bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

// SC2106: Consider using pgrep instead of grepping ps output
//
// Using ps | grep to find processes is fragile and can match grep itself.
// Use pgrep which is designed for this purpose.
//
// Examples:
// Bad:
//   ps aux | grep process_name  // Fragile, matches grep
//   ps -ef | grep "[p]rocess"   // Hacky workaround
//
// Good:
//   pgrep process_name           // Designed for this
//   pgrep -f process_name        // Match full command line
//
// Impact: Fragile process detection, false matches

use crate::linter::{Diagnostic, LintResult, Severity, Span};
use regex::Regex;

static PS_GREP_PATTERN: std::sync::LazyLock<Regex> = std::sync::LazyLock::new(|| {
    // Match: ps ... | grep
    Regex::new(r"\bps\s+[^|]*\|\s*grep\b").unwrap()
});

pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    for (line_num, line) in source.lines().enumerate() {
        let line_num = line_num + 1;

        if line.trim_start().starts_with('#') {
            continue;
        }

        for mat in PS_GREP_PATTERN.find_iter(line) {
            let start_col = mat.start() + 1;
            let end_col = mat.end() + 1;

            let diagnostic = Diagnostic::new(
                "SC2106",
                Severity::Info,
                "Consider using pgrep instead of grepping ps output".to_string(),
                Span::new(line_num, start_col, line_num, end_col),
            );

            result.add(diagnostic);
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sc2106_ps_grep() {
        let code = "ps aux | grep process_name";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2106_ps_ef_grep() {
        let code = "ps -ef | grep myapp";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2106_pgrep_ok() {
        let code = "pgrep process_name";
        let result = check(code);
        // pgrep is correct
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2106_pgrep_full_ok() {
        let code = "pgrep -f process_name";
        let result = check(code);
        // pgrep with flags
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2106_comment_ok() {
        let code = "# ps aux | grep process_name";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2106_grep_bracket_trick() {
        let code = "ps aux | grep [p]rocess";
        let result = check(code);
        // Still should use pgrep
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2106_ps_with_flags() {
        let code = "ps -aux | grep nginx";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2106_multiple_pipes() {
        let code = "ps aux | grep nginx | awk '{print $2}'";
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2106_grep_not_ps() {
        let code = "ls | grep pattern";
        let result = check(code);
        // Not ps, just normal grep
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2106_pkill_ok() {
        let code = "pkill process_name";
        let result = check(code);
        // pkill is also correct
        assert_eq!(result.diagnostics.len(), 0);
    }
}