bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

// SC2036: Quotes in backticks need escaping. Use $( ) instead or escape quotes.
//
// Backticks are the old-style command substitution. Inside backticks, quotes need
// to be escaped with backslashes. Unescaped quotes can cause unexpected behavior.
//
// Examples:
// Bad:
//   result=`echo "hello world"`    // Quotes not escaped
//   out=`grep "pattern" file`      // Can fail
//
// Good:
//   result=`echo \"hello world\"`  // Escaped quotes
//   result=$(echo "hello world")   // Modern syntax (preferred)
//
// Note: $( ) is preferred over backticks because it handles nesting better
// and doesn't require escaping.

use crate::linter::{Diagnostic, LintResult, Severity, Span};
use regex::Regex;

static BACKTICK_WITH_UNESCAPED_QUOTES: std::sync::LazyLock<Regex> =
    std::sync::LazyLock::new(|| {
        // Match: `...unescaped "...'`
        // Look for backticks containing unescaped double or single quotes
        Regex::new(r#"`([^`]*[^\\])?(["'])([^`]*)`"#).unwrap()
    });

/// Check if line should be analyzed (has backticks and quotes)
fn should_check_line(line: &str) -> bool {
    line.contains('`') && (line.contains('"') || line.contains('\''))
}

/// Check if character at position is a quote
fn is_quote(c: char) -> bool {
    c == '"' || c == '\''
}

/// Check if quote at position is escaped
fn is_escaped_quote(chars: &[char], pos: usize) -> bool {
    pos > 0 && chars[pos - 1] == '\\'
}

/// Check if character at position is an unescaped quote
fn is_unescaped_quote(chars: &[char], pos: usize) -> bool {
    is_quote(chars[pos]) && !is_escaped_quote(chars, pos)
}

/// Find unescaped quote position inside backtick expression
fn find_unescaped_quote_in_backticks(chars: &[char], start: usize) -> Option<usize> {
    let mut i = start + 1; // Skip opening backtick

    while i < chars.len() && chars[i] != '`' {
        if is_unescaped_quote(chars, i) {
            return Some(i);
        }
        i += 1;
    }

    None
}

/// Create diagnostic for unescaped quote in backticks
fn create_backtick_quote_diagnostic(
    line_num: usize,
    backtick_start: usize,
    quote_pos: usize,
) -> Diagnostic {
    let start_col = backtick_start + 1;
    let end_col = quote_pos + 2; // +2 to include quote

    Diagnostic::new(
        "SC2036",
        Severity::Warning,
        "Quotes in backticks need escaping. Use $( ) instead or escape with \\\"".to_string(),
        Span::new(line_num, start_col, line_num, end_col),
    )
}

pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    for (line_num, line) in source.lines().enumerate() {
        let line_num = line_num + 1;

        if line.trim_start().starts_with('#') || !should_check_line(line) {
            continue;
        }

        let chars: Vec<char> = line.chars().collect();
        let mut i = 0;

        while i < chars.len() {
            if chars[i] == '`' {
                let backtick_start = i;

                // Check for unescaped quotes inside backticks
                if let Some(quote_pos) = find_unescaped_quote_in_backticks(&chars, backtick_start) {
                    let diagnostic =
                        create_backtick_quote_diagnostic(line_num, backtick_start, quote_pos);
                    result.add(diagnostic);

                    // Skip to end of this backtick expression
                    i = quote_pos + 1;
                    while i < chars.len() && chars[i] != '`' {
                        i += 1;
                    }
                }

                if i < chars.len() && chars[i] == '`' {
                    i += 1; // Skip closing backtick
                }
            } else {
                i += 1;
            }
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sc2036_unescaped_double_quotes() {
        let code = r#"result=`echo "hello"`"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
        assert_eq!(result.diagnostics[0].code, "SC2036");
        assert_eq!(result.diagnostics[0].severity, Severity::Warning);
        assert!(result.diagnostics[0].message.contains("escaping"));
    }

    #[test]
    fn test_sc2036_unescaped_single_quotes() {
        let code = r#"result=`echo 'hello'`"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2036_escaped_quotes_ok() {
        let code = r#"result=`echo \"hello\"`"#;
        let result = check(code);
        // Escaped quotes are OK
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2036_modern_syntax_ok() {
        let code = r#"result=$(echo "hello")"#;
        let result = check(code);
        // $( ) syntax doesn't need escaping
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2036_no_quotes_ok() {
        let code = r#"result=`echo hello`"#;
        let result = check(code);
        // No quotes, no problem
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2036_grep_with_quotes() {
        let code = r#"out=`grep "pattern" file`"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2036_comment_ok() {
        let code = r#"# result=`echo "hello"`"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2036_multiple_backticks() {
        let code = r#"
a=`echo "x"`
b=`echo "y"`
"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 2);
    }

    #[test]
    fn test_sc2036_empty_backticks_ok() {
        let code = r#"result=``"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2036_quotes_outside_backticks_ok() {
        let code = r#"echo "hello" `date`"#;
        let result = check(code);
        // Quotes outside backticks are OK
        assert_eq!(result.diagnostics.len(), 0);
    }
}