[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Yet another patch + how to check for stuff in shell scripts

Raphael Geissert <atomo64+debian@gmail.com> writes:
> Russ Allbery wrote:

>> What I think Lintian really needs is a module that can do the following:
>> 
>> * Read a shell script and provide the caller with a stream of logical
>>   lines, dealing with things like backslash escapes so that each caller
>>   doesn't have to.
>> 
>> * Recognize heredocs and filter them out of the command stream so that the
>>   caller only sees the contents of heredocs as arguments and not as
>>   possible separate commands.
>
> Both already done in some way by checkbashisms.

Well, yes and no.  checkbashisms does this internally for its own checks,
but doesn't provide the necessary API to callers.  If your new module does
that, that's great!  But I want to be able to do these things *without*
checking for bashisms as well (obvious example: a maintainer script
written in bash), and I want to be able to do it from check scripts
separate from checks/scripts (which means I don't want to keep redoing the
bashism checks each time it's called).

So having a separate parsing layer is, I think, a requirement for Lintian
going forward to be able to do script checks in a sane fashion.  If we get
that via your work on checkbashisms, that's fantastic -- it just needs to
provide the necessary API.

>> * Recognize conditionals so that the caller can get simple information
>>   like "is this line inside a conditional or would it always execute?".
>>   This is important in Lintian in several places for false positive
>>   suppression; we often can assume that if code is conditional, the
>>   maintainer probably knows what they're doing and we shouldn't bug them
>>   about something we're unsure about.

> IMO this is one of the most complex and complicated things to do, as it
> requires more than a "regexes logic".

I believe you are overestimating the difficulty.

>> * Recognize common patterns that Lintian needs to be concerned with, such
>>   as whether a conditional probes for the existence of a command using the
>>   regular which / command -v methods.  There are a bunch of stock shell
>>   script parsing patterns like that in Lintian right now.

> Something like $LEADIN?

I don't think it's related, but I might be missing something.  Look at
checks/menus for an example of the kind of code that needs to be made
generic.

>> * Parse commands into a list of command and arguments so that code can do
>>   simple things like ask "was the command given this argument" without
>>   doing error-prone regex matching on the whole command line.

> Not impossible, but won't be easy either.

Here too I think you're seriously overestimating the difficulty.

> Sure; but I have to say that checkbashisms is currently are both things
> together and the perl module allows bashisms + whatever you want.

If it provides an API to do what's mentioned above, that's great.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: