koalaman
commented
9 years ago Can you give an example of what you mean? ShellCheck already warns in some contexts like rm *
Open Shnatsel opened 9 years ago
koalaman
commented
9 years ago Can you give an example of what you mean? ShellCheck already warns in some contexts like rm *
Shnatsel
commented
9 years ago For example, the following will hang waiting for standard input indefinitely if it encounters a file called "-"
for file in * ; do
cat "$file" >> something
doneThis can also allow injecting dangeround things like -f key in rm, about which shellcheck already warns, but the problem is more general than that.
Another problematic example from the linked article is cat $(find . -type f), about which shellcheck currently says "SC2046 Quote this to prevent word splitting", which is unhelpful - quoting output containing multiple files doesn't work. A working solution is listed in the article I linked.
koalaman
commented
9 years ago In this particular case it's explicitly allowed because for loops don't care. There should probably be a check to track where the variable ends up being used, in case a prefix is not added.
There are multiple obscure pitfalls with glob handling in shells, BASH in particular. They are documented in great detail at http://www.dwheeler.com/essays/filenames-in-shell.html and an overview with a link to that article is also included in TLDP's bash scripting guide, http://www.tldp.org/LDP/abs/html/globbingref.html
Shellcheck should warn about the use of
*instead of the correct./*and other problematic patterns listed on that page.