bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

// SC1109: Unquoted HTML entity found in script.
//
// HTML entities like &, <, >, " suggest the script was copied
// from a web page where the source was HTML-encoded. These entities are not
// valid shell syntax and will cause errors or unexpected behavior.
//
// Examples:
// Bad:
//   if [ "$a" -eq 1 ] && [ "$b" -eq 2 ]; then
//   test "$x" < "$y"
//   echo "hello"
//
// Good:
//   if [ "$a" -eq 1 ] && [ "$b" -eq 2 ]; then
//   test "$x" < "$y"
//   echo "hello"
//
// Fix: Replace HTML entities with the corresponding characters

use crate::linter::{Diagnostic, LintResult, Severity, Span};

/// HTML entities that should not appear in shell scripts
const HTML_ENTITIES: [&str; 4] = ["&amp;", "&lt;", "&gt;", "&quot;"];

pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    for (line_num, line) in source.lines().enumerate() {
        let line_num = line_num + 1;

        // Skip comment lines
        if line.trim_start().starts_with('#') {
            continue;
        }

        if HTML_ENTITIES.iter().any(|entity| line.contains(entity)) {
            let diagnostic = Diagnostic::new(
                "SC1109",
                Severity::Error,
                "This is an unquoted HTML entity. Replace with the corresponding character",
                Span::new(line_num, 1, line_num, line.len() + 1),
            );
            result.add(diagnostic);
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sc1109_detects_amp() {
        let script = "test -f file &amp;&amp; echo ok";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 1);
        assert_eq!(result.diagnostics[0].code, "SC1109");
        assert_eq!(result.diagnostics[0].severity, Severity::Error);
        assert!(result.diagnostics[0].message.contains("HTML entity"));
    }

    #[test]
    fn test_sc1109_detects_lt() {
        let script = "if [ \"$a\" &lt; \"$b\" ]; then echo less; fi";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc1109_detects_gt() {
        let script = "if [ \"$a\" &gt; \"$b\" ]; then echo more; fi";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc1109_detects_quot() {
        let script = "echo &quot;hello&quot;";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc1109_no_html_entities() {
        let script =
            "#!/bin/sh\ntest -f file && echo ok\nif [ \"$a\" -lt \"$b\" ]; then echo less; fi";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc1109_skips_comments() {
        let script = "# This &amp; that in a comment";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc1109_ampersand_alone_ok() {
        // Plain & is fine -- it's a shell background operator
        let script = "cmd &\ncmd1 && cmd2";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc1109_empty_source() {
        let result = check("");
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc1109_multiple_entities_one_line() {
        // Only one diagnostic per line
        let script = "echo &quot;hello&quot; &amp;&amp; echo &lt;ok&gt;";
        let result = check(script);
        assert_eq!(result.diagnostics.len(), 1);
    }
}