From d250534e8a1c1d05f4b7cfeb71e653b32a3e9a59 Mon Sep 17 00:00:00 2001
From: Thanh Ha <zxiiro@gmail.com>
Date: Wed, 15 Jan 2020 18:27:05 -0500
Subject: [PATCH] Resolve shellcheck SC2086 double quote

SC2086: Double quote to prevent globbing and word splitting.

Signed-off-by: Thanh Ha <zxiiro@gmail.com>
Change-Id: Ib5fee4b949ec02e265b9d0e628a36ce63ce18784
---
 jenkins-init-scripts/init.sh           |  4 ++--
 jenkins-init-scripts/lf-env.sh         | 18 +++++++++++-------
 shell/jenkins-configure-clouds.sh      |  6 +++---
 shell/job-cost.sh                      | 10 +++++-----
 shell/npm-config.sh                    |  2 +-
 shell/openstack-stack-delete.sh        |  2 +-
 shell/packer-build.sh                  |  2 +-
 shell/sudo-logs.sh                     | 14 +++++++-------
 shell/whitesource-unified-agent-cli.sh |  5 +++++
 9 files changed, 36 insertions(+), 27 deletions(-)

diff --git a/jenkins-init-scripts/init.sh b/jenkins-init-scripts/init.sh
index 66053b0d..69c90130 100755
--- a/jenkins-init-scripts/init.sh
+++ b/jenkins-init-scripts/init.sh
@@ -25,8 +25,8 @@ fi
 
 # Create the jenkins user last so that hopefully we DO NOT have to deal with
 # guard files
-$jjb_init_scripts/create-jenkins-user.sh
+"$jjb_init_scripts/create-jenkins-user.sh"
 
-cp $jjb_init_scripts/lf-env.sh ~jenkins/
+cp "$jjb_init_scripts/lf-env.sh" ~jenkins/
 chmod 644 ~jenkins/lf-env.sh
 chown jenkins:jenkins ~jenkins/lf-env.sh
diff --git a/jenkins-init-scripts/lf-env.sh b/jenkins-init-scripts/lf-env.sh
index ad554f64..da51d4b9 100644
--- a/jenkins-init-scripts/lf-env.sh
+++ b/jenkins-init-scripts/lf-env.sh
@@ -159,7 +159,7 @@ function lf-activate-venv()
             *)  lf-echo-stderr "${FUNCNAME[0]}(): ERROR: Unknown switch '$1'." ; return 1 ;;
         esac
     done
-    if ! type $python > /dev/null; then
+    if ! type "$python" > /dev/null; then
         lf-echo-stderr "${FUNCNAME[0]}(): ERROR: Unknown Python: $python"
         return 1
     fi
@@ -170,14 +170,16 @@ function lf-activate-venv()
     python2*)
         local pkg_list="$*"
         # For Python2, just create venv and install pip
-        virtualenv -p $python $lf_venv || return 1
-        $lf_venv/bin/pip install --upgrade --quiet pip || return 1
+        virtualenv -p "$python" "$lf_venv" || return 1
+        "$lf_venv/bin/pip" install --upgrade --quiet pip || return 1
         if [[ -z $pkg_list ]]; then
             echo "${FUNCNAME[0]}(): WARNING: No packages to install"
             return 0
         fi
         echo "${FUNCNAME[0]}(): INFO: Installing: $pkg_list"
-        $lf_venv/bin/pip install --upgrade --quiet $pkg_list || return 1
+        # $pkg_list is expected to be unquoted
+        # shellcheck disable=SC2086
+        "$lf_venv/bin/pip" install --upgrade --quiet $pkg_list || return 1
         ;;
     python3*)
         local pkg_list=""
@@ -188,14 +190,16 @@ function lf-activate-venv()
                 *)                   pkg_list+="$arg " ;;
             esac
         done
-        $python -m venv $install_args $lf_venv || return 1
-        $lf_venv/bin/pip install --upgrade --quiet pip virtualenv || return 1
+        $python -m venv "$install_args" "$lf_venv" || return 1
+        "$lf_venv/bin/pip" install --upgrade --quiet pip virtualenv || return 1
         if [[ -z $pkg_list ]]; then
             echo "${FUNCNAME[0]}(): WARNING: No packages to install"
             return 0
         fi
         echo "${FUNCNAME[0]}(): INFO: Installing: $pkg_list"
-        $lf_venv/bin/pip install --upgrade --quiet --upgrade-strategy eager \
+        # $pkg_list is expected to be unquoted
+        # shellcheck disable=SC2086
+        "$lf_venv/bin/pip" install --upgrade --quiet --upgrade-strategy eager \
                              $pkg_list || return 1
         ;;
     *)
diff --git a/shell/jenkins-configure-clouds.sh b/shell/jenkins-configure-clouds.sh
index 8f7b3a85..405ecedf 100644
--- a/shell/jenkins-configure-clouds.sh
+++ b/shell/jenkins-configure-clouds.sh
@@ -53,11 +53,11 @@ testversion() {
     local current_val="$1" operator="$2" test_value="$3"
     awk -vv1="$current_val" -vv2="$test_value" 'BEGIN {
       split(v1, a, /\:/);
-      if (a[2] == '$test_value') {
-        exit (a[2] == '$test_value') ? 0 : 1
+      if (a[2] == '"$test_value"') {
+        exit (a[2] == '"$test_value"') ? 0 : 1
       }
       else {
-        exit (a[2] '$operator' '$test_value') ? 0 : 1
+        exit (a[2] '"$operator"' '"$test_value"') ? 0 : 1
       }
     }'
 }
diff --git a/shell/job-cost.sh b/shell/job-cost.sh
index d3ee81e8..6493a6ef 100644
--- a/shell/job-cost.sh
+++ b/shell/job-cost.sh
@@ -47,13 +47,13 @@ instance_type=$(curl -s http://169.254.169.254/latest/meta-data/instance-type)
 
 echo "INFO: Retrieving Pricing Info for: $instance_type"
 url="https://pricing.vexxhost.net/v1/pricing/$instance_type/cost?seconds=$uptime"
-jason_block=$(curl -s $url)
+jason_block=$(curl -s "$url")
 
-cost=$(jq .cost <<< $jason_block)
-resource=$(jq .resource <<< $jason_block | tr -d '"')
+cost=$(jq .cost <<< "$jason_block")
+resource=$(jq .resource <<< "$jason_block" | tr -d '"')
 
 # Archive the cost date
-mkdir -p $WORKSPACE/archives/cost
+mkdir -p "$WORKSPACE/archives/cost"
 
 echo "INFO: Archiving Costs"
 
@@ -61,7 +61,7 @@ echo "INFO: Archiving Costs"
 # This format is readable by spreadsheet and is easily sortable
 date=$(TZ=GMT date +'%Y-%m-%d %H:%M:%S')
 
-cat << EOF > $WORKSPACE/archives/cost.csv
+cat << EOF > "$WORKSPACE/archives/cost.csv"
 $JOB_NAME,$BUILD_NUMBER,$date,$resource,$uptime,$cost,$stack_cost
 EOF
 
diff --git a/shell/npm-config.sh b/shell/npm-config.sh
index 749e7e58..96845020 100644
--- a/shell/npm-config.sh
+++ b/shell/npm-config.sh
@@ -55,5 +55,5 @@ do_config() {
     auth_token=$(echo -n "$USER":"$PASS" | openssl base64)
 
     # Write .npmrc
-    echo '//'$NPM_REGISTRY':_auth'$auth_token >> $HOME/.npmrc
+    echo "//$NPM_REGISTRY:_auth$auth_token" >> "$HOME/.npmrc"
 }
diff --git a/shell/openstack-stack-delete.sh b/shell/openstack-stack-delete.sh
index 6124c7e2..79da58af 100644
--- a/shell/openstack-stack-delete.sh
+++ b/shell/openstack-stack-delete.sh
@@ -18,7 +18,7 @@ source ~/lf-env.sh
 lf-activate-venv lftools[openstack] python-openstackclient
 
 echo "INFO: Retrieving stack cost for: $OS_STACK_NAME"
-if ! lftools openstack --os-cloud $OS_CLOUD stack cost $OS_STACK_NAME > stack-cost; then
+if ! lftools openstack --os-cloud "$OS_CLOUD" stack cost "$OS_STACK_NAME" > stack-cost; then
     echo "WARNING: Unable to get stack costs, continuing anyway"
     echo "total: 0" > stack-cost
 else
diff --git a/shell/packer-build.sh b/shell/packer-build.sh
index b015271c..0d9d68d5 100644
--- a/shell/packer-build.sh
+++ b/shell/packer-build.sh
@@ -53,7 +53,7 @@ if [[ ${UPDATE_CLOUD_IMAGE} ]]; then
     # Copy variables.prop to variables.jenkins-trigger so that the end of build
     # trigger can pick up the file as input for triggering downstream jobs.
     # Dont tigger downstream job when UPDATE_CLOUD_IMAGE is set to 'false'
-    cp $WORKSPACE/variables.prop $WORKSPACE/variables.jenkins-trigger
+    cp "$WORKSPACE/variables.prop" "$WORKSPACE/variables.jenkins-trigger"
 fi
 
 # Retrive the list of cloud providers
diff --git a/shell/sudo-logs.sh b/shell/sudo-logs.sh
index d925434f..29e54df7 100755
--- a/shell/sudo-logs.sh
+++ b/shell/sudo-logs.sh
@@ -17,24 +17,24 @@ function copy_log()
 {
     case $os in
         fedora|centos|redhat|ubuntu|debian)
-            if ! sudo cp $sudo_log /tmp; then
+            if ! sudo cp "$sudo_log" /tmp; then
                 echo "Unable to archive 'sudo' logs ($sudo_log)"
                 return
             fi
             ;;
         suse)
             # Do I need 'sudo' to run 'journalctl'?
-            journalctl | grep sudo > $sudo_log
+            journalctl | grep sudo > "$sudo_log"
             ;;
         *)  echo "Unexpected 'operatingsystem': $os"
             exit 1
             ;;
     esac
-    sudo_log=$(basename $sudo_log)
-    sudo chown jenkins:jenkins /tmp/$sudo_log
-    chmod 0644 /tmp/$sudo_log
-    mkdir -p $WORKSPACE/archives/sudo
-    mv /tmp/$sudo_log $WORKSPACE/archives/sudo/$sudo_log
+    sudo_log=$(basename "$sudo_log")
+    sudo chown jenkins:jenkins "/tmp/$sudo_log"
+    chmod 0644 "/tmp/$sudo_log"
+    mkdir -p "$WORKSPACE/archives/sudo"
+    mv "/tmp/$sudo_log" "$WORKSPACE/archives/sudo/$sudo_log"
 
 }    # End copy_log()
 
diff --git a/shell/whitesource-unified-agent-cli.sh b/shell/whitesource-unified-agent-cli.sh
index 94dd3670..a73e8521 100644
--- a/shell/whitesource-unified-agent-cli.sh
+++ b/shell/whitesource-unified-agent-cli.sh
@@ -20,8 +20,13 @@ echo "---> whitesource-unified-agent-cli.sh"
 jar_location="/tmp/wss-unified-agent-${WSS_UNIFIED_AGENT_VERSION}.jar"
 wss_unified_agent_url="https://s3.amazonaws.com/unified-agent/wss-unified-agent-${WSS_UNIFIED_AGENT_VERSION}.jar"
 wget -nv "${wss_unified_agent_url}" -O "${jar_location}"
+
 echo "---> Running WhiteSource Unified Agent CLI ..."
+
+# WSS_UNIFIED_AGENT_OPTIONS & JAVA_OPTS are expected to be unquoted
+# shellcheck disable=SC2086
 java ${JAVA_OPTS:-} -jar "${jar_location}" -c wss-unified-agent.config \
     -product "${WSS_PRODUCT_NAME}" -project "${WSS_PROJECT_NAME}" \
     -projectVersion "${GERRIT_BRANCH}" ${WSS_UNIFIED_AGENT_OPTIONS:-}
+
 rm "${jar_location}"
-- 
2.16.6