bashrs 6.66.0

Rust-to-Shell transpiler for deterministic bootstrap scripts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

// SC2150: -exec is non-portable. Consider using -execdir or find -print0 | xargs -0.
//
// The -exec action in find works but has performance issues with many files
// and can be non-portable. Better alternatives exist.
//
// Examples:
// Bad:
//   find . -name "*.txt" -exec rm {} \;     // Spawns rm for each file
//   find . -type f -exec chmod 644 {} \;    // Inefficient
//
// Good:
//   find . -name "*.txt" -delete            // Built-in delete
//   find . -name "*.txt" -exec rm {} +      // Batch mode
//   find . -name "*.txt" -print0 | xargs -0 rm   // xargs for efficiency
//   find . -type f -execdir chmod 644 {} +  // Execute in directory
//
// Impact: Performance - -exec \; spawns process per file

use crate::linter::{Diagnostic, LintResult, Severity, Span};
use regex::Regex;

static FIND_EXEC_SEMICOLON: std::sync::LazyLock<Regex> = std::sync::LazyLock::new(|| {
    // Match: find ... -exec command {} \;
    // The \; indicates one process per file (inefficient)
    // Match literal backslash-semicolon: \\;
    Regex::new(r"\bfind\b.*-exec\s+.*\{\}\s*\\;").unwrap()
});

pub fn check(source: &str) -> LintResult {
    let mut result = LintResult::new();

    for (line_num, line) in source.lines().enumerate() {
        let line_num = line_num + 1;

        if line.trim_start().starts_with('#') {
            continue;
        }

        // Check for find -exec with \; (one process per file)
        for mat in FIND_EXEC_SEMICOLON.find_iter(line) {
            let start_col = mat.start() + 1;
            let end_col = mat.end() + 1;

            let diagnostic = Diagnostic::new(
                "SC2150",
                Severity::Info,
                r"-exec with \; is inefficient. Use + for batch mode or -print0 | xargs -0"
                    .to_string(),
                Span::new(line_num, start_col, line_num, end_col),
            );

            result.add(diagnostic);
        }
    }

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sc2150_find_exec_semicolon() {
        let code = r#"find . -name "*.txt" -exec rm {} \;"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
        assert!(result.diagnostics[0].message.contains("inefficient"));
    }

    #[test]
    fn test_sc2150_find_exec_chmod() {
        let code = r#"find . -type f -exec chmod 644 {} \;"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2150_find_exec_plus_ok() {
        let code = r#"find . -name "*.txt" -exec rm {} +"#;
        let result = check(code);
        // Using + for batch mode is OK
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2150_find_delete_ok() {
        let code = r#"find . -name "*.txt" -delete"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2150_find_xargs_ok() {
        let code = r#"find . -name "*.txt" -print0 | xargs -0 rm"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2150_find_execdir_ok() {
        let code = r#"find . -type f -execdir chmod 644 {} +"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2150_comment_ok() {
        let code = r#"# find . -name "*.txt" -exec rm {} \;"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 0);
    }

    #[test]
    fn test_sc2150_multiple() {
        let code = r#"
find . -name "*.log" -exec rm {} \;
find /tmp -type f -exec chmod 644 {} \;
"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 2);
    }

    #[test]
    fn test_sc2150_exec_with_command() {
        let code = r#"find . -name "*.txt" -exec grep "pattern" {} \;"#;
        let result = check(code);
        assert_eq!(result.diagnostics.len(), 1);
    }

    #[test]
    fn test_sc2150_without_find_ok() {
        let code = r#"exec rm file.txt"#;
        let result = check(code);
        // Not a find command
        assert_eq!(result.diagnostics.len(), 0);
    }
}