bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

//! SC2046: Quote command substitutions to prevent word splitting
//!
//! Detects unquoted command substitutions like $(cmd) or `cmd` that could
//! cause word splitting on the output.
//!
//! References:
//! - https://www.shellcheck.net/wiki/SC2046

use crate::linter::{Diagnostic, Fix, LintResult, Severity, Span};
use regex::Regex;

/// Check for unquoted command substitutions (SC2046)
static CMD_SUB_PATTERN: std::sync::LazyLock<Regex> =
    std::sync::LazyLock::new(|| Regex::new(r#"(?m)(?P<pre>[^"']|^)\$\((?P<cmd>[^)]+)\)"#).unwrap());
static BACKTICK_PATTERN: std::sync::LazyLock<Regex> =
    std::sync::LazyLock::new(|| Regex::new(r#"(?m)(?P<pre>[^"']|^)`(?P<cmd>[^`]+)`"#).unwrap());

pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    // Pattern for command substitution: $(...)
    let cmd_sub_pattern = &*CMD_SUB_PATTERN;

    // Pattern for backtick command substitution: `...`
    let backtick_pattern = &*BACKTICK_PATTERN;

    for (line_num, line) in source.lines().enumerate() {
        let line_num = line_num + 1;

        // Skip comments
        if line.trim_start().starts_with('#') {
            continue;
        }

        // Check $(...) substitutions
        for cap in cmd_sub_pattern.captures_iter(line) {
            // Find the actual $( position (not including 'pre' capture)
            let cmd_match = cap.name("cmd").unwrap();
            let dollar_paren_pos = line[..cmd_match.start()]
                .rfind("$(")
                .unwrap_or(cmd_match.start());

            let col = dollar_paren_pos + 1; // 1-indexed
            let end_col = cmd_match.end() + 2; // +1 for ) and +1 for 1-indexing

            // Check if already quoted
            if dollar_paren_pos > 0 && line.chars().nth(dollar_paren_pos - 1) == Some('"') {
                continue;
            }

            let span = Span::new(line_num, col, line_num, end_col);
            let cmd_text = format!("$({})", cmd_match.as_str());
            let fix = Fix::new(format!("\"{}\"", cmd_text));

            let diag = Diagnostic::new(
                "SC2046",
                Severity::Warning,
                format!("Quote this to prevent word splitting: {}", cmd_text),
                span,
            )
            .with_fix(fix);

            result.add(diag);
        }

        // Check backtick substitutions
        for cap in backtick_pattern.captures_iter(line) {
            // Find the actual backtick position (not including 'pre' capture)
            let cmd_match = cap.name("cmd").unwrap();
            let backtick_pos = line[..cmd_match.start()]
                .rfind('`')
                .unwrap_or(cmd_match.start());

            let col = backtick_pos + 1; // 1-indexed
            let end_col = cmd_match.end() + 2; // +1 for closing ` and +1 for 1-indexing

            let span = Span::new(line_num, col, line_num, end_col);
            let cmd = cmd_match.as_str();
            let fix = Fix::new(format!("\"$({})\"", cmd));

            let diag = Diagnostic::new(
                "SC2046",
                Severity::Warning,
                "Quote this and use $(...) instead of backticks".to_string(),
                span,
            )
            .with_fix(fix);

            result.add(diag);
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sc2046_basic_detection() {
        let bash_code = "files=$(find . -name '*.txt')";
        let result = check(bash_code);

        assert_eq!(result.diagnostics.len(), 1);
        assert_eq!(result.diagnostics[0].code, "SC2046");
        assert!(result.diagnostics[0].message.contains("Quote this"));
    }

    #[test]
    fn test_sc2046_autofix() {
        let bash_code = "files=$(ls)";
        let result = check(bash_code);

        assert!(result.diagnostics[0].fix.is_some());
        assert_eq!(
            result.diagnostics[0].fix.as_ref().unwrap().replacement,
            "\"$(ls)\""
        );
    }

    #[test]
    fn test_sc2046_backtick_detection() {
        let bash_code = "files=`ls *.txt`";
        let result = check(bash_code);

        assert_eq!(result.diagnostics.len(), 1);
        assert_eq!(result.diagnostics[0].code, "SC2046");
        assert!(result.diagnostics[0].message.contains("backticks"));
    }

    #[test]
    fn test_sc2046_backtick_autofix() {
        let bash_code = "files=`ls`";
        let result = check(bash_code);

        assert!(result.diagnostics[0].fix.is_some());
        assert_eq!(
            result.diagnostics[0].fix.as_ref().unwrap().replacement,
            "\"$(ls)\""
        );
    }

    #[test]
    fn test_sc2046_skip_quoted() {
        let bash_code = r#"files="$(find . -name '*.txt')""#;
        let result = check(bash_code);

        // Should NOT trigger - already quoted
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2046_multiple_substitutions() {
        let bash_code = r#"
result=$(echo $(cat file.txt))
"#;
        let result = check(bash_code);

        // Should detect nested unquoted substitutions
        assert!(!result.diagnostics.is_empty());
    }

    #[test]
    fn test_sc2046_severity() {
        let bash_code = "files=$(ls)";
        let result = check(bash_code);

        assert_eq!(result.diagnostics[0].severity, Severity::Warning);
    }
}