shlint 0.1.2 → 0.1.4

data/lib/checkbashisms

@@ -6,7 +6,7 @@
 #   Copyright (C) 2002 Josip Rodin
 # This version is
 #   Copyright (C) 2003 Julian Gilbey
-# 
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
@@ -21,7 +21,8 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 use strict;
-use Getopt::Long;
+use Getopt::Long qw(:config gnu_getopt);
+use File::Temp qw/tempfile/;
 
 sub init_hashes;
 
@@ -47,6 +48,12 @@ EOF
 
 my ($opt_echo, $opt_force, $opt_extra, $opt_posix);
 my ($opt_help, $opt_version);
+my @filenames;
+
+# Detect if STDIN is a pipe
+if (scalar(@ARGV) == 0 && (-p STDIN or -f STDIN)) {
+    push(@ARGV, '-');
+}
 
 ##
 ## handle command-line options
@@ -77,22 +84,34 @@ init_hashes;
 foreach my $filename (@ARGV) {
     my $check_lines_count = -1;
 
+    my $display_filename = $filename;
+
+    if ($filename eq '-') {
+	my $tmp_fh;
+	($tmp_fh, $filename) = tempfile("chkbashisms_tmp.XXXX", TMPDIR => 1, UNLINK => 1);
+	while (my $line = <STDIN>) {
+	    print $tmp_fh $line;
+	}
+	close($tmp_fh);
+	$display_filename = "(stdin)";
+    }
+
     if (!$opt_force) {
 	$check_lines_count = script_is_evil_and_wrong($filename);
     }
 
     if ($check_lines_count == 0 or $check_lines_count == 1) {
-	warn "script $filename does not appear to be a /bin/sh script; skipping\n";
+	warn "script $display_filename does not appear to be a /bin/sh script; skipping\n";
 	next;
     }
 
     if ($check_lines_count != -1) {
-	warn "script $filename appears to be a shell wrapper; only checking the first "
+	warn "script $display_filename appears to be a shell wrapper; only checking the first "
 	     . "$check_lines_count lines\n";
     }
 
     unless (open C, '<', $filename) {
-	warn "cannot open script $filename for reading: $!\n";
+	warn "cannot open script $display_filename for reading: $!\n";
 	$status |= 2;
 	next;
     }
@@ -105,6 +124,7 @@ foreach my $filename (@ARGV) {
     my $found_rules = 0;
     my $buffered_orig_line = "";
     my $buffered_line = "";
+    my %start_lines;
 
     while (<C>) {
 	next unless ($check_lines_count == -1 or $. <= $check_lines_count);
@@ -123,18 +143,18 @@ foreach my $filename (@ARGV) {
 		next if $opt_force;
 
 		if ($interpreter =~ m,/bash$,) {
-		    warn "script $filename is already a bash script; skipping\n";
+		    warn "script $display_filename is already a bash script; skipping\n";
 		    $status |= 2;
 		    last;  # end this file
 		}
 		elsif ($interpreter !~ m,/(sh|posh)$,) {
 ### ksh/zsh?
-		    warn "script $filename does not appear to be a /bin/sh script; skipping\n";
+		    warn "script $display_filename does not appear to be a /bin/sh script; skipping\n";
 		    $status |= 2;
 		    last;
 		}
 	    } else {
-		warn "script $filename does not appear to have a \#! interpreter line;\nyou may get strange results\n";
+		warn "script $display_filename does not appear to have a \#! interpreter line;\nyou may get strange results\n";
 	    }
 	}
 
@@ -163,6 +183,12 @@ foreach my $filename (@ARGV) {
 	s/(^|[^\\](?:\\\\)*)\'(?:\\.|[^\\\'])+\'/$1''/g;
 	s/(^|[^\\](?:\\\\)*)\"(?:\\.|[^\\\"])+\"/$1""/g;
 
+	# If inside a quoted string, remove everything before the quote
+	s/^.+?\'//
+	    if ($quote_string eq "'");
+	s/^.+?[^\\]\"//
+	    if ($quote_string eq '"');
+
 	# If the remaining string contains what looks like a comment,
 	# eat it. In either case, swap the unmodified script line
 	# back in for processing.
@@ -201,7 +227,7 @@ foreach my $filename (@ARGV) {
 	    if (/^[\w%-]+:+\s.*?;?(.*)$/ and !($last_continued and !$found_rules)) {
 		$found_rules = 1;
 		$_ = $1 if $1;
-	    } 
+	    }
 
 	    last if m%^\s*(override\s|export\s)?\s*SHELL\s*:?=\s*(/bin/)?bash\s*%;
 
@@ -278,8 +304,26 @@ foreach my $filename (@ARGV) {
 		    my $otherquote = ($quote eq "\"" ? "\'" : "\"");
 
 		    # Remove balanced quotes and their content
-		    $templine =~ s/(^|[^\\\"](?:\\\\)*)\'[^\']*\'/$1/g;
-		    $templine =~ s/(^|[^\\\'](?:\\\\)*)\"(?:\\.|[^\\\"])+\"/$1/g;
+		    while (1) {
+			my ($length_single, $length_double) = (0, 0);
+
+			# Determine which one would match first:
+			if ($templine =~ m/(^.+?(?:^|[^\\\"](?:\\\\)*)\')[^\']*\'/) {
+			    $length_single = length($1);
+			}
+			if ($templine =~ m/(^.*?(?:^|[^\\\'](?:\\\\)*)\")(?:\\.|[^\\\"])+\"/) {
+			    $length_double = length($1);
+			}
+
+			# Now simplify accordingly (shorter is preferred):
+			if ($length_single != 0 && ($length_single < $length_double || $length_double == 0)) {
+			    $templine =~ s/(^|[^\\\"](?:\\\\)*)\'[^\']*\'/$1/;
+			} elsif ($length_double != 0) {
+			    $templine =~ s/(^|[^\\\'](?:\\\\)*)\"(?:\\.|[^\\\"])+\"/$1/;
+			} else {
+			    last;
+			}
+		    }
 
 		    # Don't flag quotes that are themselves quoted
 		    # "a'b"
@@ -295,6 +339,7 @@ foreach my $filename (@ARGV) {
 		    # start of a quoted block.
 		    if ($count % 2 == 1) {
 			$quote_string = $quote;
+			$start_lines{'quote_string'} = $.;
 			$line =~ s/^(.*)$quote.*$/$1/;
 			last;
 		    }
@@ -305,8 +350,8 @@ foreach my $filename (@ARGV) {
 	    # detect source (.) trying to pass args to the command it runs
 	    # The first expression weeds out '. "foo bar"'
 	    if (not $found and
-		not m/$LEADIN\.\s+(\"[^\"]+\"|\'[^\']+\'|\$\([^)]+\)+(?:\/[^\s;]+)?)\s*(\&|\||\d?>|<|;|\Z)/
-		and m/$LEADIN(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
+		not m/$LEADIN\.\s+(\"[^\"]+\"|\'[^\']+\'|\$\([^)]+\)+(?:\/[^\s;]+)?)\s*(\&|\||\d?>|<|;|\Z)/o
+		and m/$LEADIN(\.\s+[^\s;\`:]+\s+([^\s;]+))/o) {
 		if ($2 =~ /^(\&|\||\d?>|<)/) {
 		    # everything is ok
 		    ;
@@ -314,7 +359,7 @@ foreach my $filename (@ARGV) {
 		    $found = 1;
 		    $match = $1;
 		    $explanation = "sourced script with arguments";
-		    output_explanation($filename, $orig_line, $explanation);
+		    output_explanation($display_filename, $orig_line, $explanation);
 		}
 	    }
 
@@ -330,50 +375,52 @@ foreach my $filename (@ARGV) {
 		    $found = 1;
 		    $match = $1;
 		    $explanation = $expl;
-		    output_explanation($filename, $orig_line, $explanation);
+		    output_explanation($display_filename, $orig_line, $explanation);
 		}
 	    }
 
 	    my $re='(?<![\$\\\])\$\'[^\']+\'';
-	    if ($line =~ m/(.*)($re)/){
+	    if ($line =~ m/(.*)($re)/o){
 		my $count = () = $1 =~ /(^|[^\\])\'/g;
 		if( $count % 2 == 0 ) {
-		    output_explanation($filename, $orig_line, q<$'...' should be "$(printf '...')">);
+		    output_explanation($display_filename, $orig_line, q<$'...' should be "$(printf '...')">);
 		}
-	    }   
+	    }
 
 	    # $cat_line contains the version of the line we'll check
 	    # for heredoc delimiters later. Initially, remove any
 	    # spaces between << and the delimiter to make the following
-	    # updates to $cat_line easier.
+	    # updates to $cat_line easier. However, don't remove the
+	    # spaces if the delimiter starts with a -, as that changes
+	    # how the delimiter is searched.
 	    my $cat_line = $line;
-	    $cat_line =~ s/(<\<-?)\s+/$1/g;
+	    $cat_line =~ s/(<\<-?)\s+(?!-)/$1/g;
 
 	    # Ignore anything inside single quotes; it could be an
 	    # argument to grep or the like.
 	    $line =~ s/(^|[^\\\"](?:\\\\)*)\'(?:\\.|[^\\\'])+\'/$1''/g;
 
 	    # As above, with the exception that we don't remove the string
-	    # if the quote is immediately preceeded by a < or a -, so we
+	    # if the quote is immediately preceded by a < or a -, so we
 	    # can match "foo <<-?'xyz'" as a heredoc later
 	    # The check is a little more greedy than we'd like, but the
 	    # heredoc test itself will weed out any false positives
 	    $cat_line =~ s/(^|[^<\\\"-](?:\\\\)*)\'(?:\\.|[^\\\'])+\'/$1''/g;
 
 	    $re='(?<![\$\\\])\$\"[^\"]+\"';
-	    if ($line =~ m/(.*)($re)/){
+	    if ($line =~ m/(.*)($re)/o){
 		my $count = () = $1 =~ /(^|[^\\])\"/g;
 		if( $count % 2 == 0 ) {
-		    output_explanation($filename, $orig_line, q<$"foo" should be eval_gettext "foo">);
+		    output_explanation($display_filename, $orig_line, q<$"foo" should be eval_gettext "foo">);
 		}
-	    }   
+	    }
 
 	    while (my ($re,$expl) = each %string_bashisms) {
 		if ($line =~ m/($re)/) {
 		    $found = 1;
 		    $match = $1;
 		    $explanation = $expl;
-		    output_explanation($filename, $orig_line, $explanation);
+		    output_explanation($display_filename, $orig_line, $explanation);
 		}
 	    }
 
@@ -386,25 +433,46 @@ foreach my $filename (@ARGV) {
 		    $found = 1;
 		    $match = $1;
 		    $explanation = $expl;
-		    output_explanation($filename, $orig_line, $explanation);
+		    output_explanation($display_filename, $orig_line, $explanation);
 		}
 	    }
+	    # This check requires the value to be compared, which could
+	    # be done in the regex itself but requires "use re 'eval'".
+	    # So it's better done in its own
+	    if ($line =~ m/$LEADIN((?:exit|return)\s+(\d{3,}))/o && $2 > 255) {
+		$explanation = 'exit|return status code greater than 255';
+		output_explanation($display_filename, $orig_line, $explanation);
+	    }
 
 	    # Only look for the beginning of a heredoc here, after we've
 	    # stripped out quoted material, to avoid false positives.
-	    if ($cat_line =~ m/(?:^|[^<])\<\<(\-?)\s*(?:[\\]?(\w+)|[\'\"](.*?)[\'\"])/) {
+	    if ($cat_line =~ m/(?:^|[^<])\<\<(\-?)\s*(?:(?!<|'|")((?:[^\s;>|]+(?:(?<=\\)[\s;>|])?)+)|[\'\"](.*?)[\'\"])/) {
 		$cat_indented = ($1 && $1 eq '-')? 1 : 0;
-		$cat_string = $2;
-		$cat_string = $3 if not defined $cat_string;
+		my $quoted = defined($3);
+		$cat_string = $quoted? $3 : $2;
+		unless ($quoted) {
+		    # Now strip backslashes. Keep the position of the
+		    # last match in a variable, as s/// resets it back
+		    # to undef, but we don't want that.
+		    my $pos = 0;
+		    pos($cat_string) = $pos;
+		    while ($cat_string =~ s/\G(.*?)\\/$1/) {
+			# postition += length of match + the character
+			# that followed the backslash:
+			$pos += length($1)+1;
+			pos($cat_string) = $pos;
+		    }
+		}
+		$start_lines{'cat_string'} = $.;
             }
 	}
     }
 
-    warn "error: $filename:  Unterminated heredoc found, EOF reached. Wanted: <$cat_string>\n"
+    warn "error: $display_filename:  Unterminated heredoc found, EOF reached. Wanted: <$cat_string>, opened in line $start_lines{'cat_string'}\n"
 	if ($cat_string ne '');
-    warn "error: $filename: Unterminated quoted string found, EOF reached. Wanted: <$quote_string>\n"
+    warn "error: $display_filename: Unterminated quoted string found, EOF reached. Wanted: <$quote_string>, opened in line $start_lines{'quote_string'}\n"
 	if ($quote_string ne '');
-    warn "error: $filename: EOF reached while on line continuation.\n"
+    warn "error: $display_filename: EOF reached while on line continuation.\n"
 	if ($buffered_line ne '');
 
     close C;
@@ -454,8 +522,8 @@ sub script_is_evil_and_wrong {
 	    # Match expressions of the form '${1+$@}', '${1:+"$@"',
 	    # '"${1+$@', "$@", etc where the quotes (before the dollar
 	    # sign(s)) are optional and the second (or only if the $1
-	    # clause is omitted) parameter may be $@ or $*. 
-	    # 
+	    # clause is omitted) parameter may be $@ or $*.
+	    #
 	    # Finally the whole subexpression may be omitted for scripts
 	    # which do not pass on their parameters (i.e. after re-execing
 	    # they take their parameters (and potentially data) from stdin
@@ -495,13 +563,14 @@ sub script_is_evil_and_wrong {
 sub init_hashes {
 
     %bashisms = (
-	qr'(?:^|\s+)function \w+(\s|\(|\Z)' => q<'function' is useless>,
+	qr'(?:^|\s+)function [^<>\(\)\[\]\{\};|\s]+(\s|\(|\Z)' => q<'function' is useless>,
 	$LEADIN . qr'select\s+\w+' =>     q<'select' is not POSIX>,
 	qr'(test|-o|-a)\s*[^\s]+\s+==\s' => q<should be 'b = a'>,
 	qr'\[\s+[^\]]+\s+==\s' =>        q<should be 'b = a'>,
 	qr'\s\|\&' =>                    q<pipelining is not POSIX>,
 	qr'[^\\\$]\{([^\s\\\}]*?,)+[^\\\}\s]*\}' => q<brace expansion>,
-	qr'\{\d+\.\.\d+\}' =>          q<brace expansion, should be $(seq a b)>,
+	qr'\{\d+\.\.\d+(?:\.\.\d+)?\}' =>          q<brace expansion, {a..b[..c]}should be $(seq a [c] b)>,
+	qr'(?i)\{[a-z]\.\.[a-z](?:\.\.\d+)?\}' =>          q<brace expansion>,
 	qr'(?:^|\s+)\w+\[\d+\]=' =>      q<bash arrays, H[0]>,
 	$LEADIN . qr'read\s+(?:-[a-qs-zA-Z\d-]+)' => q<read with option other than -r>,
 	$LEADIN . qr'read\s*(?:-\w+\s*)*(?:\".*?\"|[\'].*?[\'])?\s*(?:;|$)'
@@ -536,7 +605,10 @@ sub init_hashes {
 	$LEADIN . qr'alias\s+-p' =>       q<alias -p>,
 	$LEADIN . qr'unalias\s+-a' =>     q<unalias -a>,
 	$LEADIN . qr'local\s+-[a-zA-Z]+' => q<local -opt>,
-	qr'(?:^|\s+)\s*\(?\w*[^\(\w\s]+\S*?\s*\(\)\s*([\{|\(]|\Z)'
+	# function '=' is special-cased due to bash arrays (think of "foo=()")
+	qr'(?:^|\s)\s*=\s*\(\s*\)\s*([\{|\(]|\Z)'
+		=> q<function names should only contain [a-z0-9_]>,
+	qr'(?:^|\s)(?<func>function\s)?\s*(?:[^<>\(\)\[\]\{\};|\s]*[^<>\(\)\[\]\{\};|\s\w][^<>\(\)\[\]\{\};|\s]*)(?(<func>)(?=)|(?<!=))\s*(?(<func>)(?:\(\s*\))?|\(\s*\))\s*([\{|\(]|\Z)'
 		=> q<function names should only contain [a-z0-9_]>,
 	$LEADIN . qr'(push|pop)d(\s|\Z)' =>    q<(push|pop)d>,
 	$LEADIN . qr'export\s+-[^p]' =>  q<export only takes -p as an option>,
@@ -552,15 +624,25 @@ sub init_hashes {
 	$LEADIN . qr'jobs\s' =>  q<jobs>,
 #	$LEADIN . qr'jobs\s+-[^lp]\s' =>  q<'jobs' with option other than -l or -p>,
 	$LEADIN . qr'command\s+-[^p]\s' =>  q<'command' with option other than -p>,
+	$LEADIN . qr'setvar\s' =>  q<setvar 'foo' 'bar' should be eval 'foo="'"$bar"'"'>,
+	$LEADIN . qr'trap\s+["\']?.*["\']?\s+.*(?:ERR|DEBUG|RETURN)' => q<trap with ERR|DEBUG|RETURN>,
+	$LEADIN . qr'(?:exit|return)\s+-\d' => q<exit|return with negative status code>,
+	$LEADIN . qr'(?:exit|return)\s+--' => q<'exit --' should be 'exit' (idem for return)>,
+	$LEADIN . qr'sleep\s+(?:-|\d+(?:[.a-z]|\s+\d))' => q<sleep only takes one integer>,
+	$LEADIN . qr'hash(\s|\Z)' =>     q<hash>,
+	qr'(?:[:=\s])~(?:[+-]|[+-]?\d+)(?:[/\s]|\Z)' => q<non-standard tilde expansion>,
     );
 
     %string_bashisms = (
 	qr'\$\[[^][]+\]' =>	         q<'$[' should be '$(('>,
-	qr'\$\{\w+\:\d+(?::\d+)?\}' =>   q<${foo:3[:1]}>,
+	qr'\$\{(?:\w+|@|\*)\:(?:\d+|\$\{?\w+\}?)+(?::(?:\d+|\$\{?\w+\}?)+)?\}' =>   q<${foo:3[:1]}>,
 	qr'\$\{!\w+[\@*]\}' =>           q<${!prefix[*|@]>,
 	qr'\$\{!\w+\}' =>                q<${!name}>,
-	qr'\$\{\w+(/.+?){1,2}\}' =>      q<${parm/?/pat[/str]}>,
-	qr'\$\{\#?\w+\[[0-9\*\@]+\]\}' => q<bash arrays, ${name[0|*|@]}>,
+	qr'\$\{(?:\w+|@|\*)([,^]{1,2}.*?)\}' =>   q<${parm,[,][pat]} or ${parm^[^][pat]}>,
+	qr'\$\{[@*]([#%]{1,2}.*?)\}' =>   q<${[@|*]#[#]pat} or ${[@|*]%[%]pat}>,
+	qr'\$\{#[@*]\}'			=>   q<${#@} or ${#*}>,
+	qr'\$\{(?:\w+|@|\*)(/.+?){1,2}\}' =>      q<${parm/?/pat[/str]}>,
+	qr'\$\{\#?\w+\[.+\](?:[/,:#%^].+?)?\}' => q<bash arrays, ${name[0|*|@]}>,
 	qr'\$\{?RANDOM\}?\b' =>          q<$RANDOM>,
 	qr'\$\{?(OS|MACH)TYPE\}?\b'   => q<$(OS|MACH)TYPE>,
 	qr'\$\{?HOST(TYPE|NAME)\}?\b' => q<$HOST(TYPE|NAME)>,
@@ -572,6 +654,13 @@ sub init_hashes {
 	qr'\$\{?SHELLOPTS\}?\b'       => q<$SHELLOPTS>,
 	qr'\$\{?PIPESTATUS\}?\b'      => q<$PIPESTATUS>,
 	qr'\$\{?SHLVL\}?\b'           => q<$SHLVL>,
+	qr'\$\{?FUNCNAME\}?\b'        => q<$FUNCNAME>,
+	qr'\$\{?TMOUT\}?\b'           => q<$TMOUT>,
+	qr'(?:^|\s+)TMOUT='           => q<TMOUT=>,
+	qr'\$\{?TIMEFORMAT\}?\b'      => q<$TIMEFORMAT>,
+	qr'(?:^|\s+)TIMEFORMAT='      => q<TIMEFORMAT=>,
+	qr'\$\{?_\}?\b'		      => q<$_>,
+	qr'(?:^|\s+)GLOBIGNORE='      => q<GLOBIGNORE=>,
 	qr'<<<'                       => q<\<\<\< here string>,
 	$LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\"[^\"]*(\\[abcEfnrtv0])+.*?[\"]' => q<unsafe echo with backslash>,
 	qr'\$\(\([\s\w$*/+-]*\w\+\+.*?\)\)'   => q<'$((n++))' should be '$n; $((n=n+1))'>,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shlint
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-25 00:00:00.000000000 Z
+date: 2012-11-16 00:00:00.000000000 Z
 dependencies: []
 description: Checks the syntax of your shellscript against known and available shells.
 email:
@@ -46,7 +46,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: A linting tool for shell.