Package: devscripts
Version: 2.24.1
Severity: normal
X-Debbugs-Cc: spa...@gmail.com
Dear Maintainer,
While running checkbashisms against my system I encountered a number of
false positives and a few other apparent misbehaviors. The attached patch
makes the following changes:
False positive fixes:
Ignore "((" if the second "(" is closed by a single ")".
Ignore ${RANDOM if it's followed by /:?[=?-]/ which indicates probably-
appropriate fallback behavior.
Ignore "[[" in a frequent pattern used by scripts from the XDG project.
Suggested syntax fix:
replace ' with " in the suggested "printf -v" replacement
Minor improvement:
Include the trailing "}" in a match of "${RANDOM"
This bug is being filed from a non-debian system. I apologize for any tooling
misbehavior or incorrect information.
-- System Information:
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.10-arch1-1 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 85958b38..32f01024 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,12 @@
devscripts (2.24.2) UNRELEASED; urgency=medium
- * Init changelog.
+ [ Clarence "Sparr" Risher ]
+ * checkbashisms:
+ + Include trailing } in ${RANDOM} match
+ + Exclude ${RANDOM: matches
+ + Fix quoting in printf -v message
+ + Avoid common XDG project false positives in [[ check
+ + Handle nested single parentheses in double parentheses check
-- Mattia Rizzolo <mat...@debian.org> Wed, 18 Sep 2024 21:09:20 +0200
diff --git a/scripts/checkbashisms.pl b/scripts/checkbashisms.pl
index b775e51e..2d3d6cbb 100755
--- a/scripts/checkbashisms.pl
+++ b/scripts/checkbashisms.pl
@@ -660,12 +660,13 @@ sub init_hashes {
$LEADIN . qr'echo\s+(-n\s+)?-n?en?\s' => q<echo -e>,
$LEADIN . qr'exec\s+-[acl]' => q<exec -c/-l/-a name>,
$LEADIN . qr'let\s' => q<let ...>,
- qr'(?<![\$\(])\(\(.*\)\)' => q<'((' should be '$(('>,
+ qr'(?<![\$\(])\(\([^()]*?(?:[^)]*?\(.*?\)[^(]*?)*?[^()]*?\)\)' =>
+ q<'((' should be '$(('>,
qr'(?:^|\s+)(\[|test)\s+-a' => q<test with unary -a (should be -e)>,
qr'\&>' => q<should be \>word 2\>&1>,
qr'(<\&|>\&)\s*((-|\d+)[^\s;|)}`&\\\\]|[^-\d\s]+(?<!\$)(?!\d))' =>
q<should be \>word 2\>&1>,
- qr'\[\[(?!:)' =>
+ qr'(?<xdg_common_false_positive>(?<!command="\$\(grep -E
"\^Exec\(\\))\[\[(?!:)' =>
q<alternative test command ([[ foo ]] should be [ foo ])>,
qr'/dev/(tcp|udp)' => q</dev/(tcp|udp)>,
$LEADIN . qr'builtin\s' => q<builtin>,
@@ -703,7 +704,7 @@
qr'(?:^|\s)(?<func>function\s)?\s*(?:[^<>\(\)\[\]\{\};|\s]*[^<>\(\)\[\]\{\};|\s\
qr'\[\^[^]]+\]' => q<[^] should be [!]>,
$LEADIN
. qr'printf\s+-v' =>
- q<'printf -v var ...' should be var='$(printf ...)'>,
+ q<'printf -v var ...' should be var="$(printf ...)">,
$LEADIN . qr'coproc\s' => q<coproc>,
qr';;?&' => q<;;& and ;& special case operators>,
$LEADIN . qr'jobs\s' => q<jobs>,
@@ -741,7 +742,7 @@
qr'(?:^|\s)(?<func>function\s)?\s*(?:[^<>\(\)\[\]\{\};|\s]*[^<>\(\)\[\]\{\};|\s\
qr'\$\{(?:\w+|@|\*)(/.+?){1,2}\}' => q<${parm/?/pat[/str]}>,
qr'\$\{\#?\w+\[.+\](?:[/,:#%^].+?)?\}' =>
q<bash arrays, ${name[0|*|@]}>,
- qr'\$\{?RANDOM\}?\b' => q<$RANDOM>,
+ qr'\$(?:RANDOM|\{RANDOM(?!(?::?[=?-]))(?::.+)?\})(?:\b|(?=$))' =>
q<$RANDOM>,
qr'\$\{?(OS|MACH)TYPE\}?\b' => q<$(OS|MACH)TYPE>,
qr'\$\{?HOST(TYPE|NAME)\}?\b' => q<$HOST(TYPE|NAME)>,
qr'\$\{?DIRSTACK\}?\b' => q<$DIRSTACK>,
