On Thursday 28 May 2009 13:14:51 Adam D. Barratt wrote:
> On Wed, 2009-05-27 at 19:11 -0500, Raphael Geissert wrote:
>
> Thanks for the list. I've included comments on each issue inline.
> Where issues don't have an immediate fix I've cloned them to new bugs to
> make tracking stuff easier.
I though about that too, but preferred not to cause too much noise so that I'd
get your attention :)
>
> > -----------------
> >
> > FP:
> > > possible bashism in ./usr/share/shorewall6-lite/lib.base line 684
> > > (sourced script with arguments):
> > > . $(find_file $(expand $@))
> >
> > Workaround (this needs to be fixed by stripping evals, $(), ``, and any
> > other form of code execution and looking for bashisms in those parts
> > individually): Apply the same dummy logic used for "" and '' to $()
[...]
> Hmmm, this seems a little hacky, but I suppose it's better than nothing
> in the short term. :-/ As you noted yourself later on, it doesn't cope
> well with bracketed groups which occur inside $().
>
> Cloned as #530905 so we can try and find a better fix.
Something similar to what I did in lintian to handle quotes for the diversions
check needs to be used.
[...]
> Yep, okay. Why "our $LEADIN" though? It's global scope, so why not just
> "my"?
Blame lintian for that, I didn't think twice before replacing "my"
with "our" :-/
> > -----------------
> >
> > FP (ref: #530084):
> > > if false; then foo; else exec something; fi
> >
> > @@ -408,7 +409,7 @@ sub script_is_evil_and_wrong {
> > last if (++$i > 55);
> > if (m~
> > # the exec should either be "eval"ed or a new statement
> > - (^\s*|\beval\s*[\'\"]|(;|&&)\s*)
> > + (^\s*|\beval\s*[\'\"]|(;|&&|\b(then|else))\s*)
>
> Couldn't you have included that with the "then" fix at the top? ;-)
I saw it later :)
By the way, I noticed the duplication of that line about fifteen lines below,
it might need to be updated there as well (or something refactored to avoid
duplicating it at all :).
>
> > FN:
> > > #!/bin/sh
> > > cat <<FOO
> > > hello
> > > $(echo -e "world\c")
> > >
> > > Running on $OSTYPE
> > > FOO
> >
> > Only here docs with quoted markers should be ignored.
>
> Well... no. And yes. Some tests need to be skipped in this case, yes,
> but by no means all. Remove the $() around the echo, for instance, and
> it becomes literal text which shouldn't be flagged.
Of course, you got what I meant ;)
By the way, as I type there's another archive wide run processing all of i386
with the changes I originally attached. If there any new false positives we
will know soon :)
(50% now; I should have better copied the mirror to the desktop machine
instead of running it on my netbook ):
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
