bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

//! IDEM002: Non-idempotent rm
//!
//! **Rule**: Detect `rm` without `-f` flag
//!
//! **Why this matters**:
//! `rm` without `-f` fails if file doesn't exist, making scripts non-idempotent.
//! Re-running the script will fail instead of succeeding.
//!
//! **Auto-fix**: Add `-f` flag
//!
//! ## Examples
//!
//! ❌ **BAD** (non-idempotent):
//! ```bash
//! rm /app/current
//! ```
//!
//! ✅ **GOOD** (idempotent):
//! ```bash
//! rm -f /app/current
//! ```

use crate::linter::{Diagnostic, Fix, LintResult, Severity, Span};

/// Check for rm without -f flag
pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    for (line_num, line) in source.lines().enumerate() {
        // Look for rm without -f (but allow -rf, -fr)
        if line.contains("rm ") && !line.contains("rm -") {
            if let Some(col) = line.find("rm ") {
                let span = Span::new(line_num + 1, col + 1, line_num + 1, col + 3);

                let fix = Fix::new_with_assumptions(
                    "rm -f",
                    vec!["Missing file is not an error condition".to_string()],
                );

                let diag = Diagnostic::new(
                    "IDEM002",
                    Severity::Warning,
                    "Non-idempotent rm - add -f flag (SAFE-WITH-ASSUMPTIONS)",
                    span,
                )
                .with_fix(fix);

                result.add(diag);
            }
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_IDEM002_detects_rm_without_f() {
        let script = "rm /app/current";
        let result = check(script);

        assert_eq!(result.diagnostics.len(), 1);
        let diag = &result.diagnostics[0];
        assert_eq!(diag.code, "IDEM002");
        assert_eq!(diag.severity, Severity::Warning);
    }

    #[test]
    fn test_IDEM002_no_warning_with_f_flag() {
        let script = "rm -f /app/current";
        let result = check(script);

        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_IDEM002_no_warning_with_rf() {
        let script = "rm -rf /app/releases";
        let result = check(script);

        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_IDEM002_provides_fix() {
        let script = "rm /tmp/foo";
        let result = check(script);

        assert!(result.diagnostics[0].fix.is_some());
        let fix = result.diagnostics[0].fix.as_ref().unwrap();
        assert_eq!(fix.replacement, "rm -f");
    }
}