anordal
commented
6 years ago Thanks for the report!
No disagreement here. There is the opposite rule, which Shellharden arguably applies too broadly (i.e. always). This feature was added in commit 7f47706.
The reason why Shellharden simply always transforms $ → $@ is to forbid the very bad unquoted $ variant (which is a big coding smell, always wrong and never useful), whereas the quoted "$@" variant, safe as it is, I've honestly never seen or imagined a legitimate use for.
I could trivially allow the quoted "$*" variant. Oh boy, that's a change of mindset – I want to think a bit about that.
Shellcheck requires changing
printf "Error: %s\n" "Bad parameters: $@"toprintf "Error: %s\n" "Bad parameters: $*". Shellharden requires the opposite.Is there fundamental disagreement or is it a false positive?
https://github.com/koalaman/shellcheck/wiki/SC2145