[QUESTION] is xargs also a solution to sc2089, sc2090?

[Veraellyunjie]

shellcheck version: 0.9.0 and online https://shellcheck.net/

1st attempt, wrong one:

#! /bin/sh

OPT='--foreground "#FFFFFF" --background \#000080'

myprog ${OPT}

shellcheck suggestions: https://github.com/koalaman/shellcheck/wiki/SC2089 https://github.com/koalaman/shellcheck/wiki/SC2090 don't mention xargs:

#! /bin/sh

OPT='--foreground "#FFFFFF" --background \#000080'

printf %s "${OPT}" | xargs myprog

this snippet works and shellcheck doesn't produce any output.

The question:

Is xargs a fine, portable, reliable, secure alternative solution that works in all cases?

If yes, please include it in the wiki. If not, please make shellcheck warn on xargs.

[plambert]

There are many values for OPT that would result in unexpected arguments being passed to myprog. Is that what you are asking?

For example, using this bash script to show the resulting arguments...

#!/bin/bash
# myprog

i=0
for o in "$@"; do
  i=$(( i + 1 ))
  printf '%2d: %q\n' "$i" "$o"
done

and

#!/bin/sh

OPT='--foreground \#FFFFFF --background \#000080 --eol-char "
"'

printf %s "${OPT}" | xargs myprog

will likely fail with an error from xargs about an unterminated quote.

I don't know how common this type of usage is; if it comes up often enough to warrant a check, I'd certainly support it, though I lack the skills to implement such a check.

[koalaman]

xargs's quote parsing would work for many (probably most) common cases, though it differs in how it handles escapes inside quotes, $'..' quotes, and definitely any kind of glob. Given that cleaner, more robust mechanisms exist, it would probably be better to use them.