I tried using Debian CodeSearch to look for
other possible wrong cases like those and here is for instance a list
of candidates to check: https://codesearch.debian.net/search?q=%5B12%5D%26%3E%5B12%5D&literal=0
Are there tools to check shell scripts that could be used to detect/prevent/notify on this?
So what do I do next? Check each case and for each true one, fill a bug?
On Tue, 28 Feb 2023 15:51:20 +0100, Patrice wrote:
I tried using Debian CodeSearch to look for
other possible wrong cases like those and here is for instance a list
of candidates to check: https://codesearch.debian.net/search?q=%5B12%5D%26%3E%5B12%5D&literal=0
Nice thinking, and good finds.
Are there tools to check shell scripts that could be used to detect/prevent/notify on this?
Does shellcheck[1] (available in Debian) help to confirm some/all of them?
So what do I do next? Check each case and for each true one, fill a bug?
Where possible I'd recommend going upstream first for most of these --
except in cases where you find that functionality is significantly
broken in Debian packages because of them (let me know if you'd like
me to explain some of the reasons I think that).
[1] - https://packages.debian.org/bookworm/shellcheck
Regarding the upstream cases, at least I started with two of them:
1. https://lkml.org/lkml/2023/3/1/396
Great, I will give a look at shellcheck.
On Wed, 1 Mar 2023 at 15:53, Patrice Duroux <patrice.duroux@gmail.com> wrote:
Great, I will give a look at shellcheck.
Thanks - if it can also detect these problems, then -- after waiting a
little while for any suggestions and confirmation from
debian-lint-maint (cc'd) -- it might be worth filing a bug against
lintian to request a shellscript style-checking rule (idea: solve
once, and then attempt to introduce automated checks to highlight
future occurrences).
So I should have split this work into two patches and then sent one to linux-perf-user and the other one to linux-kselftest.
Would it be possible to send an email to these (sub)lists with just a
ref to my first post then or do I really have to split the patch etc.?
Hi,
Following the recent case of #1032122 (chkrootkit: bad redirection
creating file '1'?) and previously #1030120 (ipmiutil: cron script is creating file /root/1), I tried using Debian CodeSearch to look for
other possible wrong cases like those and here is for instance a list
of candidates to check: https://codesearch.debian.net/search?q=%5B12%5D%26%3E%5B12%5D&literal=0 (including surprising cases related to linux_6.1.12)
So what do I do next? Check each case and for each true one, fill a bug?
Are there tools to check shell scripts that could be used to detect/prevent/notify on this?
But moreover using the CodeSearch form, it is not easy using the literal search.
For instance 2&>1 gives some result whereas &>1 does not. Is there a
bug or does such a query go beyond some limit?
Regards,
Patrice
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 307 |
Nodes: | 16 (2 / 14) |
Uptime: | 108:45:25 |
Calls: | 6,852 |
Calls today: | 3 |
Files: | 12,355 |
Messages: | 5,416,064 |