shellcheck icon indicating copy to clipboard operation
shellcheck copied to clipboard
verified publisher icon koalaman

Arbitrary code when using eq and when using test in if statements

Open nitrocode opened this issue 1 year ago • 2 comments

Ref https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash/#fnref-source

Is there a way for shellcheck to catch these weaknesses and offer better alternatives?

nitrocode avatar Jan 27 '25 07:01 nitrocode

Thx for positng

On Sun, Jan 26, 2025 at 11:06 PM RB @.***> wrote:

Ref https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash/#fnref-source

Is there a way for shellcheck to catch these weaknesses and offer better alternatives?

— Reply to this email directly, view it on GitHub https://github.com/koalaman/shellcheck/issues/3131, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUF2F25NZSPDR3AFA4OYVCL2MXLFZAVCNFSM6AAAAABV5L6TBOVHI2DSMVQWIX3LMV43ASLTON2WKOZSHAYTEMRTGYZDIMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

wileyhy avatar Feb 05 '25 04:02 wileyhy

One possible fix is to write POSIX shell scripts. Good old POSIX test does not support array and thus also doesn't resolve indexes :-)

sideeffect42 avatar Feb 07 '25 08:02 sideeffect42