top | item 33386837

(no title)

hvdijk | 3 years ago

The script does echo variables:

    echo "banned command $cmd: $output"

This is non-portable if there is any possibility that these variables contain backslashes.

discuss

nequo|3 years ago

TIL:

  dash$ x="foo\nasd"
  dash$ echo "$x"
  foo
  asd
  dash$ printf "%s\n" "$x"
  foo\nasd
  dash$

  zsh% x="foo\nasd"
  zsh% echo "$x"
  foo
  asd
  zsh% printf "%s\n" "$x"
  foo\nasd
  zsh%

  bash$ x="foo\nasd"
  bash$ echo "$x"
  foo\nasd
  bash$ printf "%s\n" "$x"
  foo\nasd
  bash$

remram|3 years ago

Wow, TIL indeed. That's conformant to the Single UNIX Specification as well: https://pubs.opengroup.org/onlinepubs/007908799/xcu/echo.htm...

norvvryo|3 years ago

Enlightening

From POSIX:

>echo - write arguments to standard output

>If the first operand is -n, or if any of the operands contain a <backslash> character, the results are implementation-defined.

fragmede|3 years ago

    bash$ echo -e $x
    foo
    asd
    bash$

TechBro8615|3 years ago

The script is for static analysis, so it only needs to run once against each code change, and in theory it shouldn't need to be portable code, unless the code under test is the static analysis code itself.

In other words, they control where this script runs and there is no need to run it on more than one platform, so it's okay for it to be non-portable.

hvdijk|3 years ago

That's fine if the script only runs on shells that behave the same way, but the script runs under bats, which runs on bash and appears to not change its xpg_echo shell option. This shell option controls echo's behaviour on bash and has a compile-time-configurable default; even scripts that are only meant to run on bash cannot assume either behaviour for echo, as different vendors use different defaults for the option.