shebang), or possibly
+    as a more targeted alternative to 'disable=2039'.
+
 # ENVIRONMENT VARIABLES
 The environment variable `SHELLCHECK_OPTS` can be set with default flags:
 
@@ -175,6 +187,15 @@ ShellCheck uses the follow exit codes:
 + 3: ShellCheck was invoked with bad syntax (e.g. unknown flag).
 + 4: ShellCheck was invoked with bad options (e.g. unknown formatter).
 
+# LOCALE
+This version of ShellCheck is only available in English. All files are
+leniently decoded as UTF-8, with a fallback of ISO-8859-1 for invalid
+sequences. `LC_CTYPE` is respected for output, and defaults to UTF-8 for
+locales where encoding is unspecified (such as the `C` locale).
+
+Windows users seeing `commitBuffer: invalid argument (invalid character)`
+should set their terminal to use UTF-8 with `chcp 65001`.
+
 # AUTHOR
 ShellCheck is written and maintained by Vidar Holen.
 
@@ -186,7 +207,7 @@ https://github.com/koalaman/shellcheck/issues
 # COPYRIGHT
 Copyright 2012-2015, Vidar Holen.
 Licensed under the GNU General Public License version 3 or later,
-see http://gnu.org/licenses/gpl.html
+see https://gnu.org/licenses/gpl.html
 
 
 # SEE ALSO

shellcheck.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,15 +15,15 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
-import ShellCheck.Data
 import           ShellCheck.Checker
+import           ShellCheck.Data
 import           ShellCheck.Interface
 import           ShellCheck.Regex
 
-import ShellCheck.Formatter.Format
 import qualified ShellCheck.Formatter.CheckStyle
+import           ShellCheck.Formatter.Format
 import qualified ShellCheck.Formatter.GCC
 import qualified ShellCheck.Formatter.JSON
 import qualified ShellCheck.Formatter.TTY
@@ -31,12 +31,16 @@ import qualified ShellCheck.Formatter.TTY
 import           Control.Exception
 import           Control.Monad
 import           Control.Monad.Except
+import           Data.Bits
 import           Data.Char
-import Data.Functor
 import           Data.Either
+import           Data.Functor
+import           Data.IORef
+import           Data.List
 import qualified Data.Map                        as Map
 import           Data.Maybe
 import           Data.Monoid
+import           Data.Semigroup                  (Semigroup (..))
 import           Prelude                         hiding (catch)
 import           System.Console.GetOpt
 import           System.Directory
@@ -53,9 +57,12 @@ data Status =
     | RuntimeException
   deriving (Ord, Eq, Show)
 
+instance Semigroup Status where
+    (<>) = max
+
 instance Monoid Status where
     mempty = NoProblems
-    mappend = max
+    mappend = (Data.Semigroup.<>)
 
 data Options = Options {
     checkSpec        :: CheckSpec,
@@ -73,19 +80,23 @@ defaultOptions = Options {
 
 usageHeader = "Usage: shellcheck [OPTIONS...] FILES..."
 options = [
-    Option "e" ["exclude"]
-        (ReqArg (Flag "exclude") "CODE1,CODE2..") "exclude types of warnings",
-    Option "f" ["format"]
-        (ReqArg (Flag "format") "FORMAT") "output format",
+    Option "a" ["check-sourced"]
+        (NoArg $ Flag "sourced" "false") "Include warnings from sourced files",
     Option "C" ["color"]
         (OptArg (maybe (Flag "color" "always") (Flag "color")) "WHEN")
         "Use color (auto, always, never)",
+    Option "e" ["exclude"]
+        (ReqArg (Flag "exclude") "CODE1,CODE2..") "Exclude types of warnings",
+    Option "f" ["format"]
+        (ReqArg (Flag "format") "FORMAT") $
+        "Output format (" ++ formatList ++ ")",
     Option "s" ["shell"]
-        (ReqArg (Flag "shell") "SHELLNAME") "Specify dialect (sh,bash,dash,ksh)",
-    Option "x" ["external-sources"]
-        (NoArg $ Flag "externals" "true") "Allow 'source' outside of FILES.",
+        (ReqArg (Flag "shell") "SHELLNAME")
+        "Specify dialect (sh, bash, dash, ksh)",
     Option "V" ["version"]
-        (NoArg $ Flag "version" "true") "Print version information"
+        (NoArg $ Flag "version" "true") "Print version information",
+    Option "x" ["external-sources"]
+        (NoArg $ Flag "externals" "true") "Allow 'source' outside of FILES"
     ]
 
 printErr = lift . hPutStrLn stderr
@@ -106,6 +117,10 @@ formats options = Map.fromList [
     ("tty",  ShellCheck.Formatter.TTY.format options)
     ]
 
+formatList = intercalate ", " names
+  where
+    names = Map.keys $ formats (formatterOptions defaultOptions)
+
 getOption [] _                  = Nothing
 getOption (Flag var val:_) name | name == var = return val
 getOption (_:rest) flag         = getOption rest flag
@@ -128,7 +143,7 @@ getExclusions options =
     in
         map (Prelude.read . clean) elements :: [Int]
 
-toStatus = liftM (either id id) . runExceptT
+toStatus = fmap (either id id) . runExceptT
 
 getEnvArgs = do
     opts <- getEnv "SHELLCHECK_OPTS" `catch` cantWaitForLookupEnv
@@ -185,19 +200,23 @@ runFormatter sys format options files = do
         newStatus <- process file `catch` handler file
         return $ status `mappend` newStatus
     handler :: FilePath -> IOException -> IO Status
-    handler file e = do
-        onFailure format file (show e)
+    handler file e = reportFailure file (show e)
+    reportFailure file str = do
+        onFailure format file str
         return RuntimeException
 
     process :: FilePath -> IO Status
     process filename = do
-        contents <- inputFile filename
+        input <- siReadFile sys filename
+        either (reportFailure filename) check input
+      where
+        check contents = do
             let checkspec = (checkSpec options) {
                 csFilename = filename,
                 csScript = contents
             }
             result <- checkScript sys checkspec
-        onResult format result contents
+            onResult format result sys
             return $
                 if null (crComments result)
                 then NoProblems
@@ -246,6 +265,13 @@ parseOption flag options =
                 }
             }
 
+        Flag "sourced" _ ->
+            return options {
+                checkSpec = (checkSpec options) {
+                    csCheckSourced = True
+                }
+            }
+
         _ -> return options
   where
     die s = do
@@ -260,14 +286,28 @@ parseOption flag options =
 
 ioInterface options files = do
     inputs <- mapM normalize files
+    cache <- newIORef emptyCache
     return SystemInterface {
-        siReadFile = get inputs
+        siReadFile = get cache inputs
     }
   where
-    get inputs file = do
+    emptyCache :: Map.Map FilePath String
+    emptyCache = Map.empty
+    get cache inputs file = do
+        map <- readIORef cache
+        case Map.lookup file map of
+            Just x  -> return $ Right x
+            Nothing -> fetch cache inputs file
+
+    fetch cache inputs file = do
         ok <- allowable inputs file
         if ok
-          then (Right <$> inputFile file) `catch` handler
+          then (do
+            (contents, shouldCache) <- inputFile file
+            when shouldCache $
+                modifyIORef cache $ Map.insert file contents
+            return $ Right contents
+            ) `catch` handler
           else return $ Left (file ++ " was not specified as input (see shellcheck -x).")
 
       where
@@ -288,13 +328,49 @@ ioInterface options files = do
         fallback path _ = return path
 
 inputFile file = do
-    contents <-
+    (handle, shouldCache) <-
             if file == "-"
-            then getContents
-            else readFile file
+            then return (stdin, True)
+            else do
+                h <- openBinaryFile file ReadMode
+                reopenable <- hIsSeekable h
+                return (h, not reopenable)
+
+    hSetBinaryMode handle True
+    contents <- decodeString <$> hGetContents handle -- closes handle
 
     seq (length contents) $
-        return contents
+        return (contents, shouldCache)
+
+-- Decode a char8 string into a utf8 string, with fallback on
+-- ISO-8859-1. This avoids depending on additional libraries.
+decodeString = decode
+  where
+    decode [] = []
+    decode (c:rest) | isAscii c = c : decode rest
+    decode (c:rest) =
+        let num = (fromIntegral $ ord c) :: Int
+            next = case num of
+                _ | num >= 0xF8 -> Nothing
+                  | num >= 0xF0 -> construct (num .&. 0x07) 3 rest
+                  | num >= 0xE0 -> construct (num .&. 0x0F) 2 rest
+                  | num >= 0xC0 -> construct (num .&. 0x1F) 1 rest
+                  | True -> Nothing
+        in
+            case next of
+                Just (n, remainder) -> chr n : decode remainder
+                Nothing             -> c : decode rest
+
+    construct x 0 rest = do
+        guard $ x <= 0x10FFFF
+        return (x, rest)
+    construct x n (c:rest) =
+        let num = (fromIntegral $ ord c) :: Int in
+            if num >= 0x80 && num <= 0xBF
+            then construct ((x `shiftL` 6) .|. (num .&. 0x3f)) (n-1) rest
+            else Nothing
+    construct _ _ _ = Nothing
+
 
 verifyFiles files =
     when (null files) $ do
@@ -306,4 +382,4 @@ printVersion = do
     putStrLn   "ShellCheck - shell script analysis tool"
     putStrLn $ "version: " ++ shellcheckVersion
     putStrLn   "license: GNU General Public License, version 3"
-    putStrLn   "website: http://www.shellcheck.net"
+    putStrLn   "website: https://www.shellcheck.net"

snap/snapcraft.yaml

@@ -0,0 +1,46 @@
+name: shellcheck
+summary: A shell script static analysis tool
+description: |
+  ShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh
+  shell scripts.
+
+  The goals of ShellCheck are
+
+  - To point out and clarify typical beginner's syntax issues that cause a
+    shell to give cryptic error messages.
+
+  - To point out and clarify typical intermediate level semantic problems that
+    cause a shell to behave strangely and counter-intuitively.
+
+  - To point out subtle caveats, corner cases and pitfalls that may cause an
+    advanced user's otherwise working script to fail under future
+    circumstances.
+
+  By default ShellCheck can only check non-hidden files under /home, to make 
+  ShellCheck be able to check files under /media and /run/media you must
+  connect it to the `removable-media` interface manually:
+
+      # snap connect shellcheck:removable-media
+  
+version: git
+grade: devel
+confinement: strict
+
+apps:
+  shellcheck:
+    command: usr/bin/shellcheck
+    plugs: [home, removable-media]
+
+parts:
+  shellcheck:
+    plugin: dump
+    source: ./
+    build-packages:
+      - cabal-install
+    build: |
+      cabal sandbox init
+      cabal update
+      cabal install -j
+    install: |
+      install -d $SNAPCRAFT_PART_INSTALL/usr/bin
+      install .cabal-sandbox/bin/shellcheck $SNAPCRAFT_PART_INSTALL/usr/bin

src/ShellCheck/AST.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,42 +15,48 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.AST where
 
-import Control.Monad
 import Control.Monad.Identity
+import Text.Parsec
 import qualified ShellCheck.Regex as Re
+import Prelude hiding (id)
 
-data Id = Id Int deriving (Show, Eq, Ord)
+newtype Id = Id Int deriving (Show, Eq, Ord)
 
 data Quoted = Quoted | Unquoted deriving (Show, Eq)
 data Dashed = Dashed | Undashed deriving (Show, Eq)
 data AssignmentMode = Assign | Append deriving (Show, Eq)
-data FunctionKeyword = FunctionKeyword Bool deriving (Show, Eq)
-data FunctionParentheses = FunctionParentheses Bool deriving (Show, Eq)
+newtype FunctionKeyword = FunctionKeyword Bool deriving (Show, Eq)
+newtype FunctionParentheses = FunctionParentheses Bool deriving (Show, Eq)
 data CaseType = CaseBreak | CaseFallThrough | CaseContinue deriving (Show, Eq)
 
+newtype Root = Root Token
 data Token =
     TA_Binary Id String Token Token
+    | TA_Assignment Id String Token Token
+    | TA_Variable Id String [Token]
     | TA_Expansion Id [Token]
-    | TA_Index Id Token
     | TA_Sequence Id [Token]
     | TA_Trinary Id Token Token Token
     | TA_Unary Id String Token
     | TC_And Id ConditionType String Token Token
     | TC_Binary Id ConditionType String Token Token
     | TC_Group Id ConditionType Token
-    | TC_Noary Id ConditionType Token
+    | TC_Nullary Id ConditionType Token
     | TC_Or Id ConditionType String Token Token
     | TC_Unary Id ConditionType String Token
+    | TC_Empty Id ConditionType
     | T_AND_IF Id
-    | T_AndIf Id (Token) (Token)
+    | T_AndIf Id Token Token
     | T_Arithmetic Id Token
     | T_Array Id [Token]
-    | T_IndexedElement Id Token Token
-    | T_Assignment Id AssignmentMode String (Maybe Token) Token
+    | T_IndexedElement Id [Token] Token
+    -- Store the index as string, and parse as arithmetic or string later
+    | T_UnparsedIndex Id SourcePos String
+    | T_Assignment Id AssignmentMode String [Token] Token
     | T_Backgrounded Id Token
     | T_Backticked Id [Token]
     | T_Bang Id
@@ -95,6 +101,7 @@ data Token =
     | T_IfExpression Id [([Token],[Token])] [Token]
     | T_In  Id
     | T_IoFile Id Token Token
+    | T_IoDuplicate Id Token String
     | T_LESSAND Id
     | T_LESSGREAT Id
     | T_Lbrace Id
@@ -104,7 +111,8 @@ data Token =
     | T_NEWLINE Id
     | T_NormalWord Id [Token]
     | T_OR_IF Id
-    | T_OrIf Id (Token) (Token)
+    | T_OrIf Id Token Token
+    | T_ParamSubSpecialChar Id String -- e.g. '%' in ${foo%bar}  or '/' in ${foo/bar/baz}
     | T_Pipeline Id [Token] [Token] -- [Pipe separators] [Commands]
     | T_ProcSub Id String [Token]
     | T_Rbrace Id
@@ -126,10 +134,15 @@ data Token =
     | T_Pipe Id String
     | T_CoProc Id (Maybe String) Token
     | T_CoProcBody Id Token
-    | T_Include Id Token Token -- . & source: SimpleCommand T_Script
+    | T_Include Id Token
+    | T_SourceCommand Id Token Token
     deriving (Show)
 
-data Annotation = DisableComment Integer | SourceOverride String deriving (Show, Eq)
+data Annotation =
+    DisableComment Integer
+    | SourceOverride String
+    | ShellOverride String
+    deriving (Show, Eq)
 data ConditionType = DoubleBracket | SingleBracket deriving (Show, Eq)
 
 -- This is an abomination.
@@ -140,7 +153,7 @@ tokenEquals a b = kludge a == kludge b
 instance Eq Token where
     (==) = tokenEquals
 
-analyze :: Monad m => (Token -> m ()) -> (Token -> m ()) -> (Token -> Token) -> Token -> m Token
+analyze :: Monad m => (Token -> m ()) -> (Token -> m ()) -> (Token -> m Token) -> Token -> m Token
 analyze f g i =
     round
   where
@@ -148,21 +161,16 @@ analyze f g i =
         f t
         newT <- delve t
         g t
-        return . i $ newT
+        i newT
     roundAll = mapM round
 
-    roundMaybe Nothing = return Nothing
-    roundMaybe (Just v) = do
-        s <- round v
-        return (Just s)
-
     dl l v = do
         x <- roundAll l
         return $ v x
     dll l m v = do
         x <- roundAll l
         y <- roundAll m
-        return $ v x m
+        return $ v x y
     d1 t v = do
         x <- round t
         return $ v x
@@ -181,14 +189,18 @@ analyze f g i =
     delve (T_DollarArithmetic id c) = d1 c $ T_DollarArithmetic id
     delve (T_DollarBracket id c) = d1 c $ T_DollarBracket id
     delve (T_IoFile id op file) = d2 op file $ T_IoFile id
+    delve (T_IoDuplicate id op num) = d1 op $ \x -> T_IoDuplicate id x num
     delve (T_HereString id word) = d1 word $ T_HereString id
     delve (T_FdRedirect id v t) = d1 t $ T_FdRedirect id v
-    delve (T_Assignment id mode var index value) = do
-        a <- roundMaybe index
+    delve (T_Assignment id mode var indices value) = do
+        a <- roundAll indices
         b <- round value
         return $ T_Assignment id mode var a b
     delve (T_Array id t) = dl t $ T_Array id
-    delve (T_IndexedElement id t1 t2) = d2 t1 t2 $ T_IndexedElement id
+    delve (T_IndexedElement id indices t) = do
+        a <- roundAll indices
+        b <- round t
+        return $ T_IndexedElement id a b
     delve (T_Redirecting id redirs cmd) = do
         a <- roundAll redirs
         b <- round cmd
@@ -243,9 +255,10 @@ analyze f g i =
     delve (TC_Group id typ token) = d1 token $ TC_Group id typ
     delve (TC_Binary id typ op lhs rhs) = d2 lhs rhs $ TC_Binary id typ op
     delve (TC_Unary id typ op token) = d1 token $ TC_Unary id typ op
-    delve (TC_Noary id typ token) = d1 token $ TC_Noary id typ
+    delve (TC_Nullary id typ token) = d1 token $ TC_Nullary id typ
 
     delve (TA_Binary id op t1 t2) = d2 t1 t2 $ TA_Binary id op
+    delve (TA_Assignment id op t1 t2) = d2 t1 t2 $ TA_Assignment id op
     delve (TA_Unary id op t1) = d1 t1 $ TA_Unary id op
     delve (TA_Sequence id l) = dl l $ TA_Sequence id
     delve (TA_Trinary id t1 t2 t3) = do
@@ -254,13 +267,15 @@ analyze f g i =
         c <- round t3
         return $ TA_Trinary id a b c
     delve (TA_Expansion id t) = dl t $ TA_Expansion id
-    delve (TA_Index id t) = d1 t $ TA_Index id
+    delve (TA_Variable id str t) = dl t $ TA_Variable id str
     delve (T_Annotation id anns t) = d1 t $ T_Annotation id anns
     delve (T_CoProc id var body) = d1 body $ T_CoProc id var
     delve (T_CoProcBody id t) = d1 t $ T_CoProcBody id
-    delve (T_Include id includer script) = d2 includer script $ T_Include id
+    delve (T_Include id script) = d1 script $ T_Include id
+    delve (T_SourceCommand id includer t_include) = d2 includer t_include $ T_SourceCommand id
     delve t = return t
 
+getId :: Token -> Id
 getId t = case t of
         T_AND_IF id  -> id
         T_OR_IF id  -> id
@@ -304,8 +319,10 @@ getId t = case t of
         T_DollarBraced id _  -> id
         T_DollarArithmetic id _  -> id
         T_BraceExpansion id _  -> id
+        T_ParamSubSpecialChar id _ -> id
         T_DollarBraceCommandExpansion id _  -> id
         T_IoFile id _ _  -> id
+        T_IoDuplicate id _ _  -> id
         T_HereDoc id _ _ _ _ -> id
         T_HereString id _  -> id
         T_FdRedirect id _ _  -> id
@@ -338,13 +355,13 @@ getId t = case t of
         TC_Group id _ _  -> id
         TC_Binary id _ _ _ _  -> id
         TC_Unary id _ _ _  -> id
-        TC_Noary id _ _  -> id
+        TC_Nullary id _ _  -> id
         TA_Binary id _ _ _  -> id
+        TA_Assignment id _ _ _  -> id
         TA_Unary id _ _  -> id
         TA_Sequence id _  -> id
         TA_Trinary id _ _ _  -> id
         TA_Expansion id _  -> id
-        TA_Index id _  -> id
         T_ProcSub id _ _ -> id
         T_Glob id _ -> id
         T_ForArithmetic id _ _ _ _ -> id
@@ -355,11 +372,18 @@ getId t = case t of
         T_Pipe id _ -> id
         T_CoProc id _ _ -> id
         T_CoProcBody id _ -> id
-        T_Include id _ _ -> id
+        T_Include id _ -> id
+        T_SourceCommand id _ _ -> id
+        T_UnparsedIndex id _ _ -> id
+        TC_Empty id _ -> id
+        TA_Variable id _ _ -> id
 
 blank :: Monad m => Token -> m ()
 blank = const $ return ()
-doAnalysis f = analyze f blank id
-doStackAnalysis startToken endToken = analyze startToken endToken id
-doTransform i = runIdentity . analyze blank blank i
+doAnalysis :: Monad m => (Token -> m ()) -> Token -> m Token
+doAnalysis f = analyze f blank return
+doStackAnalysis :: Monad m => (Token -> m ()) -> (Token -> m ()) -> Token -> m Token
+doStackAnalysis startToken endToken = analyze startToken endToken return
+doTransform :: (Token -> Token) -> Token -> Token
+doTransform i = runIdentity . analyze blank blank (return . i)
 

src/ShellCheck/ASTLib.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,13 +15,15 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.ASTLib where
 
 import ShellCheck.AST
 
+import Control.Monad.Writer
 import Control.Monad
+import Data.Functor
 import Data.List
 import Data.Maybe
 
@@ -46,14 +48,16 @@ willSplit x =
     T_NormalWord _ l -> any willSplit l
     _ -> False
 
-isGlob (T_Extglob {}) = True
-isGlob (T_Glob {}) = True
+isGlob T_Extglob {} = True
+isGlob T_Glob {} = True
 isGlob (T_NormalWord _ l) = any isGlob l
 isGlob _ = False
 
 -- Is this shell word a constant?
 isConstant token =
     case token of
+        -- This ignores some cases like ~"foo":
+        T_NormalWord _ (T_Literal _ ('~':_) : _)  -> False
         T_NormalWord _ l   -> all isConstant l
         T_DoubleQuoted _ l -> all isConstant l
         T_SingleQuoted _ _ -> True
@@ -83,13 +87,14 @@ oversimplify token =
         (T_Glob _ s) -> [s]
         (T_Pipeline _ _ [x]) -> oversimplify x
         (T_Literal _ x) -> [x]
+        (T_ParamSubSpecialChar _ x) -> [x]
         (T_SimpleCommand _ vars words) -> concatMap oversimplify words
         (T_Redirecting _ _ foo) -> oversimplify foo
         (T_DollarSingleQuoted _ s) -> [s]
         (T_Annotation _ _ s) -> oversimplify s
         -- Workaround for let "foo = bar" parsing
         (TA_Sequence _ [TA_Expansion _ v]) -> concatMap oversimplify v
-        otherwise -> []
+        _ -> []
 
 
 -- Turn a SimpleCommand foo -avz --bar=baz into args "a", "v", "z", "bar",
@@ -107,10 +112,24 @@ getFlagsUntil stopCondition (T_SimpleCommand _ _ (_:args)) =
 getFlagsUntil _ _ = error "Internal shellcheck error, please report! (getFlags on non-command)"
 
 -- Get all flags in a GNU way, up until --
+getAllFlags :: Token -> [(Token, String)]
 getAllFlags = getFlagsUntil (== "--")
--- Get all flags in a BSD way, up until first non-flag argument
-getLeadingFlags = getFlagsUntil (not . ("-" `isPrefixOf`))
+-- Get all flags in a BSD way, up until first non-flag argument or --
+getLeadingFlags = getFlagsUntil (\x -> x == "--" || (not $ "-" `isPrefixOf` x))
 
+-- Check if a command has a flag.
+hasFlag cmd str = str `elem` (map snd $ getAllFlags cmd)
+
+-- Is this token a word that starts with a dash?
+isFlag token =
+    case getWordParts token of
+        T_Literal _ ('-':_) : _ -> True
+        _ -> False
+
+-- Is this token a flag where the - is unquoted?
+isUnquotedFlag token = fromMaybe False $ do
+    str <- getLeadingUnquotedString token
+    return $ "-" `isPrefixOf` str
 
 -- Given a T_DollarBraced, return a simplified version of the string contents.
 bracedString (T_DollarBraced _ l) = concat $ oversimplify l
@@ -136,9 +155,9 @@ mayBecomeMultipleArgs t = willBecomeMultipleArgs t || f t
 -- Is it certain that this word will becomes multiple words?
 willBecomeMultipleArgs t = willConcatInAssignment t || f t
   where
-    f (T_Extglob {}) = True
-    f (T_Glob {}) = True
-    f (T_BraceExpansion {}) = True
+    f T_Extglob {} = True
+    f T_Glob {} = True
+    f T_BraceExpansion {} = True
     f (T_DoubleQuoted _ parts) = any f parts
     f (T_NormalWord _ parts) = any f parts
     f _ = False
@@ -146,7 +165,7 @@ willBecomeMultipleArgs t = willConcatInAssignment t || f t
 -- This does token cause implicit concatenation in assignments?
 willConcatInAssignment token =
     case token of
-        t@(T_DollarBraced {}) -> isArrayExpansion t
+        t@T_DollarBraced {} -> isArrayExpansion t
         (T_DoubleQuoted _ parts) -> any willConcatInAssignment parts
         (T_NormalWord _ parts) -> any willConcatInAssignment parts
         _ -> False
@@ -161,12 +180,33 @@ onlyLiteralString = fromJust . getLiteralStringExt (const $ return "")
 
 -- Maybe get a literal string, but only if it's an unquoted argument.
 getUnquotedLiteral (T_NormalWord _ list) =
-    liftM concat $ mapM str list
+    concat <$> mapM str list
   where
     str (T_Literal _ s) = return s
     str _ = Nothing
 getUnquotedLiteral _ = Nothing
 
+-- Get the last unquoted T_Literal in a word like "${var}foo"THIS
+-- or nothing if the word does not end in an unquoted literal.
+getTrailingUnquotedLiteral :: Token -> Maybe Token
+getTrailingUnquotedLiteral t =
+    case t of
+        (T_NormalWord _ list@(_:_)) ->
+            from (last list)
+        _ -> Nothing
+  where
+    from t =
+        case t of
+            T_Literal {} -> return t
+            _ -> Nothing
+
+-- Get the leading, unquoted, literal string of a token (if any).
+getLeadingUnquotedString :: Token -> Maybe String
+getLeadingUnquotedString t =
+    case t of
+        T_NormalWord _ ((T_Literal _ s) : _) -> return s
+        _ -> Nothing
+
 -- Maybe get the literal string of this token and any globs in it.
 getGlobOrLiteralString = getLiteralStringExt f
   where
@@ -178,13 +218,14 @@ getGlobOrLiteralString = getLiteralStringExt f
 getLiteralStringExt :: (Token -> Maybe String) -> Token -> Maybe String
 getLiteralStringExt more = g
   where
-    allInList = liftM concat . mapM g
+    allInList = fmap concat . mapM g
     g (T_DoubleQuoted _ l) = allInList l
     g (T_DollarDoubleQuoted _ l) = allInList l
     g (T_NormalWord _ l) = allInList l
     g (TA_Expansion _ l) = allInList l
     g (T_SingleQuoted _ s) = return s
     g (T_Literal _ s) = return s
+    g (T_ParamSubSpecialChar _ s) = return s
     g x = more x
 
 -- Is this token a string literal?
@@ -194,6 +235,8 @@ isLiteral t = isJust $ getLiteralString t
 -- Turn a NormalWord like foo="bar $baz" into a series of constituent elements like [foo=,bar ,$baz]
 getWordParts (T_NormalWord _ l)   = concatMap getWordParts l
 getWordParts (T_DoubleQuoted _ l) = l
+-- TA_Expansion is basically T_NormalWord for arithmetic expressions
+getWordParts (TA_Expansion _ l)   = concatMap getWordParts l
 getWordParts other                = [other]
 
 -- Return a list of NormalWords that would result from brace expansion
@@ -206,16 +249,41 @@ braceExpand (T_NormalWord id list) = take 1000 $ do
         braceExpand item
     part x = return x
 
--- Maybe get the command name of a token representing a command
-getCommandName t =
+-- Maybe get a SimpleCommand from immediate wrappers like T_Redirections
+getCommand t =
     case t of
-        T_Redirecting _ _ w -> getCommandName w
-        T_SimpleCommand _ _ (w:_) -> getLiteralString w
-        T_Annotation _ _ t -> getCommandName t
-        otherwise -> Nothing
+        T_Redirecting _ _ w -> getCommand w
+        T_SimpleCommand _ _ (w:_) -> return t
+        T_Annotation _ _ t -> getCommand t
+        _ -> Nothing
+
+-- Maybe get the command name of a token representing a command
+getCommandName t = do
+    (T_SimpleCommand _ _ (w:rest)) <- getCommand t
+    s <- getLiteralString w
+    if "busybox" `isSuffixOf` s || "builtin" == s
+        then
+            case rest of
+                (applet:_) -> getLiteralString applet
+                _ -> return s
+        else
+            return s
+
+-- If a command substitution is a single command, get its name.
+--  $(date +%s) = Just "date"
+getCommandNameFromExpansion :: Token -> Maybe String
+getCommandNameFromExpansion t =
+    case t of
+        T_DollarExpansion _ [c] -> extract c
+        T_Backticked _ [c] -> extract c
+        T_DollarBraceCommandExpansion _ [c] -> extract c
+        _ -> Nothing
+  where
+    extract (T_Pipeline _ _ [cmd]) = getCommandName cmd
+    extract _ = Nothing
 
 -- Get the basename of a token representing a command
-getCommandBasename = liftM basename . getCommandName
+getCommandBasename = fmap basename . getCommandName
   where
     basename = reverse . takeWhile (/= '/') . reverse
 
@@ -225,7 +293,7 @@ isAssignment t =
         T_SimpleCommand _ (w:_) [] -> True
         T_Assignment {} -> True
         T_Annotation _ _ w -> isAssignment w
-        otherwise -> False
+        _ -> False
 
 isOnlyRedirection t =
     case t of
@@ -233,12 +301,15 @@ isOnlyRedirection t =
         T_Annotation _ _ w -> isOnlyRedirection w
         T_Redirecting _ (_:_) c -> isOnlyRedirection c
         T_SimpleCommand _ [] [] -> True
-        otherwise -> False
+        _ -> False
 
 isFunction t = case t of T_Function {} -> True; _ -> False
 
--- Get the list of commands from tokens that contain them, such as
--- the body of while loops and if statements.
+isBraceExpansion t = case t of T_BraceExpansion {} -> True; _ -> False
+
+-- Get the lists of commands from tokens that contain them, such as
+-- the body of while loops or branches of if statements.
+getCommandSequences :: Token -> [[Token]]
 getCommandSequences t =
     case t of
         T_Script _ _ cmds -> [cmds]
@@ -249,5 +320,127 @@ getCommandSequences t =
         T_ForIn _ _ _ cmds -> [cmds]
         T_ForArithmetic _ _ _ _ cmds -> [cmds]
         T_IfExpression _ thens elses -> map snd thens ++ [elses]
-        otherwise -> []
+        T_Annotation _ _ t -> getCommandSequences t
+        _ -> []
 
+-- Get a list of names of associative arrays
+getAssociativeArrays t =
+    nub . execWriter $ doAnalysis f t
+  where
+    f :: Token -> Writer [String] ()
+    f t@T_SimpleCommand {} = fromMaybe (return ()) $ do
+        name <- getCommandName t
+        let assocNames = ["declare","local","typeset"]
+        guard $ elem name assocNames
+        let flags = getAllFlags t
+        guard $ elem "A" $ map snd flags
+        let args = map fst . filter ((==) "" . snd) $ flags
+        let names = mapMaybe (getLiteralStringExt nameAssignments) args
+        return $ tell names
+    f _ = return ()
+
+    nameAssignments t =
+        case t of
+            T_Assignment _ _ name _ _ -> return name
+            _ -> Nothing
+
+-- A Pseudoglob is a wildcard pattern used for checking if a match can succeed.
+-- For example, [[ $(cmd).jpg == [a-z] ]] will give the patterns *.jpg and ?, which
+-- can be proven never to match.
+data PseudoGlob = PGAny | PGMany | PGChar Char
+    deriving (Eq, Show)
+
+-- Turn a word into a PG pattern, replacing all unknown/runtime values with
+-- PGMany.
+wordToPseudoGlob :: Token -> Maybe [PseudoGlob]
+wordToPseudoGlob word =
+    simplifyPseudoGlob . concat <$> mapM f (getWordParts word)
+  where
+    f x = case x of
+        T_Literal _ s -> return $ map PGChar s
+        T_SingleQuoted _ s -> return $ map PGChar s
+
+        T_DollarBraced {} -> return [PGMany]
+        T_DollarExpansion {} -> return [PGMany]
+        T_Backticked {} -> return [PGMany]
+
+        T_Glob _ "?" -> return [PGAny]
+        T_Glob _ ('[':_)  -> return [PGAny]
+        T_Glob {} -> return [PGMany]
+
+        T_Extglob {} -> return [PGMany]
+
+        _ -> return [PGMany]
+
+-- Turn a word into a PG pattern, but only if we can preserve
+-- exact semantics.
+wordToExactPseudoGlob :: Token -> Maybe [PseudoGlob]
+wordToExactPseudoGlob word =
+    simplifyPseudoGlob . concat <$> mapM f (getWordParts word)
+  where
+    f x = case x of
+        T_Literal _ s -> return $ map PGChar s
+        T_SingleQuoted _ s -> return $ map PGChar s
+        T_Glob _ "?" -> return [PGAny]
+        T_Glob _ "*" -> return [PGMany]
+        _ -> fail "Unknown token type"
+
+-- Reorder a PseudoGlob for more efficient matching, e.g.
+-- f?*?**g -> f??*g
+simplifyPseudoGlob :: [PseudoGlob] -> [PseudoGlob]
+simplifyPseudoGlob = f
+  where
+    f [] = []
+    f (x@(PGChar _) : rest ) = x : f rest
+    f list =
+        let (anys, rest) = span (\x -> x == PGMany || x == PGAny) list in
+            order anys ++ f rest
+
+    order s = let (any, many) = partition (== PGAny) s in
+        any ++ take 1 many
+
+-- Check whether the two patterns can ever overlap.
+pseudoGlobsCanOverlap :: [PseudoGlob] -> [PseudoGlob] -> Bool
+pseudoGlobsCanOverlap = matchable
+  where
+    matchable x@(xf:xs) y@(yf:ys) =
+        case (xf, yf) of
+            (PGMany, _) -> matchable x ys || matchable xs y
+            (_, PGMany) -> matchable x ys || matchable xs y
+            (PGAny, _) -> matchable xs ys
+            (_, PGAny) -> matchable xs ys
+            (_, _) -> xf == yf && matchable xs ys
+
+    matchable [] [] = True
+    matchable (PGMany : rest) [] = matchable rest []
+    matchable (_:_) [] = False
+    matchable [] r = matchable r []
+
+-- Check whether the first pattern always overlaps the second.
+pseudoGlobIsSuperSetof :: [PseudoGlob] -> [PseudoGlob] -> Bool
+pseudoGlobIsSuperSetof = matchable
+  where
+    matchable x@(xf:xs) y@(yf:ys) =
+        case (xf, yf) of
+            (PGMany, PGMany) -> matchable x ys
+            (PGMany, _) -> matchable x ys || matchable xs y
+            (_, PGMany) -> False
+            (PGAny, _) -> matchable xs ys
+            (_, PGAny) -> False
+            (_, _) -> xf == yf && matchable xs ys
+
+    matchable [] [] = True
+    matchable (PGMany : rest) [] = matchable rest []
+    matchable _ _ = False
+
+wordsCanBeEqual x y = fromMaybe True $
+    liftM2 pseudoGlobsCanOverlap (wordToPseudoGlob x) (wordToPseudoGlob y)
+
+-- Is this an expansion that can be quoted,
+-- e.g. $(foo) `foo` $foo (but not {foo,})?
+isQuoteableExpansion t = case t of
+    T_DollarExpansion {} -> True
+    T_DollarBraceCommandExpansion {} -> True
+    T_Backticked {} -> True
+    T_DollarBraced {} -> True
+    _ -> False

src/ShellCheck/Analyzer.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,13 +15,31 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Analyzer (analyzeScript) where
 
-import ShellCheck.Interface
 import ShellCheck.Analytics
+import ShellCheck.AnalyzerLib
+import ShellCheck.Interface
+import Data.List
+import Data.Monoid
+import qualified ShellCheck.Checks.Commands
+import qualified ShellCheck.Checks.ShellSupport
+
 
 -- TODO: Clean up the cruft this is layered on
 analyzeScript :: AnalysisSpec -> AnalysisResult
-analyzeScript = runAnalytics
+analyzeScript spec = AnalysisResult {
+    arComments =
+        filterByAnnotation spec params . nub $
+            runAnalytics spec
+            ++ runChecker params (checkers params)
+}
+  where
+    params = makeParameters spec
+
+checkers params = mconcat $ map ($ params) [
+    ShellCheck.Checks.Commands.checker,
+    ShellCheck.Checks.ShellSupport.checker
+    ]

src/ShellCheck/AnalyzerLib.hs

@@ -0,0 +1,879 @@
+{-
+    Copyright 2012-2015 Vidar Holen
+
+    This file is part of ShellCheck.
+    https://www.shellcheck.net
+
+    ShellCheck is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    ShellCheck is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+-}
+{-# LANGUAGE FlexibleContexts #-}
+{-# LANGUAGE TemplateHaskell  #-}
+module ShellCheck.AnalyzerLib where
+import           ShellCheck.AST
+import           ShellCheck.ASTLib
+import           ShellCheck.Data
+import           ShellCheck.Interface
+import           ShellCheck.Parser
+import           ShellCheck.Regex
+
+import           Control.Arrow          (first)
+import           Control.Monad.Identity
+import           Control.Monad.RWS
+import           Control.Monad.State
+import           Control.Monad.Writer
+import           Data.Char
+import           Data.List
+import qualified Data.Map               as Map
+import           Data.Maybe
+import           Data.Semigroup
+
+import           Test.QuickCheck.All    (forAllProperties)
+import           Test.QuickCheck.Test   (maxSuccess, quickCheckWithResult, stdArgs)
+
+type Analysis = AnalyzerM ()
+type AnalyzerM a = RWS Parameters [TokenComment] Cache a
+nullCheck = const $ return ()
+
+
+data Checker = Checker {
+    perScript :: Root -> Analysis,
+    perToken  :: Token -> Analysis
+}
+
+runChecker :: Parameters -> Checker -> [TokenComment]
+runChecker params checker = notes
+    where
+        root = rootNode params
+        check = perScript checker `composeAnalyzers` (\(Root x) -> void $ doAnalysis (perToken checker) x)
+        notes = snd $ evalRWS (check $ Root root) params Cache
+
+instance Semigroup Checker where
+    (<>) x y = Checker {
+        perScript = perScript x `composeAnalyzers` perScript y,
+        perToken = perToken x `composeAnalyzers` perToken y
+        }
+
+instance Monoid Checker where
+    mempty = Checker {
+        perScript = nullCheck,
+        perToken = nullCheck
+        }
+    mappend = (Data.Semigroup.<>)
+
+composeAnalyzers :: (a -> Analysis) -> (a -> Analysis) -> a -> Analysis
+composeAnalyzers f g x = f x >> g x
+
+data Parameters = Parameters {
+    hasLastpipe        :: Bool,           -- Whether this script has the 'lastpipe' option set/default.
+    hasSetE            :: Bool,           -- Whether this script has 'set -e' anywhere.
+    variableFlow       :: [StackData],   -- A linear (bad) analysis of data flow
+    parentMap          :: Map.Map Id Token, -- A map from Id to parent Token
+    shellType          :: Shell,            -- The shell type, such as Bash or Ksh
+    shellTypeSpecified :: Bool,    -- True if shell type was forced via flags
+    rootNode           :: Token              -- The root node of the AST
+    }
+
+-- TODO: Cache results of common AST ops here
+data Cache = Cache {}
+
+data Scope = SubshellScope String | NoneScope deriving (Show, Eq)
+data StackData =
+    StackScope Scope
+    | StackScopeEnd
+    -- (Base expression, specific position, var name, assigned values)
+    | Assignment (Token, Token, String, DataType)
+    | Reference (Token, Token, String)
+  deriving (Show)
+
+data DataType = DataString DataSource | DataArray DataSource
+  deriving (Show)
+
+data DataSource =
+    SourceFrom [Token]
+    | SourceExternal
+    | SourceDeclaration
+    | SourceInteger
+    | SourceChecked
+  deriving (Show)
+
+data VariableState = Dead Token String | Alive deriving (Show)
+
+defaultSpec root = AnalysisSpec {
+    asScript = root,
+    asShellType = Nothing,
+    asCheckSourced = False,
+    asExecutionMode = Executed
+}
+
+pScript s =
+  let
+    pSpec = ParseSpec {
+        psFilename = "script",
+        psScript = s,
+        psCheckSourced = False
+    }
+  in prRoot . runIdentity $ parseScript (mockedSystemInterface []) pSpec
+
+-- For testing. If parsed, returns whether there are any comments
+producesComments :: Checker -> String -> Maybe Bool
+producesComments c s = do
+        root <- pScript s
+        let spec = defaultSpec root
+        let params = makeParameters spec
+        return . not . null $ runChecker params c
+
+makeComment :: Severity -> Id -> Code -> String -> TokenComment
+makeComment severity id code note =
+    TokenComment id $ Comment severity code note
+
+addComment note = tell [note]
+
+warn :: MonadWriter [TokenComment] m => Id -> Code -> String -> m ()
+warn  id code str = addComment $ makeComment WarningC id code str
+err   id code str = addComment $ makeComment ErrorC id code str
+info  id code str = addComment $ makeComment InfoC id code str
+style id code str = addComment $ makeComment StyleC id code str
+
+makeParameters spec =
+    let params = Parameters {
+        rootNode = root,
+        shellType = fromMaybe (determineShell root) $ asShellType spec,
+        hasSetE = containsSetE root,
+        hasLastpipe =
+            case shellType params of
+                Bash -> containsLastpipe root
+                Dash -> False
+                Sh   -> False
+                Ksh  -> True,
+
+        shellTypeSpecified = isJust $ asShellType spec,
+        parentMap = getParentTree root,
+        variableFlow = getVariableFlow params root
+    } in params
+  where root = asScript spec
+
+
+-- Does this script mention 'set -e' anywhere?
+-- Used as a hack to disable certain warnings.
+containsSetE root = isNothing $ doAnalysis (guard . not . isSetE) root
+  where
+    isSetE t =
+        case t of
+            T_Script _ str _ -> str `matches` re
+            T_SimpleCommand {}  ->
+                t `isUnqualifiedCommand` "set" &&
+                    ("errexit" `elem` oversimplify t ||
+                        "e" `elem` map snd (getAllFlags t))
+            _ -> False
+    re = mkRegex "[[:space:]]-[^-]*e"
+
+-- Does this script mention 'shopt -s lastpipe' anywhere?
+-- Also used as a hack.
+containsLastpipe root =
+        isNothing $ doAnalysis (guard . not . isShoptLastPipe) root
+    where
+        isShoptLastPipe t =
+            case t of
+                T_SimpleCommand {}  ->
+                    t `isUnqualifiedCommand` "shopt" &&
+                        ("lastpipe" `elem` oversimplify t)
+                _ -> False
+
+
+prop_determineShell0 = determineShell (fromJust $ pScript "#!/bin/sh") == Sh
+prop_determineShell1 = determineShell (fromJust $ pScript "#!/usr/bin/env ksh") == Ksh
+prop_determineShell2 = determineShell (fromJust $ pScript "") == Bash
+prop_determineShell3 = determineShell (fromJust $ pScript "#!/bin/sh -e") == Sh
+prop_determineShell4 = determineShell (fromJust $ pScript
+    "#!/bin/ksh\n#shellcheck shell=sh\nfoo") == Sh
+prop_determineShell5 = determineShell (fromJust $ pScript
+    "#shellcheck shell=sh\nfoo") == Sh
+prop_determineShell6 = determineShell (fromJust $ pScript "#! /bin/sh") == Sh
+prop_determineShell7 = determineShell (fromJust $ pScript "#! /bin/ash") == Dash
+determineShell t = fromMaybe Bash $ do
+    shellString <- foldl mplus Nothing $ getCandidates t
+    shellForExecutable shellString
+  where
+    forAnnotation t =
+        case t of
+            (ShellOverride s) -> return s
+            _                 -> fail ""
+    getCandidates :: Token -> [Maybe String]
+    getCandidates t@T_Script {} = [Just $ fromShebang t]
+    getCandidates (T_Annotation _ annotations s) =
+        map forAnnotation annotations ++
+           [Just $ fromShebang s]
+    fromShebang (T_Script _ s t) = executableFromShebang s
+
+-- Given a string like "/bin/bash" or "/usr/bin/env dash",
+-- return the shell basename like "bash" or "dash"
+executableFromShebang :: String -> String
+executableFromShebang = shellFor
+  where
+    shellFor s | "/env " `isInfixOf` s = head (drop 1 (words s)++[""])
+    shellFor s | ' ' `elem` s = shellFor $ takeWhile (/= ' ') s
+    shellFor s = reverse . takeWhile (/= '/') . reverse $ s
+
+
+
+-- Given a root node, make a map from Id to parent Token.
+-- This is used to populate parentMap in Parameters
+getParentTree :: Token -> Map.Map Id Token
+getParentTree t =
+    snd . snd $ runState (doStackAnalysis pre post t) ([], Map.empty)
+  where
+    pre t = modify (first ((:) t))
+    post t = do
+        (_:rest, map) <- get
+        case rest of []    -> put (rest, map)
+                     (x:_) -> put (rest, Map.insert (getId t) x map)
+
+-- Given a root node, make a map from Id to Token
+getTokenMap :: Token -> Map.Map Id Token
+getTokenMap t =
+    execState (doAnalysis f t) Map.empty
+  where
+    f t = modify (Map.insert (getId t) t)
+
+
+-- Is this token in a quoting free context? (i.e. would variable expansion split)
+-- True:  Assignments, [[ .. ]], here docs, already in double quotes
+-- False: Regular words
+isStrictlyQuoteFree = isQuoteFreeNode True
+
+-- Like above, but also allow some cases where splitting may be desired.
+-- True:  Like above + for loops
+-- False: Like above
+isQuoteFree = isQuoteFreeNode False
+
+
+isQuoteFreeNode strict tree t =
+    (isQuoteFreeElement t == Just True) ||
+        head (mapMaybe isQuoteFreeContext (drop 1 $ getPath tree t) ++ [False])
+  where
+    -- Is this node self-quoting in itself?
+    isQuoteFreeElement t =
+        case t of
+            T_Assignment {} -> return True
+            T_FdRedirect {} -> return True
+            _               -> Nothing
+
+    -- Are any subnodes inherently self-quoting?
+    isQuoteFreeContext t =
+        case t of
+            TC_Nullary _ DoubleBracket _    -> return True
+            TC_Unary _ DoubleBracket _ _    -> return True
+            TC_Binary _ DoubleBracket _ _ _ -> return True
+            TA_Sequence {}                  -> return True
+            T_Arithmetic {}                 -> return True
+            T_Assignment {}                 -> return True
+            T_Redirecting {}                -> return False
+            T_DoubleQuoted _ _              -> return True
+            T_DollarDoubleQuoted _ _        -> return True
+            T_CaseExpression {}             -> return True
+            T_HereDoc {}                    -> return True
+            T_DollarBraced {}               -> return True
+            -- When non-strict, pragmatically assume it's desirable to split here
+            T_ForIn {}                      -> return (not strict)
+            T_SelectIn {}                   -> return (not strict)
+            _                               -> Nothing
+
+-- Check if a token is a parameter to a certain command by name:
+-- Example: isParamTo (parentMap params) "sed" t
+isParamTo :: Map.Map Id Token -> String -> Token -> Bool
+isParamTo tree cmd =
+    go
+  where
+    go x = case Map.lookup (getId x) tree of
+                Nothing     -> False
+                Just parent -> check parent
+    check t =
+        case t of
+            T_SingleQuoted _ _ -> go t
+            T_DoubleQuoted _ _ -> go t
+            T_NormalWord _ _   -> go t
+            T_SimpleCommand {} -> isCommand t cmd
+            T_Redirecting {}   -> isCommand t cmd
+            _                  -> False
+
+-- Get the parent command (T_Redirecting) of a Token, if any.
+getClosestCommand :: Map.Map Id Token -> Token -> Maybe Token
+getClosestCommand tree t =
+    findFirst findCommand $ getPath tree t
+  where
+    findCommand t =
+        case t of
+            T_Redirecting {} -> return True
+            T_Script {}      -> return False
+            _                -> Nothing
+
+-- Like above, if koala_man knew Haskell when starting this project.
+getClosestCommandM t = do
+    tree <- asks parentMap
+    return $ getClosestCommand tree t
+
+-- Is the token used as a command name (the first word in a T_SimpleCommand)?
+usedAsCommandName tree token = go (getId token) (tail $ getPath tree token)
+  where
+    go currentId (T_NormalWord id [word]:rest)
+        | currentId == getId word = go id rest
+    go currentId (T_DoubleQuoted id [word]:rest)
+        | currentId == getId word = go id rest
+    go currentId (T_SimpleCommand _ _ (word:_):_)
+        | currentId == getId word = True
+    go _ _ = False
+
+-- A list of the element and all its parents up to the root node.
+getPath tree t = t :
+    case Map.lookup (getId t) tree of
+        Nothing     -> []
+        Just parent -> getPath tree parent
+
+-- Version of the above taking the map from the current context
+-- Todo: give this the name "getPath"
+getPathM t = do
+    map <- asks parentMap
+    return $ getPath map t
+
+isParentOf tree parent child =
+    elem (getId parent) . map getId $ getPath tree child
+
+parents params = getPath (parentMap params)
+
+pathTo t = do
+    parents <- reader parentMap
+    return $ getPath parents t
+
+-- Find the first match in a list where the predicate is Just True.
+-- Stops if it's Just False and ignores Nothing.
+findFirst :: (a -> Maybe Bool) -> [a] -> Maybe a
+findFirst p l =
+    case l of
+        [] -> Nothing
+        (x:xs) ->
+            case p x of
+                Just True  -> return x
+                Just False -> Nothing
+                Nothing    -> findFirst p xs
+
+-- Check whether a word is entirely output from a single command
+tokenIsJustCommandOutput t = case t of
+    T_NormalWord id [T_DollarExpansion _ cmds] -> check cmds
+    T_NormalWord id [T_DoubleQuoted _ [T_DollarExpansion _ cmds]] -> check cmds
+    T_NormalWord id [T_Backticked _ cmds] -> check cmds
+    T_NormalWord id [T_DoubleQuoted _ [T_Backticked _ cmds]] -> check cmds
+    _ -> False
+  where
+    check [x] = not $ isOnlyRedirection x
+    check _   = False
+
+-- TODO: Replace this with a proper Control Flow Graph
+getVariableFlow params t =
+    let (_, stack) = runState (doStackAnalysis startScope endScope t) []
+    in reverse stack
+  where
+    startScope t =
+        let scopeType = leadType params t
+        in do
+            when (scopeType /= NoneScope) $ modify (StackScope scopeType:)
+            when (assignFirst t) $ setWritten t
+
+    endScope t =
+        let scopeType = leadType params t
+        in do
+            setRead t
+            unless (assignFirst t) $ setWritten t
+            when (scopeType /= NoneScope) $ modify (StackScopeEnd:)
+
+    assignFirst T_ForIn {}    = True
+    assignFirst T_SelectIn {} = True
+    assignFirst _             = False
+
+    setRead t =
+        let read    = getReferencedVariables (parentMap params) t
+        in mapM_ (\v -> modify (Reference v:)) read
+
+    setWritten t =
+        let written = getModifiedVariables t
+        in mapM_ (\v -> modify (Assignment v:)) written
+
+
+leadType params t =
+    case t of
+        T_DollarExpansion _ _  -> SubshellScope "$(..) expansion"
+        T_Backticked _ _  -> SubshellScope "`..` expansion"
+        T_Backgrounded _ _  -> SubshellScope "backgrounding &"
+        T_Subshell _ _  -> SubshellScope "(..) group"
+        T_CoProcBody _ _  -> SubshellScope "coproc"
+        T_Redirecting {}  ->
+            if fromMaybe False causesSubshell
+            then SubshellScope "pipeline"
+            else NoneScope
+        _ -> NoneScope
+  where
+    parentPipeline = do
+        parent <- Map.lookup (getId t) (parentMap params)
+        case parent of
+            T_Pipeline {} -> return parent
+            _             -> Nothing
+
+    causesSubshell = do
+        (T_Pipeline _ _ list) <- parentPipeline
+        if length list <= 1
+            then return False
+            else if not $ hasLastpipe params
+                then return True
+                else return . not $ (getId . head $ reverse list) == getId t
+
+getModifiedVariables t =
+    case t of
+        T_SimpleCommand _ vars [] ->
+            concatMap (\x -> case x of
+                                T_Assignment id _ name _ w  ->
+                                    [(x, x, name, dataTypeFrom DataString w)]
+                                _ -> []
+                      ) vars
+        c@T_SimpleCommand {} ->
+            getModifiedVariableCommand c
+
+        TA_Unary _ "++|" v@(TA_Variable _ name _)  ->
+            [(t, v, name, DataString $ SourceFrom [v])]
+        TA_Unary _ "|++" v@(TA_Variable _ name _)  ->
+            [(t, v, name, DataString $ SourceFrom [v])]
+        TA_Assignment _ op (TA_Variable _ name _) rhs -> maybeToList $ do
+            guard $ op `elem` ["=", "*=", "/=", "%=", "+=", "-=", "<<=", ">>=", "&=", "^=", "|="]
+            return (t, t, name, DataString $ SourceFrom [rhs])
+
+        -- Count [[ -v foo ]] as an "assignment".
+        -- This is to prevent [ -v foo ] being unassigned or unused.
+        TC_Unary id _ "-v" token -> maybeToList $ do
+            str <- fmap (takeWhile (/= '[')) $ -- Quoted index
+                    flip getLiteralStringExt token $ \x ->
+                case x of
+                    T_Glob _ s -> return s -- Unquoted index
+                    _          -> Nothing
+
+            guard . not . null $ str
+            return (t, token, str, DataString SourceChecked)
+
+        T_DollarBraced _ l -> maybeToList $ do
+            let string = bracedString t
+            let modifier = getBracedModifier string
+            guard $ ":=" `isPrefixOf` modifier
+            return (t, t, getBracedReference string, DataString $ SourceFrom [l])
+
+        t@(T_FdRedirect _ ('{':var) op) -> -- {foo}>&2 modifies foo
+            [(t, t, takeWhile (/= '}') var, DataString SourceInteger) | not $ isClosingFileOp op]
+
+        t@(T_CoProc _ name _) ->
+            [(t, t, fromMaybe "COPROC" name, DataArray SourceInteger)]
+
+        --Points to 'for' rather than variable
+        T_ForIn id str [] _ -> [(t, t, str, DataString SourceExternal)]
+        T_ForIn id str words _ -> [(t, t, str, DataString $ SourceFrom words)]
+        T_SelectIn id str words _ -> [(t, t, str, DataString $ SourceFrom words)]
+        _ -> []
+
+isClosingFileOp op =
+    case op of
+        T_IoDuplicate _ (T_GREATAND _) "-" -> True
+        T_IoDuplicate _ (T_LESSAND  _) "-" -> True
+        _                                  -> False
+
+
+-- Consider 'export/declare -x' a reference, since it makes the var available
+getReferencedVariableCommand base@(T_SimpleCommand _ _ (T_NormalWord _ (T_Literal _ x:_):rest)) =
+    case x of
+        "export" -> if "f" `elem` flags
+            then []
+            else concatMap getReference rest
+        "declare" -> if
+                any (`elem` flags) ["x", "p"] &&
+                    (not $ any (`elem` flags) ["f", "F"])
+            then concatMap getReference rest
+            else []
+        "readonly" ->
+            if any (`elem` flags) ["f", "p"]
+            then []
+            else concatMap getReference rest
+        "trap" ->
+            case rest of
+                head:_ -> map (\x -> (head, head, x)) $ getVariablesFromLiteralToken head
+                _ -> []
+        _ -> []
+  where
+    getReference t@(T_Assignment _ _ name _ value) = [(t, t, name)]
+    getReference t@(T_NormalWord _ [T_Literal _ name]) | not ("-" `isPrefixOf` name) = [(t, t, name)]
+    getReference _ = []
+    flags = map snd $ getAllFlags base
+
+getReferencedVariableCommand _ = []
+
+getModifiedVariableCommand base@(T_SimpleCommand _ _ (T_NormalWord _ (T_Literal _ x:_):rest)) =
+   filter (\(_,_,s,_) -> not ("-" `isPrefixOf` s)) $
+    case x of
+        "read" ->
+            let params = map getLiteral rest in
+                catMaybes . takeWhile isJust . reverse $ params
+        "getopts" ->
+            case rest of
+                opts:var:_ -> maybeToList $ getLiteral var
+                _          -> []
+
+        "let" -> concatMap letParamToLiteral rest
+
+        "export" ->
+            if "f" `elem` flags then [] else concatMap getModifierParamString rest
+
+        "declare" -> if any (`elem` flags) ["F", "f", "p"] then [] else declaredVars
+        "typeset" -> declaredVars
+
+        "local" -> concatMap getModifierParamString rest
+        "readonly" ->
+            if any (`elem` flags) ["f", "p"]
+            then []
+            else concatMap getModifierParamString rest
+        "set" -> maybeToList $ do
+            params <- getSetParams rest
+            return (base, base, "@", DataString $ SourceFrom params)
+
+        "printf" -> maybeToList $ getPrintfVariable rest
+
+        "mapfile" -> maybeToList $ getMapfileArray base rest
+        "readarray" -> maybeToList $ getMapfileArray base rest
+
+        _ -> []
+  where
+    flags = map snd $ getAllFlags base
+    stripEquals s = let rest = dropWhile (/= '=') s in
+        if rest == "" then "" else tail rest
+    stripEqualsFrom (T_NormalWord id1 (T_Literal id2 s:rs)) =
+        T_NormalWord id1 (T_Literal id2 (stripEquals s):rs)
+    stripEqualsFrom (T_NormalWord id1 [T_DoubleQuoted id2 [T_Literal id3 s]]) =
+        T_NormalWord id1 [T_DoubleQuoted id2 [T_Literal id3 (stripEquals s)]]
+    stripEqualsFrom t = t
+
+    declaredVars = concatMap (getModifierParam defaultType) rest
+      where
+        defaultType = if any (`elem` flags) ["a", "A"] then DataArray else DataString
+
+    getLiteral t = do
+        s <- getLiteralString t
+        when ("-" `isPrefixOf` s) $ fail "argument"
+        return (base, t, s, DataString SourceExternal)
+
+    getModifierParamString = getModifierParam DataString
+
+    getModifierParam def t@(T_Assignment _ _ name _ value) =
+        [(base, t, name, dataTypeFrom def value)]
+    getModifierParam def t@T_NormalWord {} = maybeToList $ do
+        name <- getLiteralString t
+        guard $ isVariableName name
+        return (base, t, name, def SourceDeclaration)
+    getModifierParam _ _ = []
+
+    letParamToLiteral token =
+          if var == ""
+            then []
+            else [(base, token, var, DataString $ SourceFrom [stripEqualsFrom token])]
+        where var = takeWhile isVariableChar $ dropWhile (`elem` "+-") $ concat $ oversimplify token
+
+    getSetParams (t:_:rest) | getLiteralString t == Just "-o" = getSetParams rest
+    getSetParams (t:rest) =
+        let s = getLiteralString t in
+            case s of
+                Just "--"    -> return rest
+                Just ('-':_) -> getSetParams rest
+                _            -> return (t:fromMaybe [] (getSetParams rest))
+    getSetParams [] = Nothing
+
+    getPrintfVariable list = f $ map (\x -> (x, getLiteralString x)) list
+      where
+        f ((_, Just "-v") : (t, Just var) : _) = return (base, t, var, DataString $ SourceFrom list)
+        f (_:rest) = f rest
+        f [] = fail "not found"
+
+    -- mapfile has some curious syntax allowing flags plus 0..n variable names
+    -- where only the first non-option one is used if any. Here we cheat and
+    -- just get the last one, if it's a variable name.
+    getMapfileArray base arguments = do
+        lastArg <- listToMaybe (reverse arguments)
+        name <- getLiteralString lastArg
+        guard $ isVariableName name
+        return (base, lastArg, name, DataArray SourceExternal)
+
+getModifiedVariableCommand _ = []
+
+getIndexReferences s = fromMaybe [] $ do
+    match <- matchRegex re s
+    index <- match !!! 0
+    return $ matchAllStrings variableNameRegex index
+  where
+    re = mkRegex "(\\[.*\\])"
+
+prop_getOffsetReferences1 = getOffsetReferences ":bar" == ["bar"]
+prop_getOffsetReferences2 = getOffsetReferences ":bar:baz" == ["bar", "baz"]
+prop_getOffsetReferences3 = getOffsetReferences "[foo]:bar" == ["bar"]
+prop_getOffsetReferences4 = getOffsetReferences "[foo]:bar:baz" == ["bar", "baz"]
+getOffsetReferences mods = fromMaybe [] $ do
+-- if mods start with [, then drop until ]
+    match <- matchRegex re mods
+    offsets <- match !!! 1
+    return $ matchAllStrings variableNameRegex offsets
+  where
+    re = mkRegex "^(\\[.+\\])? *:([^-=?+].*)"
+
+getReferencedVariables parents t =
+    case t of
+        T_DollarBraced id l -> let str = bracedString t in
+            (t, t, getBracedReference str) :
+                map (\x -> (l, l, x)) (
+                    getIndexReferences str
+                    ++ getOffsetReferences (getBracedModifier str))
+        TA_Variable id name _ ->
+            if isArithmeticAssignment t
+            then []
+            else [(t, t, name)]
+        T_Assignment id mode str _ word ->
+            [(t, t, str) | mode == Append] ++ specialReferences str t word
+
+        TC_Unary id _ "-v" token -> getIfReference t token
+        TC_Unary id _ "-R" token -> getIfReference t token
+        TC_Binary id DoubleBracket op lhs rhs ->
+            if isDereferencing op
+            then concatMap (getIfReference t) [lhs, rhs]
+            else []
+
+        t@(T_FdRedirect _ ('{':var) op) -> -- {foo}>&- references and closes foo
+            [(t, t, takeWhile (/= '}') var) | isClosingFileOp op]
+        x -> getReferencedVariableCommand x
+  where
+    -- Try to reduce false positives for unused vars only referenced from evaluated vars
+    specialReferences name base word =
+        if name `elem` [
+            "PS1", "PS2", "PS3", "PS4",
+            "PROMPT_COMMAND"
+          ]
+        then
+            map (\x -> (base, base, x)) $
+                getVariablesFromLiteralToken word
+        else []
+
+    literalizer t = case t of
+        T_Glob _ s -> return s    -- Also when parsed as globs
+        _          -> Nothing
+
+    getIfReference context token = maybeToList $ do
+            str <- getLiteralStringExt literalizer token
+            guard . not $ null str
+            when (isDigit $ head str) $ fail "is a number"
+            return (context, token, getBracedReference str)
+
+    isDereferencing = (`elem` ["-eq", "-ne", "-lt", "-le", "-gt", "-ge"])
+
+    isArithmeticAssignment t = case getPath parents t of
+        this: TA_Assignment _ "=" lhs _ :_ -> lhs == t
+        _                                  -> False
+
+dataTypeFrom defaultType v = (case v of T_Array {} -> DataArray; _ -> defaultType) $ SourceFrom [v]
+
+
+--- Command specific checks
+
+-- Compare a command to a string: t `isCommand` "sed" (also matches /usr/bin/sed)
+isCommand token str = isCommandMatch token (\cmd -> cmd  == str || ('/' : str) `isSuffixOf` cmd)
+
+-- Compare a command to a literal. Like above, but checks full path.
+isUnqualifiedCommand token str = isCommandMatch token (== str)
+
+isCommandMatch token matcher = fromMaybe False $
+    fmap matcher (getCommandName token)
+
+-- Does this regex look like it was intended as a glob?
+-- True:  *foo*
+-- False: .*foo.*
+isConfusedGlobRegex :: String -> Bool
+isConfusedGlobRegex ('*':_) = True
+isConfusedGlobRegex [x,'*'] | x /= '\\' = True
+isConfusedGlobRegex _       = False
+
+isVariableStartChar x = x == '_' || isAsciiLower x || isAsciiUpper x
+isVariableChar x = isVariableStartChar x || isDigit x
+variableNameRegex = mkRegex "[_a-zA-Z][_a-zA-Z0-9]*"
+
+prop_isVariableName1 = isVariableName "_fo123"
+prop_isVariableName2 = not $ isVariableName "4"
+prop_isVariableName3 = not $ isVariableName "test: "
+isVariableName (x:r) = isVariableStartChar x && all isVariableChar r
+isVariableName _     = False
+
+getVariablesFromLiteralToken token =
+    getVariablesFromLiteral (fromJust $ getLiteralStringExt (const $ return " ") token)
+
+-- Try to get referenced variables from a literal string like "$foo"
+-- Ignores tons of cases like arithmetic evaluation and array indices.
+prop_getVariablesFromLiteral1 =
+    getVariablesFromLiteral "$foo${bar//a/b}$BAZ" == ["foo", "bar", "BAZ"]
+getVariablesFromLiteral string =
+    map (!! 0) $ matchAllSubgroups variableRegex string
+  where
+    variableRegex = mkRegex "\\$\\{?([A-Za-z0-9_]+)"
+
+-- Get the variable name from an expansion like ${var:-foo}
+prop_getBracedReference1 = getBracedReference "foo" == "foo"
+prop_getBracedReference2 = getBracedReference "#foo" == "foo"
+prop_getBracedReference3 = getBracedReference "#" == "#"
+prop_getBracedReference4 = getBracedReference "##" == "#"
+prop_getBracedReference5 = getBracedReference "#!" == "!"
+prop_getBracedReference6 = getBracedReference "!#" == "#"
+prop_getBracedReference7 = getBracedReference "!foo#?" == "foo"
+prop_getBracedReference8 = getBracedReference "foo-bar" == "foo"
+prop_getBracedReference9 = getBracedReference "foo:-bar" == "foo"
+prop_getBracedReference10= getBracedReference "foo: -1" == "foo"
+prop_getBracedReference11= getBracedReference "!os*" == ""
+prop_getBracedReference12= getBracedReference "!os?bar**" == ""
+prop_getBracedReference13= getBracedReference "foo[bar]" == "foo"
+getBracedReference s = fromMaybe s $
+    nameExpansion s `mplus` takeName noPrefix `mplus` getSpecial noPrefix `mplus` getSpecial s
+  where
+    noPrefix = dropPrefix s
+    dropPrefix (c:rest) = if c `elem` "!#" then rest else c:rest
+    dropPrefix ""       = ""
+    takeName s = do
+        let name = takeWhile isVariableChar s
+        guard . not $ null name
+        return name
+    getSpecial (c:_) =
+        if c `elem` "*@#?-$!" then return [c] else fail "not special"
+    getSpecial _ = fail "empty"
+
+    nameExpansion ('!':rest) = do -- e.g. ${!foo*bar*}
+        let suffix = dropWhile isVariableChar rest
+        guard $ suffix /= rest -- e.g. ${!@}
+        first <- suffix !!! 0
+        guard $ first `elem` "*?"
+        return ""
+    nameExpansion _ = Nothing
+
+prop_getBracedModifier1 = getBracedModifier "foo:bar:baz" == ":bar:baz"
+prop_getBracedModifier2 = getBracedModifier "!var:-foo" == ":-foo"
+prop_getBracedModifier3 = getBracedModifier "foo[bar]" == "[bar]"
+getBracedModifier s = fromMaybe "" . listToMaybe $ do
+    let var = getBracedReference s
+    a <- dropModifier s
+    dropPrefix var a
+  where
+    dropPrefix [] t        = return t
+    dropPrefix (a:b) (c:d) | a == c = dropPrefix b d
+    dropPrefix _ _         = []
+
+    dropModifier (c:rest) | c `elem` "#!" = [rest, c:rest]
+    dropModifier x        = [x]
+
+-- Useful generic functions.
+
+-- Run an action in a Maybe (or do nothing).
+-- Example:
+-- potentially $ do
+--   s <- getLiteralString cmd
+--   guard $ s `elem` ["--recursive", "-r"]
+--   return $ warn .. "Something something recursive"
+potentially :: Monad m => Maybe (m ()) -> m ()
+potentially = fromMaybe (return ())
+
+-- Get element 0 or a default. Like `head` but safe.
+headOrDefault _ (a:_) = a
+headOrDefault def _   = def
+
+--- Get element n of a list, or Nothing. Like `!!` but safe.
+(!!!) list i =
+    case drop i list of
+        []    -> Nothing
+        (r:_) -> Just r
+
+-- Run a command if the shell is in the given list
+whenShell l c = do
+    shell <- asks shellType
+    when (shell `elem` l ) c
+
+
+filterByAnnotation asSpec params =
+    filter (not . shouldIgnore)
+  where
+    token = asScript asSpec
+    idFor (TokenComment id _) = id
+    shouldIgnore note =
+        any (shouldIgnoreFor (getCode note)) $
+            getPath parents (T_Bang $ idFor note)
+    shouldIgnoreFor num (T_Annotation _ anns _) =
+        any hasNum anns
+      where
+        hasNum (DisableComment ts) = num == ts
+        hasNum _                   = False
+    shouldIgnoreFor _ T_Include {} = not $ asCheckSourced asSpec
+    shouldIgnoreFor _ _ = False
+    parents = parentMap params
+    getCode (TokenComment _ (Comment _ c _)) = c
+
+-- Is this a ${#anything}, to get string length or array count?
+isCountingReference (T_DollarBraced id token) =
+    case concat $ oversimplify token of
+        '#':_ -> True
+        _     -> False
+isCountingReference _ = False
+
+-- FIXME: doesn't handle ${a:+$var} vs ${a:+"$var"}
+isQuotedAlternativeReference t =
+    case t of
+        T_DollarBraced _ _ ->
+            getBracedModifier (bracedString t) `matches` re
+        _ -> False
+  where
+    re = mkRegex "(^|\\]):?\\+"
+
+-- getGnuOpts "erd:u:" will parse a SimpleCommand like
+--     read -re -d : -u 3 bar
+-- into
+--     Just [("r", -re), ("e", -re), ("d", :), ("u", 3), ("", bar)]
+-- where flags with arguments map to arguments, while others map to themselves.
+-- Any unrecognized flag will result in Nothing.
+getGnuOpts = getOpts getAllFlags
+getBsdOpts = getOpts getLeadingFlags
+getOpts :: (Token -> [(Token, String)]) -> String -> Token -> Maybe [(String, Token)]
+getOpts flagTokenizer string cmd = process flags
+  where
+    flags = flagTokenizer cmd
+    flagList (c:':':rest) = ([c], True) : flagList rest
+    flagList (c:rest)     = ([c], False) : flagList rest
+    flagList []           = []
+    flagMap = Map.fromList $ ("", False) : flagList string
+
+    process [] = return []
+    process [(token, flag)] = do
+        takesArg <- Map.lookup flag flagMap
+        guard $ not takesArg
+        return [(flag, token)]
+    process ((token1, flag1):rest2@((token2, flag2):rest)) = do
+        takesArg <- Map.lookup flag1 flagMap
+        if takesArg
+            then do
+                guard $ flag2 == ""
+                more <- process rest
+                return $ (flag1, token2) : more
+            else do
+                more <- process rest2
+                return $ (flag1, token1) : more
+
+return []
+runTests =  $( [| $(forAllProperties) (quickCheckWithResult (stdArgs { maxSuccess = 1 }) ) |])

src/ShellCheck/Checker.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 {-# LANGUAGE TemplateHaskell #-}
 module ShellCheck.Checker (checkScript, ShellCheck.Checker.runTests) where
@@ -39,7 +39,7 @@ import Test.QuickCheck.All
 
 tokenToPosition map (TokenComment id c) = fromMaybe fail $ do
     position <- Map.lookup id map
-    return $ PositionedComment position c
+    return $ PositionedComment position position c
   where
     fail = error "Internal shellcheck error: id doesn't exist. Please report!"
 
@@ -54,7 +54,8 @@ checkScript sys spec = do
     checkScript contents = do
         result <- parseScript sys ParseSpec {
             psFilename = csFilename spec,
-            psScript = contents
+            psScript = contents,
+            psCheckSourced = csCheckSourced spec
         }
         let parseMessages = prComments result
         let analysisMessages =
@@ -65,18 +66,19 @@ checkScript sys spec = do
         return . nub . sortMessages . filter shouldInclude $
             (parseMessages ++ map translator analysisMessages)
 
-    shouldInclude (PositionedComment _ (Comment _ code _)) =
+    shouldInclude (PositionedComment _ _ (Comment _ code _)) =
         code `notElem` csExcludedWarnings spec
 
     sortMessages = sortBy (comparing order)
-    order (PositionedComment pos (Comment severity code message)) =
+    order (PositionedComment pos _ (Comment severity code message)) =
         (posFile pos, posLine pos, posColumn pos, severity, code, message)
-    getPosition (PositionedComment pos _) = pos
+    getPosition (PositionedComment pos _ _) = pos
 
     analysisSpec root =
         AnalysisSpec {
             asScript = root,
             asShellType = csShellTypeOverride spec,
+            asCheckSourced = csCheckSourced spec,
             asExecutionMode = Executed
          }
 
@@ -84,18 +86,26 @@ getErrors sys spec =
     sort . map getCode . crComments $
         runIdentity (checkScript sys spec)
   where
-    getCode (PositionedComment _ (Comment _ code _)) = code
+    getCode (PositionedComment _ _ (Comment _ code _)) = code
 
 check = checkWithIncludes []
 
+checkWithSpec includes =
+    getErrors (mockedSystemInterface includes)
+
 checkWithIncludes includes src =
-    getErrors
-        (mockedSystemInterface includes)
-        emptyCheckSpec {
+    checkWithSpec includes emptyCheckSpec {
         csScript = src,
         csExcludedWarnings = [2148]
     }
 
+checkRecursive includes src =
+    checkWithSpec includes emptyCheckSpec {
+        csScript = src,
+        csExcludedWarnings = [2148],
+        csCheckSourced = True
+    }
+
 prop_findsParseIssue = check "echo \"$12\"" == [1037]
 
 prop_commentDisablesParseIssue1 =
@@ -153,10 +163,40 @@ prop_cantSourceDynamic2 =
 prop_canSourceDynamicWhenRedirected =
     null $ checkWithIncludes [("lib", "")] "#shellcheck source=lib\n. \"$1\""
 
+prop_recursiveAnalysis =
+    [2086] == checkRecursive [("lib", "echo $1")] "source lib"
+
+prop_recursiveParsing =
+    [1037] == checkRecursive [("lib", "echo \"$10\"")] "source lib"
+
 prop_sourceDirectiveDoesntFollowFile =
     null $ checkWithIncludes
                 [("foo", "source bar"), ("bar", "baz=3")]
                 "#shellcheck source=foo\n. \"$1\"; echo \"$baz\""
 
+prop_filewideAnnotationBase = [2086] == check "#!/bin/sh\necho $1"
+prop_filewideAnnotation1 = null $
+    check "#!/bin/sh\n# shellcheck disable=2086\necho $1"
+prop_filewideAnnotation2 = null $
+    check "#!/bin/sh\n# shellcheck disable=2086\ntrue\necho $1"
+prop_filewideAnnotation3 = null $
+    check "#!/bin/sh\n#unerlated\n# shellcheck disable=2086\ntrue\necho $1"
+prop_filewideAnnotation4 = null $
+    check "#!/bin/sh\n# shellcheck disable=2086\n#unrelated\ntrue\necho $1"
+prop_filewideAnnotation5 = null $
+    check "#!/bin/sh\n\n\n\n#shellcheck disable=2086\ntrue\necho $1"
+prop_filewideAnnotation6 = null $
+    check "#shellcheck shell=sh\n#unrelated\n#shellcheck disable=2086\ntrue\necho $1"
+prop_filewideAnnotation7 = null $
+    check "#!/bin/sh\n# shellcheck disable=2086\n#unrelated\ntrue\necho $1"
+
+prop_filewideAnnotationBase2 = [2086, 2181] == check "true\n[ $? == 0 ] && echo $1"
+prop_filewideAnnotation8 = null $
+    check "# Disable $? warning\n#shellcheck disable=SC2181\n# Disable quoting warning\n#shellcheck disable=2086\ntrue\n[ $? == 0 ] && echo $1"
+
+prop_sourcePartOfOriginalScript = -- #1181: -x disabled posix warning for 'source'
+    2039 `elem` checkWithIncludes [("./saywhat.sh", "echo foo")] "#!/bin/sh\nsource ./saywhat.sh"
+
+
 return []
 runTests = $quickCheckAll

src/ShellCheck/Checks/ShellSupport.hs

@@ -0,0 +1,423 @@
+{-
+    Copyright 2012-2016 Vidar Holen
+
+    This file is part of ShellCheck.
+    https://www.shellcheck.net
+
+    ShellCheck is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    ShellCheck is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+-}
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE FlexibleContexts #-}
+module ShellCheck.Checks.ShellSupport (checker , ShellCheck.Checks.ShellSupport.runTests) where
+
+import ShellCheck.AST
+import ShellCheck.ASTLib
+import ShellCheck.AnalyzerLib
+import ShellCheck.Interface
+import ShellCheck.Regex
+
+import Control.Monad
+import Control.Monad.RWS
+import Data.Char
+import Data.List
+import Data.Maybe
+import qualified Data.Map as Map
+import Test.QuickCheck.All (forAllProperties)
+import Test.QuickCheck.Test (quickCheckWithResult, stdArgs, maxSuccess)
+
+data ForShell = ForShell [Shell] (Token -> Analysis)
+
+getChecker params list = Checker {
+        perScript = nullCheck,
+        perToken = foldl composeAnalyzers nullCheck $ mapMaybe include list
+    }
+  where
+    shell = shellType params
+    include (ForShell list a) = do
+        guard $ shell `elem` list
+        return a
+
+checker params = getChecker params checks
+
+checks = [
+    checkForDecimals
+    ,checkBashisms
+    ,checkEchoSed
+    ,checkBraceExpansionVars
+    ,checkMultiDimensionalArrays
+    ,checkPS1Assignments
+    ]
+
+testChecker (ForShell _ t) =
+    Checker {
+        perScript = nullCheck,
+        perToken = t
+    }
+verify c s = producesComments (testChecker c) s == Just True
+verifyNot c s = producesComments (testChecker c) s == Just False
+
+prop_checkForDecimals1 = verify checkForDecimals "((3.14*c))"
+prop_checkForDecimals2 = verify checkForDecimals "foo[1.2]=bar"
+prop_checkForDecimals3 = verifyNot checkForDecimals "declare -A foo; foo[1.2]=bar"
+checkForDecimals = ForShell [Sh, Dash, Bash] f
+  where
+    f t@(TA_Expansion id _) = potentially $ do
+        str <- getLiteralString t
+        first <- str !!! 0
+        guard $ isDigit first && '.' `elem` str
+        return $ err id 2079 "(( )) doesn't support decimals. Use bc or awk."
+    f _ = return ()
+
+
+prop_checkBashisms = verify checkBashisms "while read a; do :; done < <(a)"
+prop_checkBashisms2 = verify checkBashisms "[ foo -nt bar ]"
+prop_checkBashisms3 = verify checkBashisms "echo $((i++))"
+prop_checkBashisms4 = verify checkBashisms "rm !(*.hs)"
+prop_checkBashisms5 = verify checkBashisms "source file"
+prop_checkBashisms6 = verify checkBashisms "[ \"$a\" == 42 ]"
+prop_checkBashisms7 = verify checkBashisms "echo ${var[1]}"
+prop_checkBashisms8 = verify checkBashisms "echo ${!var[@]}"
+prop_checkBashisms9 = verify checkBashisms "echo ${!var*}"
+prop_checkBashisms10= verify checkBashisms "echo ${var:4:12}"
+prop_checkBashisms11= verifyNot checkBashisms "echo ${var:-4}"
+prop_checkBashisms12= verify checkBashisms "echo ${var//foo/bar}"
+prop_checkBashisms13= verify checkBashisms "exec -c env"
+prop_checkBashisms14= verify checkBashisms "echo -n \"Foo: \""
+prop_checkBashisms15= verify checkBashisms "let n++"
+prop_checkBashisms16= verify checkBashisms "echo $RANDOM"
+prop_checkBashisms17= verify checkBashisms "echo $((RANDOM%6+1))"
+prop_checkBashisms18= verify checkBashisms "foo &> /dev/null"
+prop_checkBashisms19= verify checkBashisms "foo > file*.txt"
+prop_checkBashisms20= verify checkBashisms "read -ra foo"
+prop_checkBashisms21= verify checkBashisms "[ -a foo ]"
+prop_checkBashisms22= verifyNot checkBashisms "[ foo -a bar ]"
+prop_checkBashisms23= verify checkBashisms "trap mything ERR INT"
+prop_checkBashisms24= verifyNot checkBashisms "trap mything INT TERM"
+prop_checkBashisms25= verify checkBashisms "cat < /dev/tcp/host/123"
+prop_checkBashisms26= verify checkBashisms "trap mything ERR SIGTERM"
+prop_checkBashisms27= verify checkBashisms "echo *[^0-9]*"
+prop_checkBashisms28= verify checkBashisms "exec {n}>&2"
+prop_checkBashisms29= verify checkBashisms "echo ${!var}"
+prop_checkBashisms30= verify checkBashisms "printf -v '%s' \"$1\""
+prop_checkBashisms31= verify checkBashisms "printf '%q' \"$1\""
+prop_checkBashisms32= verifyNot checkBashisms "#!/bin/dash\n[ foo -nt bar ]"
+prop_checkBashisms33= verify checkBashisms "#!/bin/sh\necho -n foo"
+prop_checkBashisms34= verifyNot checkBashisms "#!/bin/dash\necho -n foo"
+prop_checkBashisms35= verifyNot checkBashisms "#!/bin/dash\nlocal foo"
+prop_checkBashisms36= verifyNot checkBashisms "#!/bin/dash\nread -p foo -r bar"
+prop_checkBashisms37= verifyNot checkBashisms "HOSTNAME=foo; echo $HOSTNAME"
+prop_checkBashisms38= verify checkBashisms "RANDOM=9; echo $RANDOM"
+prop_checkBashisms39= verify checkBashisms "foo-bar() { true; }"
+prop_checkBashisms40= verify checkBashisms "echo $(<file)"
+prop_checkBashisms41= verify checkBashisms "echo `<file`"
+prop_checkBashisms42= verify checkBashisms "trap foo int"
+prop_checkBashisms43= verify checkBashisms "trap foo sigint"
+prop_checkBashisms44= verifyNot checkBashisms "#!/bin/dash\ntrap foo int"
+prop_checkBashisms45= verifyNot checkBashisms "#!/bin/dash\ntrap foo INT"
+prop_checkBashisms46= verify checkBashisms "#!/bin/dash\ntrap foo SIGINT"
+prop_checkBashisms47= verify checkBashisms "#!/bin/dash\necho foo 42>/dev/null"
+prop_checkBashisms48= verifyNot checkBashisms "#!/bin/dash\necho $LINENO"
+prop_checkBashisms49= verify checkBashisms "#!/bin/dash\necho $MACHTYPE"
+prop_checkBashisms50= verify checkBashisms "#!/bin/sh\ncmd >& file"
+prop_checkBashisms51= verifyNot checkBashisms "#!/bin/sh\ncmd 2>&1"
+prop_checkBashisms52= verifyNot checkBashisms "#!/bin/sh\ncmd >&2"
+prop_checkBashisms53= verifyNot checkBashisms "#!/bin/sh\nprintf -- -f\n"
+prop_checkBashisms54= verify checkBashisms "#!/bin/sh\nfoo+=bar"
+prop_checkBashisms55= verify checkBashisms "#!/bin/sh\necho ${@%foo}"
+prop_checkBashisms56= verifyNot checkBashisms "#!/bin/sh\necho ${##}"
+checkBashisms = ForShell [Sh, Dash] $ \t -> do
+    params <- ask
+    kludge params t
+ where
+  -- This code was copy-pasted from Analytics where params was a variable
+  kludge params = bashism
+   where
+    isDash = shellType params == Dash
+    warnMsg id s =
+        if isDash
+        then warn id 2169 $ "In dash, " ++ s ++ " not supported."
+        else warn id 2039 $ "In POSIX sh, " ++ s ++ " undefined."
+
+    bashism (T_ProcSub id _ _) = warnMsg id "process substitution is"
+    bashism (T_Extglob id _ _) = warnMsg id "extglob is"
+    bashism (T_DollarSingleQuoted id _) = warnMsg id "$'..' is"
+    bashism (T_DollarDoubleQuoted id _) = warnMsg id "$\"..\" is"
+    bashism (T_ForArithmetic id _ _ _ _) = warnMsg id "arithmetic for loops are"
+    bashism (T_Arithmetic id _) = warnMsg id "standalone ((..)) is"
+    bashism (T_DollarBracket id _) = warnMsg id "$[..] in place of $((..)) is"
+    bashism (T_SelectIn id _ _ _) = warnMsg id "select loops are"
+    bashism (T_BraceExpansion id _) = warnMsg id "brace expansion is"
+    bashism (T_Condition id DoubleBracket _) = warnMsg id "[[ ]] is"
+    bashism (T_HereString id _) = warnMsg id "here-strings are"
+    bashism (TC_Binary id SingleBracket op _ _)
+        | op `elem` [ "<", ">", "\\<", "\\>", "<=", ">=", "\\<=", "\\>="] =
+            unless isDash $ warnMsg id $ "lexicographical " ++ op ++ " is"
+    bashism (TC_Binary id SingleBracket op _ _)
+        | op `elem` [ "-nt", "-ef" ] =
+            unless isDash $ warnMsg id $ op ++ " is"
+    bashism (TC_Binary id SingleBracket "==" _ _) =
+            warnMsg id "== in place of = is"
+    bashism (TC_Binary id SingleBracket "=~" _ _) =
+            warnMsg id "=~ regex matching is"
+    bashism (TC_Unary id _ "-a" _) =
+            warnMsg id "unary -a in place of -e is"
+    bashism (TA_Unary id op _)
+        | op `elem` [ "|++", "|--", "++|", "--|"] =
+            warnMsg id $ filter (/= '|') op ++ " is"
+    bashism (TA_Binary id "**" _ _) = warnMsg id "exponentials are"
+    bashism (T_FdRedirect id "&" (T_IoFile _ (T_Greater _) _)) = warnMsg id "&> is"
+    bashism (T_FdRedirect id "" (T_IoFile _ (T_GREATAND _) _)) = warnMsg id ">& is"
+    bashism (T_FdRedirect id ('{':_) _) = warnMsg id "named file descriptors are"
+    bashism (T_FdRedirect id num _)
+        | all isDigit num && length num > 1 = warnMsg id "FDs outside 0-9 are"
+    bashism (T_Assignment id Append _ _ _) =
+        warnMsg id "+= is"
+    bashism (T_IoFile id _ word) | isNetworked =
+            warnMsg id "/dev/{tcp,udp} is"
+        where
+            file = onlyLiteralString word
+            isNetworked = any (`isPrefixOf` file) ["/dev/tcp", "/dev/udp"]
+    bashism (T_Glob id str) | "[^" `isInfixOf` str =
+            warnMsg id "^ in place of ! in glob bracket expressions is"
+
+    bashism t@(TA_Variable id str _) | isBashVariable str =
+        warnMsg id $ str ++ " is"
+
+    bashism t@(T_DollarBraced id token) = do
+        mapM_ check expansion
+        when (isBashVariable var) $
+                    warnMsg id $ var ++ " is"
+      where
+        str = bracedString t
+        var = getBracedReference str
+        check (regex, feature) =
+            when (isJust $ matchRegex regex str) $ warnMsg id feature
+
+    bashism t@(T_Pipe id "|&") =
+        warnMsg id "|& in place of 2>&1 | is"
+    bashism (T_Array id _) =
+        warnMsg id "arrays are"
+    bashism (T_IoFile id _ t) | isGlob t =
+        warnMsg id "redirecting to/from globs is"
+    bashism (T_CoProc id _ _) =
+        warnMsg id "coproc is"
+
+    bashism (T_Function id _ _ str _) | not (isVariableName str) =
+        warnMsg id "naming functions outside [a-zA-Z_][a-zA-Z0-9_]* is"
+
+    bashism (T_DollarExpansion id [x]) | isOnlyRedirection x =
+        warnMsg id "$(<file) to read files is"
+    bashism (T_Backticked id [x]) | isOnlyRedirection x =
+        warnMsg id "`<file` to read files is"
+
+    bashism t@(T_SimpleCommand _ _ (cmd:arg:_))
+        | t `isCommand` "echo" && "-" `isPrefixOf` argString =
+            unless ("--" `isPrefixOf` argString) $ -- echo "-----"
+                if isDash
+                then
+                    when (argString /= "-n") $
+                        warnMsg (getId arg) "echo flags besides -n"
+                else
+                    warnMsg (getId arg) "echo flags are"
+      where argString = concat $ oversimplify arg
+    bashism t@(T_SimpleCommand _ _ (cmd:arg:_))
+        | t `isCommand` "exec" && "-" `isPrefixOf` concat (oversimplify arg) =
+            warnMsg (getId arg) "exec flags are"
+    bashism t@(T_SimpleCommand id _ _)
+        | t `isCommand` "let" = warnMsg id "'let' is"
+
+    bashism t@(T_SimpleCommand id _ (cmd:rest)) =
+        let name = fromMaybe "" $ getCommandName t
+            flags = getLeadingFlags t
+        in do
+            when (name `elem` unsupportedCommands) $
+                warnMsg id $ "'" ++ name ++ "' is"
+            potentially $ do
+                allowed <- Map.lookup name allowedFlags
+                (word, flag) <- listToMaybe $
+                    filter (\x -> (not . null . snd $ x) && snd x `notElem` allowed) flags
+                return . warnMsg (getId word) $ name ++ " -" ++ flag ++ " is"
+
+            when (name == "source") $ warnMsg id "'source' in place of '.' is"
+            when (name == "trap") $
+                let
+                    check token = potentially $ do
+                        str <- getLiteralString token
+                        let upper = map toUpper str
+                        return $ do
+                            when (upper `elem` ["ERR", "DEBUG", "RETURN"]) $
+                                warnMsg (getId token) $ "trapping " ++ str ++ " is"
+                            when ("SIG" `isPrefixOf` upper) $
+                                warnMsg (getId token)
+                                    "prefixing signal names with 'SIG' is"
+                            when (not isDash && upper /= str) $
+                                warnMsg (getId token)
+                                    "using lower/mixed case for signal names is"
+                in
+                    mapM_ check (drop 1 rest)
+
+            when (name == "printf") $ potentially $ do
+                format <- rest !!! 0  -- flags are covered by allowedFlags
+                let literal = onlyLiteralString format
+                guard $ "%q" `isInfixOf` literal
+                return $ warnMsg (getId format) "printf %q is"
+      where
+        unsupportedCommands = [
+            "let", "caller", "builtin", "complete", "compgen", "declare", "dirs", "disown",
+            "enable", "mapfile", "readarray", "pushd", "popd", "shopt", "suspend",
+            "typeset"
+            ] ++ if not isDash then ["local"] else []
+        allowedFlags = Map.fromList [
+            ("exec", []),
+            ("export", ["-p"]),
+            ("printf", []),
+            ("read", if isDash then ["r", "p"] else ["r"]),
+            ("ulimit", ["f"])
+            ]
+    bashism t@(T_SourceCommand id src _) =
+        let name = fromMaybe "" $ getCommandName src
+        in do
+            when (name == "source") $ warnMsg id "'source' in place of '.' is"
+    bashism _ = return ()
+
+    varChars="_0-9a-zA-Z"
+    expansion = let re = mkRegex in [
+        (re $ "^![" ++ varChars ++ "]", "indirect expansion is"),
+        (re $ "^[" ++ varChars ++ "]+\\[.*\\]$", "array references are"),
+        (re $ "^![" ++ varChars ++ "]+\\[[*@]]$", "array key expansion is"),
+        (re $ "^![" ++ varChars ++ "]+[*@]$", "name matching prefixes are"),
+        (re $ "^[" ++ varChars ++ "*@]+:[^-=?+]", "string indexing is"),
+        (re $ "^([*@][%#]|#[@*])", "string operations on $@/$* are"),
+        (re $ "^[" ++ varChars ++ "*@]+(\\[.*\\])?/", "string replacement is")
+        ]
+    bashVars = [
+        "LINENO", "OSTYPE", "MACHTYPE", "HOSTTYPE", "HOSTNAME",
+        "DIRSTACK", "EUID", "UID", "SHLVL", "PIPESTATUS", "SHELLOPTS"
+        ]
+    bashDynamicVars = [ "RANDOM", "SECONDS" ]
+    dashVars = [ "LINENO" ]
+    isBashVariable var =
+        (var `elem` bashDynamicVars
+            || var `elem` bashVars && not (isAssigned var))
+        && not (isDash && var `elem` dashVars)
+    isAssigned var = any f (variableFlow params)
+      where
+        f x = case x of
+                Assignment (_, _, name, _) -> name == var
+                _ -> False
+
+prop_checkEchoSed1 = verify checkEchoSed "FOO=$(echo \"$cow\" | sed 's/foo/bar/g')"
+prop_checkEchoSed2 = verify checkEchoSed "rm $(echo $cow | sed -e 's,foo,bar,')"
+checkEchoSed = ForShell [Bash, Ksh] f
+  where
+    f (T_Pipeline id _ [a, b]) =
+        when (acmd == ["echo", "${VAR}"]) $
+            case bcmd of
+                ["sed", v] -> checkIn v
+                ["sed", "-e", v] -> checkIn v
+                _ -> return ()
+      where
+        -- This should have used backreferences, but TDFA doesn't support them
+        sedRe = mkRegex "^s(.)([^\n]*)g?$"
+        isSimpleSed s = fromMaybe False $ do
+            [first,rest] <- matchRegex sedRe s
+            let delimiters = filter (== head first) rest
+            guard $ length delimiters == 2
+            return True
+
+        acmd = oversimplify a
+        bcmd = oversimplify b
+        checkIn s =
+            when (isSimpleSed s) $
+                style id 2001 "See if you can use ${variable//search/replace} instead."
+    f _ = return ()
+
+
+prop_checkBraceExpansionVars1 = verify checkBraceExpansionVars "echo {1..$n}"
+prop_checkBraceExpansionVars2 = verifyNot checkBraceExpansionVars "echo {1,3,$n}"
+prop_checkBraceExpansionVars3 = verify checkBraceExpansionVars "eval echo DSC{0001..$n}.jpg"
+prop_checkBraceExpansionVars4 = verify checkBraceExpansionVars "echo {$i..100}"
+checkBraceExpansionVars = ForShell [Bash] f
+  where
+    f t@(T_BraceExpansion id list) = mapM_ check list
+      where
+        check element =
+            when (any (`isInfixOf` toString element) ["$..", "..$"]) $ do
+                c <- isEvaled element
+                if c
+                    then style id 2175 "Quote this invalid brace expansion since it should be passed literally to eval."
+                    else warn id 2051 "Bash doesn't support variables in brace range expansions."
+    f _ = return ()
+
+    literalExt t =
+        case t of
+            T_DollarBraced {} -> return "$"
+            T_DollarExpansion {} -> return "$"
+            T_DollarArithmetic {} -> return "$"
+            otherwise -> return "-"
+    toString t = fromJust $ getLiteralStringExt literalExt t
+    isEvaled t = do
+        cmd <- getClosestCommandM t
+        return $ isJust cmd && fromJust cmd `isUnqualifiedCommand` "eval"
+
+
+prop_checkMultiDimensionalArrays1 = verify checkMultiDimensionalArrays "foo[a][b]=3"
+prop_checkMultiDimensionalArrays2 = verifyNot checkMultiDimensionalArrays "foo[a]=3"
+prop_checkMultiDimensionalArrays3 = verify checkMultiDimensionalArrays "foo=( [a][b]=c )"
+prop_checkMultiDimensionalArrays4 = verifyNot checkMultiDimensionalArrays "foo=( [a]=c )"
+prop_checkMultiDimensionalArrays5 = verify checkMultiDimensionalArrays "echo ${foo[bar][baz]}"
+prop_checkMultiDimensionalArrays6 = verifyNot checkMultiDimensionalArrays "echo ${foo[bar]}"
+checkMultiDimensionalArrays = ForShell [Bash] f
+  where
+    f token =
+        case token of
+            T_Assignment _ _ name (first:second:_) _ -> about second
+            T_IndexedElement _ (first:second:_) _ -> about second
+            T_DollarBraced {} ->
+                when (isMultiDim token) $ about token
+            _ -> return ()
+    about t = warn (getId t) 2180 "Bash does not support multidimensional arrays. Use 1D or associative arrays."
+
+    re = mkRegex "^\\[.*\\]\\[.*\\]"  -- Fixme, this matches ${foo:- [][]} and such as well
+    isMultiDim t = getBracedModifier (bracedString t) `matches` re
+
+prop_checkPS11 = verify checkPS1Assignments "PS1='\\033[1;35m\\$ '"
+prop_checkPS11a= verify checkPS1Assignments "export PS1='\\033[1;35m\\$ '"
+prop_checkPSf2 = verify checkPS1Assignments "PS1='\\h \\e[0m\\$ '"
+prop_checkPS13 = verify checkPS1Assignments "PS1=$'\\x1b[c '"
+prop_checkPS14 = verify checkPS1Assignments "PS1=$'\\e[3m; '"
+prop_checkPS14a= verify checkPS1Assignments "export PS1=$'\\e[3m; '"
+prop_checkPS15 = verifyNot checkPS1Assignments "PS1='\\[\\033[1;35m\\]\\$ '"
+prop_checkPS16 = verifyNot checkPS1Assignments "PS1='\\[\\e1m\\e[1m\\]\\$ '"
+prop_checkPS17 = verifyNot checkPS1Assignments "PS1='e033x1B'"
+prop_checkPS18 = verifyNot checkPS1Assignments "PS1='\\[\\e\\]'"
+checkPS1Assignments = ForShell [Bash] f
+  where
+    f token = case token of
+        (T_Assignment _ _ "PS1" _ word) -> warnFor word
+        _ -> return ()
+
+    warnFor word =
+        let contents = concat $ oversimplify word in
+            when (containsUnescaped contents) $
+                info (getId word) 2025 "Make sure all escape sequences are enclosed in \\[..\\] to prevent line wrapping issues"
+    containsUnescaped s =
+        let unenclosed = subRegex enclosedRegex s "" in
+           isJust $ matchRegex escapeRegex unenclosed
+    enclosedRegex = mkRegex "\\\\\\[.*\\\\\\]" -- FIXME: shouldn't be eager
+    escapeRegex = mkRegex "\\\\x1[Bb]|\\\\e|\x1B|\\\\033"
+
+
+return []
+runTests =  $( [| $(forAllProperties) (quickCheckWithResult (stdArgs { maxSuccess = 1 }) ) |])

src/ShellCheck/Data.hs

@@ -33,6 +33,9 @@ internalVariables = [
     -- Other
     "USER", "TZ", "TERM", "LOGNAME", "LD_LIBRARY_PATH", "LANGUAGE", "DISPLAY",
     "HOSTNAME", "KRB5CCNAME", "XAUTHORITY"
+
+    -- Ksh
+    , ".sh.version"
   ]
 
 variablesWithoutSpaces = [
@@ -74,6 +77,14 @@ commonCommands = [
     "zcat"
   ]
 
+nonReadingCommands = [
+    "alias", "basename", "bg", "cal", "cd", "chgrp", "chmod", "chown",
+    "cp", "du", "echo", "export", "false", "fg", "fuser", "getconf",
+    "getopt", "getopts", "ipcrm", "ipcs", "jobs", "kill", "ln", "ls",
+    "locale", "mv", "printf", "ps", "pwd", "renice", "rm", "rmdir",
+    "set", "sleep", "touch", "trap", "true", "ulimit", "unalias", "uname"
+    ]
+
 sampleWords = [
     "alpha", "bravo", "charlie", "delta", "echo", "foxtrot",
     "golf", "hotel", "india", "juliett", "kilo", "lima", "mike",
@@ -82,12 +93,24 @@ sampleWords = [
     "zulu"
   ]
 
+binaryTestOps = [
+    "-nt", "-ot", "-ef", "==", "!=", "<=", ">=", "-eq", "-ne", "-lt", "-le",
+    "-gt", "-ge", "=~", ">", "<", "=", "\\<", "\\>", "\\<=", "\\>="
+  ]
+
+unaryTestOps = [
+    "!", "-a", "-b", "-c", "-d", "-e", "-f", "-g", "-h", "-L", "-k", "-p",
+    "-r", "-s", "-S", "-t", "-u", "-w", "-x", "-O", "-G", "-N", "-z", "-n",
+    "-o", "-v", "-R"
+  ]
+
 shellForExecutable :: String -> Maybe Shell
 shellForExecutable name =
     case name of
         "sh"    -> return Sh
         "bash"  -> return Bash
         "dash"  -> return Dash
+        "ash"   -> return Dash -- There's also a warning for this.
         "ksh"   -> return Ksh
         "ksh88" -> return Ksh
         "ksh93" -> return Ksh

src/ShellCheck/Formatter/CheckStyle.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Formatter.CheckStyle (format) where
 
@@ -34,14 +34,27 @@ format = return Formatter {
         putStrLn "<checkstyle version='4.3'>",
 
     onFailure = outputError,
-    onResult = outputResult,
+    onResult = outputResults,
 
     footer = putStrLn "</checkstyle>"
 }
 
-outputResult result contents = do
-    let comments = makeNonVirtual (crComments result) contents
-    putStrLn . formatFile (crFilename result) $ comments
+outputResults cr sys =
+    if null comments
+    then outputFile (crFilename cr) "" []
+    else mapM_ outputGroup fileGroups
+  where
+    comments = crComments cr
+    fileGroups = groupWith sourceFile comments
+    outputGroup group = do
+        let filename = sourceFile (head group)
+        result <- (siReadFile sys) filename
+        let contents = either (const "") id result
+        outputFile filename contents group
+
+outputFile filename contents warnings = do
+    let comments = makeNonVirtual warnings contents
+    putStrLn . formatFile filename $ comments
 
 formatFile name comments = concat [
     "<file ", attr "name" name, ">\n",

src/ShellCheck/Formatter/Format.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Formatter.Format where
 
@@ -25,18 +25,21 @@ import ShellCheck.Interface
 -- A formatter that carries along an arbitrary piece of data
 data Formatter = Formatter {
     header ::  IO (),
-    onResult :: CheckResult -> String -> IO (),
+    onResult :: CheckResult -> SystemInterface IO -> IO (),
     onFailure :: FilePath -> ErrorMessage -> IO (),
     footer :: IO ()
 }
 
-lineNo (PositionedComment pos _) = posLine pos
-colNo  (PositionedComment pos _) = posColumn pos
-codeNo (PositionedComment _ (Comment _ code _)) = code
-messageText (PositionedComment _ (Comment _ _ t)) = t
+sourceFile (PositionedComment pos _ _) = posFile pos
+lineNo (PositionedComment pos _ _) = posLine pos
+endLineNo (PositionedComment _ end _) = posLine end
+colNo  (PositionedComment pos _ _) = posColumn pos
+endColNo  (PositionedComment _ end _) = posColumn end
+codeNo (PositionedComment _ _ (Comment _ code _)) = code
+messageText (PositionedComment _ _ (Comment _ _ t)) = t
 
 severityText :: PositionedComment -> String
-severityText (PositionedComment _ (Comment c _ _)) =
+severityText (PositionedComment _ _ (Comment c _ _)) =
     case c of
         ErrorC   -> "error"
         WarningC -> "warning"
@@ -48,12 +51,15 @@ makeNonVirtual comments contents =
     map fix comments
   where
     ls = lines contents
-    fix c@(PositionedComment pos comment) = PositionedComment pos {
-        posColumn =
+    fix c@(PositionedComment start end comment) = PositionedComment start {
+        posColumn = realignColumn lineNo colNo c
+    } end {
+        posColumn = realignColumn endLineNo endColNo c
+    } comment
+    realignColumn lineNo colNo c =
       if lineNo c > 0 && lineNo c <= fromIntegral (length ls)
       then real (ls !! fromIntegral (lineNo c - 1)) 0 0 (colNo c)
       else colNo c
-    } comment
     real _ r v target | target <= v = r
     real [] r v _ = r -- should never happen
     real ('\t':rest) r v target =

src/ShellCheck/Formatter/GCC.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Formatter.GCC (format) where
 
@@ -31,14 +31,25 @@ format = return Formatter {
     header = return (),
     footer = return (),
     onFailure = outputError,
-    onResult = outputResult
+    onResult = outputAll
 }
 
 outputError file error = hPutStrLn stderr $ file ++ ": " ++ error
 
-outputResult result contents = do
-    let comments = makeNonVirtual (crComments result) contents
-    mapM_ (putStrLn . formatComment (crFilename result)) comments
+outputAll cr sys = mapM_ f groups
+  where
+    comments = crComments cr
+    groups = groupWith sourceFile comments
+    f :: [PositionedComment] -> IO ()
+    f group = do
+        let filename = sourceFile (head group)
+        result <- (siReadFile sys) filename
+        let contents = either (const "") id result
+        outputResult filename contents group
+
+outputResult filename contents warnings = do
+    let comments = makeNonVirtual warnings contents
+    mapM_ (putStrLn . formatComment filename) comments
 
 formatComment filename c = concat [
     filename, ":",

src/ShellCheck/Formatter/JSON.hs

@@ -1,8 +1,9 @@
+{-# LANGUAGE OverloadedStrings #-}
 {-
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,17 +16,19 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Formatter.JSON (format) where
 
 import ShellCheck.Interface
 import ShellCheck.Formatter.Format
 
+import Data.Aeson
 import Data.IORef
+import Data.Monoid
 import GHC.Exts
 import System.IO
-import Text.JSON
+import qualified Data.ByteString.Lazy.Char8 as BL
 
 format = do
     ref <- newIORef []
@@ -36,17 +39,30 @@ format = do
         footer = finish ref
     }
 
-instance JSON (PositionedComment) where
-  showJSON comment@(PositionedComment pos (Comment level code string)) = makeObj [
-      ("file", showJSON $ posFile pos),
-      ("line", showJSON $ posLine pos),
-      ("column", showJSON $ posColumn pos),
-      ("level", showJSON $ severityText comment),
-      ("code", showJSON code),
-      ("message", showJSON string)
+instance ToJSON (PositionedComment) where
+  toJSON comment@(PositionedComment start end (Comment level code string)) =
+    object [
+      "file" .= posFile start,
+      "line" .= posLine start,
+      "endLine" .= posLine end,
+      "column" .= posColumn start,
+      "endColumn" .= posColumn end,
+      "level" .= severityText comment,
+      "code" .= code,
+      "message" .= string
     ]
 
-  readJSON = undefined
+  toEncoding comment@(PositionedComment start end (Comment level code string)) =
+    pairs (
+         "file" .= posFile start
+      <> "line" .= posLine start
+      <> "endLine" .= posLine end
+      <> "column" .= posColumn start
+      <> "endColumn" .= posColumn end
+      <> "level" .= severityText comment
+      <> "code" .= code
+      <> "message" .= string
+    )
 
 outputError file msg = hPutStrLn stderr $ file ++ ": " ++ msg
 collectResult ref result _ =
@@ -54,5 +70,5 @@ collectResult ref result _ =
 
 finish ref = do
     list <- readIORef ref
-    putStrLn $ encodeStrict list
+    BL.putStrLn $ encode list
 

src/ShellCheck/Formatter/TTY.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Formatter.TTY (format) where
 
@@ -43,15 +43,22 @@ colorForLevel level =
         "style"   -> 32 -- green
         "message" -> 1 -- bold
         "source"  -> 0 -- none
-        otherwise -> 0 -- none
+        _ -> 0         -- none
 
 outputError options file error = do
     color <- getColorFunc $ foColorOption options
     hPutStrLn stderr $ color "error" $ file ++ ": " ++ error
 
-outputResult options result contents = do
+outputResult options result sys = do
     color <- getColorFunc $ foColorOption options
     let comments = crComments result
+    let fileGroups = groupWith sourceFile comments
+    mapM_ (outputForFile color sys) fileGroups
+
+outputForFile color sys comments = do
+    let fileName = sourceFile (head comments)
+    result <- (siReadFile sys) fileName
+    let contents = either (const "") id result
     let fileLines = lines contents
     let lineCount = fromIntegral $ length fileLines
     let groups = groupWith lineNo comments
@@ -62,7 +69,7 @@ outputResult options result contents = do
                         else fileLines !! fromIntegral (lineNum - 1)
         putStrLn ""
         putStrLn $ color "message" $
-           "In " ++ crFilename result ++" line " ++ show lineNum ++ ":"
+           "In " ++ fileName ++" line " ++ show lineNum ++ ":"
         putStrLn (color "source" line)
         mapM_ (\c -> putStrLn (color (severityText c) $ cuteIndent c)) x
         putStrLn ""

src/ShellCheck/Interface.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 module ShellCheck.Interface where
 
@@ -24,7 +24,7 @@ import Control.Monad.Identity
 import qualified Data.Map as Map
 
 
-data SystemInterface m = SystemInterface {
+newtype SystemInterface m = SystemInterface {
     -- Read a file by filename, or return an error
     siReadFile :: String -> m (Either ErrorMessage String)
 }
@@ -33,6 +33,7 @@ data SystemInterface m = SystemInterface {
 data CheckSpec = CheckSpec {
     csFilename :: String,
     csScript :: String,
+    csCheckSourced :: Bool,
     csExcludedWarnings :: [Integer],
     csShellTypeOverride :: Maybe Shell
 } deriving (Show, Eq)
@@ -42,9 +43,11 @@ data CheckResult = CheckResult {
     crComments :: [PositionedComment]
 } deriving (Show, Eq)
 
+emptyCheckSpec :: CheckSpec
 emptyCheckSpec = CheckSpec {
     csFilename = "",
     csScript = "",
+    csCheckSourced = False,
     csExcludedWarnings = [],
     csShellTypeOverride = Nothing
 }
@@ -52,7 +55,8 @@ emptyCheckSpec = CheckSpec {
 -- Parser input and output
 data ParseSpec = ParseSpec {
     psFilename :: String,
-    psScript :: String
+    psScript :: String,
+    psCheckSourced :: Bool
 } deriving (Show, Eq)
 
 data ParseResult = ParseResult {
@@ -65,16 +69,17 @@ data ParseResult = ParseResult {
 data AnalysisSpec = AnalysisSpec {
     asScript :: Token,
     asShellType :: Maybe Shell,
-    asExecutionMode :: ExecutionMode
+    asExecutionMode :: ExecutionMode,
+    asCheckSourced :: Bool
 }
 
-data AnalysisResult = AnalysisResult {
+newtype AnalysisResult = AnalysisResult {
     arComments :: [TokenComment]
 }
 
 
 -- Formatter options
-data FormatterOptions = FormatterOptions {
+newtype FormatterOptions = FormatterOptions {
     foColorOption :: ColorOption
 }
 
@@ -94,7 +99,7 @@ data Position = Position {
 } deriving (Show, Eq)
 
 data Comment = Comment Severity Code String deriving (Show, Eq)
-data PositionedComment = PositionedComment Position Comment deriving (Show, Eq)
+data PositionedComment = PositionedComment Position Position Comment deriving (Show, Eq)
 data TokenComment = TokenComment Id Comment deriving (Show, Eq)
 
 data ColorOption =

src/ShellCheck/Regex.hs

@@ -2,7 +2,7 @@
     Copyright 2012-2015 Vidar Holen
 
     This file is part of ShellCheck.
-    http://www.vidarholen.net/contents/shellcheck
+    https://www.shellcheck.net
 
     ShellCheck is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -}
 {-# LANGUAGE FlexibleContexts #-}
 

stack.yaml

@@ -0,0 +1,35 @@
+# This file was automatically generated by stack init
+# For more information, see: https://docs.haskellstack.org/en/stable/yaml_configuration/
+
+# Specifies the GHC version and set of packages available (e.g., lts-3.5, nightly-2015-09-21, ghc-7.10.2)
+resolver: lts-8.5
+
+# Local packages, usually specified by relative directory name
+packages:
+- '.'
+# Packages to be pulled from upstream that are not in the resolver (e.g., acme-missiles-0.3)
+extra-deps: []
+
+# Override default flag values for local packages and extra-deps
+flags: {}
+
+# Extra package databases containing global packages
+extra-package-dbs: []
+
+# Control whether we use the GHC we find on the path
+# system-ghc: true
+
+# Require a specific version of stack, using version ranges
+# require-stack-version: -any # Default
+# require-stack-version: >= 1.0.0
+
+# Override the architecture used by stack, especially useful on Windows
+# arch: i386
+# arch: x86_64
+
+# Extra directories used by stack for building
+# extra-include-dirs: [/path/to/dir]
+# extra-lib-dirs: [/path/to/dir]
+
+# Allow a newer minor version of GHC than the snapshot specifies
+# compiler-check: newer-minor

striptests

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+# This file strips all unit tests from ShellCheck, removing
+# the dependency on QuickCheck and Template Haskell and
+# reduces the binary size considerably.
+set -o pipefail
+
+sponge() {
+  data="$(cat)"
+  printf '%s\n' "$data" > "$1"
+}
+
+modify() {
+  if ! "${@:2}" < "$1" | sponge "$1"
+  then
+    {
+      printf 'Failed to modify %s: ' "$1"
+      printf '%q ' "${@:2}"
+      printf '\n'
+    } >&2
+    exit 1
+  fi
+}
+
+detestify() {
+  echo "-- AUTOGENERATED from ShellCheck by striptests. Do not modify."
+  awk '
+    BEGIN {
+      state = 0;
+    }
+
+    /LANGUAGE TemplateHaskell/ { next; }
+    /^import.*Test\./ { next; }
+
+    /^module/ {
+      sub(/,[^,)]*runTests/, "");
+    }
+
+    # Delete tests
+    /^prop_/ { state = 1; next; }
+
+    # ..and any blank lines following them.
+    state == 1 && /^ / { next; }
+
+    # Template Haskell marker
+    /^return / {
+      exit;
+    }
+
+    { state = 0; print; }
+    '
+}
+
+
+
+if [[ ! -e ShellCheck.cabal ]]
+then
+  echo "Run me from the ShellCheck directory." >&2
+  exit 1
+fi
+
+if [[ -d '.git' ]] && ! git diff --exit-code > /dev/null 2>&1
+then
+  echo "You have local changes! These may be overwritten." >&2
+  exit 2
+fi
+
+modify ShellCheck.cabal sed -e '
+  /QuickCheck/d
+  /^test-suite/{ s/.*//; q; }
+  '
+
+find . -name '.git' -prune -o -type f -name '*.hs' -print |
+  while IFS= read -r file
+  do
+    modify "$file" detestify
+  done
+

test/shellcheck.hs

@@ -4,13 +4,19 @@ import Control.Monad
 import System.Exit
 import qualified ShellCheck.Checker
 import qualified ShellCheck.Analytics
+import qualified ShellCheck.AnalyzerLib
 import qualified ShellCheck.Parser
+import qualified ShellCheck.Checks.Commands
+import qualified ShellCheck.Checks.ShellSupport
 
 main = do
     putStrLn "Running ShellCheck tests..."
     results <- sequence [
         ShellCheck.Checker.runTests,
+        ShellCheck.Checks.Commands.runTests,
+        ShellCheck.Checks.ShellSupport.runTests,
         ShellCheck.Analytics.runTests,
+        ShellCheck.AnalyzerLib.runTests,
         ShellCheck.Parser.runTests
       ]
     if and results