diff options
| author | rillig <rillig@pkgsrc.org> | 2006-01-12 13:51:54 +0000 |
|---|---|---|
| committer | rillig <rillig@pkgsrc.org> | 2006-01-12 13:51:54 +0000 |
| commit | 0740dd8c6c04c6c97b306ead3da3eebed6ca2fed (patch) | |
| tree | d0a1c2a842721e633e4cc90590ff60e68968ee7a /pkgtools | |
| parent | 4e7d32e7142f1e6efb3677e9f530cce859d4f3b3 (diff) | |
| download | pkgsrc-0740dd8c6c04c6c97b306ead3da3eebed6ca2fed.tar.gz | |
- Allow '^' to appear unquoted in shell programs, although it ``is an
obsolete synonym for the pipe operator "|", so you must protect it with
quotes''. (Kernighan/Pike, The UNIX Programming Environment, 1984.)
- $@ is another well-known shell variable.
- All substitution arguments to ${SED} and ${PAX} should be quoted whether
they contain special characters or not.
Diffstat (limited to 'pkgtools')
| -rw-r--r-- | pkgtools/pkglint/files/pkglint.pl | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/pkgtools/pkglint/files/pkglint.pl b/pkgtools/pkglint/files/pkglint.pl index 8bc962d618a..f62d4f7da51 100644 --- a/pkgtools/pkglint/files/pkglint.pl +++ b/pkgtools/pkglint/files/pkglint.pl @@ -1,5 +1,5 @@ #! @PERL@ -# $NetBSD: pkglint.pl,v 1.468 2006/01/12 13:19:57 rillig Exp $ +# $NetBSD: pkglint.pl,v 1.469 2006/01/12 13:51:54 rillig Exp $ # # pkglint - static analyzer and checker for pkgsrc packages @@ -2008,7 +2008,7 @@ sub checkline_mk_shellword($$$) { } } elsif ($state == SWST_PLAIN) { - if ($rest =~ s/^[!\%&\(\)*+,\-.\/0-9:;<=>?\@A-Z\[\]_a-z{|}~]+//) { + if ($rest =~ s/^[!\%&\(\)*+,\-.\/0-9:;<=>?\@A-Z\[\]^_a-z{|}~]+//) { } elsif ($rest =~ s/^\'//) { $state = SWST_SQUOT; } elsif ($rest =~ s/^\"//) { @@ -2047,7 +2047,7 @@ sub checkline_mk_shellword($$$) { } elsif ($rest =~ s/^[^\$"\\\`]//) { } elsif ($rest =~ s/^\\(?:[\\\"\`]|\$\$)//) { } elsif ($rest =~ s/^\$\$\{([0-9A-Za-z_]+)\}// - || $rest =~ s/^\$\$([0-9A-Z_a-z]+|[!#?])//) { + || $rest =~ s/^\$\$([0-9A-Z_a-z]+|[!#?\@])//) { my ($varname) = ($1); $line->log_debug("[checkline_mk_shellword] Found double-quoted variable ${varname}."); } elsif ($rest =~ s/^\$\$//) { @@ -2165,6 +2165,16 @@ sub checkline_mk_shelltext($$) { "INSTALL_MAN_DIR, INSTALL_DATA_DIR."); } + if ($state == SCST_PAX_S || $state == SCST_SED_E) { + if ($shellword !~ qr"^[\"\'].*[\"\']$") { + $line->log_warning("Substitution commands like \"${shellword}\" should always be quoted."); + $line->explain( + "Usually these substitution commands contain characters like '*' or", + "other shell metacharacters that might lead to lookup of matching", + "filenames and then expand to more than one word."); + } + } + if ($opt_warn_extra && $shellword eq "|") { $line->log_warning("The exitcode of the left-hand-side command of the pipe operator is ignored."); $line->explain( |