bash version 5.0.3(1)-release, Debian package 5.0-4, amd64.
Prompted by a discussion with someone in IRC.
unicorn:~$ key='$(date >&2)'
unicorn:~$ declare -A aa
unicorn:~$ aa[$key]=foo
unicorn:~$ echo "${aa[$key]}"
foo
unicorn:~$ [[ -v aa[$key] ]]
Mon Nov 9 18:17:30 EST 2020
bash: aa: bad array subscript
unicorn:~$ [[ -v 'aa[$key]' ]]
unicorn:~$
It's well-known that handing an unsanitized index to an *indexed* array
causes code injection when the index is evaluated in a math context, but
the code injection from -v with an *associative* array is a new one to me.
It's especially confusing because it doesn't happen with assignments or
expansions -- just with -v.
It seems single-quoting the array name + square brackets + key "works" to
avoid the code injection, but it's not clear to me why that's needed.
