bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

// SC2161: Use 'cd ... || exit' to handle cd failures.
//
// cd can fail if directory doesn't exist or lacks permissions.
// Always check for errors or the script continues in wrong directory.
//
// Examples:
// Bad:
//   cd "$dir"                    // Ignores failure
//   cd /nonexistent; rm -rf *    // Dangerous if cd fails!
//
// Good:
//   cd "$dir" || exit            // Exit on failure
//   cd "$dir" || return 1        // Return error in function
//   if ! cd "$dir"; then         // Explicit check
//     echo "Failed"
//     exit 1
//   fi
//
// Impact: Script continues in wrong directory, data loss risk

use crate::linter::{Diagnostic, LintResult, Severity, Span};
use regex::Regex;

static CD_WITHOUT_CHECK: std::sync::LazyLock<Regex> =
    std::sync::LazyLock::new(|| Regex::new(r"^\s*cd\s+[^|;&]+$").unwrap());

pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    for (line_num, line) in source.lines().enumerate() {
        let line_num = line_num + 1;

        if line.trim_start().starts_with('#') {
            continue;
        }

        // Check for cd without error handling
        if CD_WITHOUT_CHECK.is_match(line) {
            // Make sure it's actually a cd command
            if line.trim().starts_with("cd ") {
                let start_col = 1;
                let end_col = line.len() + 1;

                let diagnostic = Diagnostic::new(
                    "SC2161",
                    Severity::Warning,
                    "Use 'cd ... || exit' or check for errors".to_string(),
                    Span::new(line_num, start_col, line_num, end_col),
                );

                result.add(diagnostic);
            }
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sc2161_cd_without_check() {
        let code = r#"cd "$dir""#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2161_cd_or_exit_ok() {
        let code = r#"cd "$dir" || exit"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2161_cd_or_return_ok() {
        let code = r#"cd "$dir" || return 1"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2161_cd_and_ok() {
        let code = r#"cd "$dir" && ls"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2161_if_cd_ok() {
        let code = r#"if cd "$dir"; then"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2161_comment_ok() {
        let code = r#"# cd /tmp"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2161_cd_home() {
        let code = "cd ~";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2161_cd_semicolon() {
        let code = "cd /tmp; ls";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2161_multiple() {
        let code = "cd /tmp\ncd /var";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 2);
    }

    #[test]
    fn test_sc2161_cd_pipe() {
        let code = "cd /tmp | tee log";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }
}