[checks/scripts] [PATCH 3/4] shell script wrapper detection
Hi,
This is the third of a series of patches updating checks/scripts
bashisms checks with some changes that have been made to checkbashisms
over the past few months.
Hopefully all the patches are self-explanatory, but please let me know
if there are any questions or issues.
Regards,
Adam
scripts_are_more_evil_and_wrong.diff
------------------------------------
The archive-wide checkbashisms runs have revealed more methods of
disguising something as a shell script than script_is_evil_and_wrong()
currently catches.
1) Match cases where just $@ is quoted, or where the whole of ${1:+$@}
is quoted.
2) Allow arguments to eval to be double- as well as single-quoted
3) Increase the number of lines scanned
Both of the above were added to match line 52 of
bastille-firewall-schedule:
eval "exec ${PERL} -x $0 $*"
4) Match lines execing $var if $var has previously been assigned the
value of $0. /usr/bin/git-citool uses this construct:
#!/bin/sh
# Tcl ignores the next line -*- tcl -*- \
if test "z$*" = zversion \
|| test "z$*" = z--version; \
then \
echo 'git-gui version 0.9.3.1.g21623'; \
exit; \
fi; \
argv0=$0; \
exec '/usr/bin/wish8.5' "$argv0" -- "$@"
5) Allow the exec to be preceded by && as well as a semicolon
6) Match scripts that don't pass on their parameters (i.e. re-exec
themselves and read from stdin)
--- checks/scripts.orig 2008-06-13 10:56:03.000000000 +0100
+++ checks/scripts 2008-06-13 10:58:11.000000000 +0100
@@ -738,16 +738,19 @@
my $ret = 0;
open (IN, '<', $filename) or fail("cannot open $filename: $!");
my $i = 0;
+ my $var = "0";
local $_;
while (<IN>) {
- chomp;
+ chomp;
next if /^#/o;
next if /^$/o;
- last if (++$i > 20);
- if (/(^\s*|\beval\s*\'|;\s*)exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1:?\+)?.?\$(\@|\*)/o) {
- $ret = 1;
- last;
- }
+ last if (++$i > 55);
+ if (/(^\s*|\beval\s*[\'\"]|(;|&&)\s*)exec\s*.+\s*.?\$$var.?\s*(--\s*)?.?(\${1:?\+.?)?(\$(\@|\*))?/) {
+ $ret = 1;
+ last;
+ } elsif (/^\s*(\w+)=\$0;/) {
+ $var = $1;
+ }
}
close IN;
return $ret;
Reply to: