7x31/shellcheck
1
0
Fork 0
mirror of https://github.com/koalaman/shellcheck.git synced 2025-10-03 11:19:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Created SC2223 (markdown)

koalaman
2018-01-06 10:54:23 -08:00
parent f681777d9e
commit 433e5c2331
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
SC2223.md Normal file

@@ -0,0 +1,24 @@
## This default assignment may cause DoS due to globbing. Quote it.
### Problematic code:
```sh
: ${COLUMNS:=80}
```
### Correct code:
```sh
: "${COLUMNS:=80}"
```
### Rationale:
This statement is an idiomatic way of assigning a default value to an environment variable. However, even though it's passed to `:` which ignores arguments, it's better to quote it.
If `COLUMNS='/*/*/*/*/*/*'`, the unquoted, problematic code may spend 30+ minutes trashing the disk as it unnecessarily tries to glob expand the value.
The correct code uses double quotes to avoid glob expansion, and therefore does not have this problem.
### Exceptions:
None, though this issue is largely theoretical.