From d250534e8a1c1d05f4b7cfeb71e653b32a3e9a59 Mon Sep 17 00:00:00 2001 From: Thanh Ha Date: Wed, 15 Jan 2020 18:27:05 -0500 Subject: [PATCH] Resolve shellcheck SC2086 double quote SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Thanh Ha Change-Id: Ib5fee4b949ec02e265b9d0e628a36ce63ce18784 --- jenkins-init-scripts/init.sh | 4 ++-- jenkins-init-scripts/lf-env.sh | 18 +++++++++++------- shell/jenkins-configure-clouds.sh | 6 +++--- shell/job-cost.sh | 10 +++++----- shell/npm-config.sh | 2 +- shell/openstack-stack-delete.sh | 2 +- shell/packer-build.sh | 2 +- shell/sudo-logs.sh | 14 +++++++------- shell/whitesource-unified-agent-cli.sh | 5 +++++ 9 files changed, 36 insertions(+), 27 deletions(-) diff --git a/jenkins-init-scripts/init.sh b/jenkins-init-scripts/init.sh index 66053b0d..69c90130 100755 --- a/jenkins-init-scripts/init.sh +++ b/jenkins-init-scripts/init.sh @@ -25,8 +25,8 @@ fi # Create the jenkins user last so that hopefully we DO NOT have to deal with # guard files -$jjb_init_scripts/create-jenkins-user.sh +"$jjb_init_scripts/create-jenkins-user.sh" -cp $jjb_init_scripts/lf-env.sh ~jenkins/ +cp "$jjb_init_scripts/lf-env.sh" ~jenkins/ chmod 644 ~jenkins/lf-env.sh chown jenkins:jenkins ~jenkins/lf-env.sh diff --git a/jenkins-init-scripts/lf-env.sh b/jenkins-init-scripts/lf-env.sh index ad554f64..da51d4b9 100644 --- a/jenkins-init-scripts/lf-env.sh +++ b/jenkins-init-scripts/lf-env.sh @@ -159,7 +159,7 @@ function lf-activate-venv() *) lf-echo-stderr "${FUNCNAME[0]}(): ERROR: Unknown switch '$1'." ; return 1 ;; esac done - if ! type $python > /dev/null; then + if ! type "$python" > /dev/null; then lf-echo-stderr "${FUNCNAME[0]}(): ERROR: Unknown Python: $python" return 1 fi @@ -170,14 +170,16 @@ function lf-activate-venv() python2*) local pkg_list="$*" # For Python2, just create venv and install pip - virtualenv -p $python $lf_venv || return 1 - $lf_venv/bin/pip install --upgrade --quiet pip || return 1 + virtualenv -p "$python" "$lf_venv" || return 1 + "$lf_venv/bin/pip" install --upgrade --quiet pip || return 1 if [[ -z $pkg_list ]]; then echo "${FUNCNAME[0]}(): WARNING: No packages to install" return 0 fi echo "${FUNCNAME[0]}(): INFO: Installing: $pkg_list" - $lf_venv/bin/pip install --upgrade --quiet $pkg_list || return 1 + # $pkg_list is expected to be unquoted + # shellcheck disable=SC2086 + "$lf_venv/bin/pip" install --upgrade --quiet $pkg_list || return 1 ;; python3*) local pkg_list="" @@ -188,14 +190,16 @@ function lf-activate-venv() *) pkg_list+="$arg " ;; esac done - $python -m venv $install_args $lf_venv || return 1 - $lf_venv/bin/pip install --upgrade --quiet pip virtualenv || return 1 + $python -m venv "$install_args" "$lf_venv" || return 1 + "$lf_venv/bin/pip" install --upgrade --quiet pip virtualenv || return 1 if [[ -z $pkg_list ]]; then echo "${FUNCNAME[0]}(): WARNING: No packages to install" return 0 fi echo "${FUNCNAME[0]}(): INFO: Installing: $pkg_list" - $lf_venv/bin/pip install --upgrade --quiet --upgrade-strategy eager \ + # $pkg_list is expected to be unquoted + # shellcheck disable=SC2086 + "$lf_venv/bin/pip" install --upgrade --quiet --upgrade-strategy eager \ $pkg_list || return 1 ;; *) diff --git a/shell/jenkins-configure-clouds.sh b/shell/jenkins-configure-clouds.sh index 8f7b3a85..405ecedf 100644 --- a/shell/jenkins-configure-clouds.sh +++ b/shell/jenkins-configure-clouds.sh @@ -53,11 +53,11 @@ testversion() { local current_val="$1" operator="$2" test_value="$3" awk -vv1="$current_val" -vv2="$test_value" 'BEGIN { split(v1, a, /\:/); - if (a[2] == '$test_value') { - exit (a[2] == '$test_value') ? 0 : 1 + if (a[2] == '"$test_value"') { + exit (a[2] == '"$test_value"') ? 0 : 1 } else { - exit (a[2] '$operator' '$test_value') ? 0 : 1 + exit (a[2] '"$operator"' '"$test_value"') ? 0 : 1 } }' } diff --git a/shell/job-cost.sh b/shell/job-cost.sh index d3ee81e8..6493a6ef 100644 --- a/shell/job-cost.sh +++ b/shell/job-cost.sh @@ -47,13 +47,13 @@ instance_type=$(curl -s http://169.254.169.254/latest/meta-data/instance-type) echo "INFO: Retrieving Pricing Info for: $instance_type" url="https://pricing.vexxhost.net/v1/pricing/$instance_type/cost?seconds=$uptime" -jason_block=$(curl -s $url) +jason_block=$(curl -s "$url") -cost=$(jq .cost <<< $jason_block) -resource=$(jq .resource <<< $jason_block | tr -d '"') +cost=$(jq .cost <<< "$jason_block") +resource=$(jq .resource <<< "$jason_block" | tr -d '"') # Archive the cost date -mkdir -p $WORKSPACE/archives/cost +mkdir -p "$WORKSPACE/archives/cost" echo "INFO: Archiving Costs" @@ -61,7 +61,7 @@ echo "INFO: Archiving Costs" # This format is readable by spreadsheet and is easily sortable date=$(TZ=GMT date +'%Y-%m-%d %H:%M:%S') -cat << EOF > $WORKSPACE/archives/cost.csv +cat << EOF > "$WORKSPACE/archives/cost.csv" $JOB_NAME,$BUILD_NUMBER,$date,$resource,$uptime,$cost,$stack_cost EOF diff --git a/shell/npm-config.sh b/shell/npm-config.sh index 749e7e58..96845020 100644 --- a/shell/npm-config.sh +++ b/shell/npm-config.sh @@ -55,5 +55,5 @@ do_config() { auth_token=$(echo -n "$USER":"$PASS" | openssl base64) # Write .npmrc - echo '//'$NPM_REGISTRY':_auth'$auth_token >> $HOME/.npmrc + echo "//$NPM_REGISTRY:_auth$auth_token" >> "$HOME/.npmrc" } diff --git a/shell/openstack-stack-delete.sh b/shell/openstack-stack-delete.sh index 6124c7e2..79da58af 100644 --- a/shell/openstack-stack-delete.sh +++ b/shell/openstack-stack-delete.sh @@ -18,7 +18,7 @@ source ~/lf-env.sh lf-activate-venv lftools[openstack] python-openstackclient echo "INFO: Retrieving stack cost for: $OS_STACK_NAME" -if ! lftools openstack --os-cloud $OS_CLOUD stack cost $OS_STACK_NAME > stack-cost; then +if ! lftools openstack --os-cloud "$OS_CLOUD" stack cost "$OS_STACK_NAME" > stack-cost; then echo "WARNING: Unable to get stack costs, continuing anyway" echo "total: 0" > stack-cost else diff --git a/shell/packer-build.sh b/shell/packer-build.sh index b015271c..0d9d68d5 100644 --- a/shell/packer-build.sh +++ b/shell/packer-build.sh @@ -53,7 +53,7 @@ if [[ ${UPDATE_CLOUD_IMAGE} ]]; then # Copy variables.prop to variables.jenkins-trigger so that the end of build # trigger can pick up the file as input for triggering downstream jobs. # Dont tigger downstream job when UPDATE_CLOUD_IMAGE is set to 'false' - cp $WORKSPACE/variables.prop $WORKSPACE/variables.jenkins-trigger + cp "$WORKSPACE/variables.prop" "$WORKSPACE/variables.jenkins-trigger" fi # Retrive the list of cloud providers diff --git a/shell/sudo-logs.sh b/shell/sudo-logs.sh index d925434f..29e54df7 100755 --- a/shell/sudo-logs.sh +++ b/shell/sudo-logs.sh @@ -17,24 +17,24 @@ function copy_log() { case $os in fedora|centos|redhat|ubuntu|debian) - if ! sudo cp $sudo_log /tmp; then + if ! sudo cp "$sudo_log" /tmp; then echo "Unable to archive 'sudo' logs ($sudo_log)" return fi ;; suse) # Do I need 'sudo' to run 'journalctl'? - journalctl | grep sudo > $sudo_log + journalctl | grep sudo > "$sudo_log" ;; *) echo "Unexpected 'operatingsystem': $os" exit 1 ;; esac - sudo_log=$(basename $sudo_log) - sudo chown jenkins:jenkins /tmp/$sudo_log - chmod 0644 /tmp/$sudo_log - mkdir -p $WORKSPACE/archives/sudo - mv /tmp/$sudo_log $WORKSPACE/archives/sudo/$sudo_log + sudo_log=$(basename "$sudo_log") + sudo chown jenkins:jenkins "/tmp/$sudo_log" + chmod 0644 "/tmp/$sudo_log" + mkdir -p "$WORKSPACE/archives/sudo" + mv "/tmp/$sudo_log" "$WORKSPACE/archives/sudo/$sudo_log" } # End copy_log() diff --git a/shell/whitesource-unified-agent-cli.sh b/shell/whitesource-unified-agent-cli.sh index 94dd3670..a73e8521 100644 --- a/shell/whitesource-unified-agent-cli.sh +++ b/shell/whitesource-unified-agent-cli.sh @@ -20,8 +20,13 @@ echo "---> whitesource-unified-agent-cli.sh" jar_location="/tmp/wss-unified-agent-${WSS_UNIFIED_AGENT_VERSION}.jar" wss_unified_agent_url="https://s3.amazonaws.com/unified-agent/wss-unified-agent-${WSS_UNIFIED_AGENT_VERSION}.jar" wget -nv "${wss_unified_agent_url}" -O "${jar_location}" + echo "---> Running WhiteSource Unified Agent CLI ..." + +# WSS_UNIFIED_AGENT_OPTIONS & JAVA_OPTS are expected to be unquoted +# shellcheck disable=SC2086 java ${JAVA_OPTS:-} -jar "${jar_location}" -c wss-unified-agent.config \ -product "${WSS_PRODUCT_NAME}" -project "${WSS_PROJECT_NAME}" \ -projectVersion "${GERRIT_BRANCH}" ${WSS_UNIFIED_AGENT_OPTIONS:-} + rm "${jar_location}" -- 2.16.6