Description
.github/tool_checkmake.sh (6)
66-70: Consider improving PATH modification robustness.While the PATH modification is necessary, consider these improvements:
- Add a check to ensure the directory exists and contains the checkmake executable
- Use a local variable for path validation before modifying PATH
if [[ -d "./checkmake" ]] && [[ ":$PATH:" != *":./checkmake:"* ]] ; then + if [[ -x "./checkmake/checkmake" ]]; then PATH="${PATH:+"$PATH:"}./checkmake" ; export PATH ; + else + printf "%s\n" "::warning file=${SCRIPT_NAME},title=PATH::Local checkmake found but not executable." >&2 + fi fi🧰 Tools
🪛 Shellcheck
[warning] 68-68: PATH is the shell search path. Use another name.
(SC2123)
72-86: Enhance error handling in check_command function.The function is well-documented and follows CEP-7 standards. Consider these improvements:
- Add validation for empty or whitespace-only command names
- Handle potential errors from command substitution
function check_command() { - test -z "$1" && { printf "%s\n" "::warning file=${SCRIPT_NAME},title=BUG::Command name is required to check for existence." >&2 ; exit 64 ; } ; + if [[ -z "${1// }" ]]; then + printf "%s\n" "::error file=${SCRIPT_NAME},title=BUG::Command name is required and cannot be empty or whitespace." >&2 + exit 64 + fi local cmd="$1" ; - test -x "$(command -v ${cmd})" || { printf "%s\n" "::error file=${SCRIPT_NAME},title=MISSING::Required command '${cmd}' is not found." >&2 ; exit 126 ; } ; + local cmd_path + if ! cmd_path=$(command -v ${cmd} 2>/dev/null); then + printf "%s\n" "::error file=${SCRIPT_NAME},title=MISSING::Required command '${cmd}' is not found." >&2 + exit 126 + fi + if [[ ! -x "${cmd_path}" ]]; then + printf "%s\n" "::error file=${SCRIPT_NAME},title=PERMISSION::Found '${cmd}' at '${cmd_path}' but it is not executable." >&2 + exit 126 + fi }
88-94: Consider using an array for required commands.To improve maintainability and reduce repetition, consider using an array for required commands.
-check_command sed ; -check_command grep ; -check_command cut ; -check_command go ; -check_command checkmake ; +readonly REQUIRED_COMMANDS=( + sed + grep + cut + go + checkmake +) + +for cmd in "${REQUIRED_COMMANDS[@]}"; do + check_command "${cmd}" +done
107-112: Consider enhancing parameter validation.While the basic validation is correct, consider adding:
- Maximum argument check
- File path validation for potential security issues
-if [[ ( "$#" -lt 1 ) ]]; then +if [[ "$#" -lt 1 ]] || [[ "$#" -gt 1 ]]; then usage fi + +# Validate file path (no path traversal) +if [[ "${1}" == *".."* ]]; then + printf "%s\n" "::error file=${SCRIPT_NAME},title=SECURITY::Path traversal detected in argument." >&2 + exit 1 +fi readonly FILE="${1}" readonly EMSG="Checkmake linter complained."
114-118: Consider additional file checks.While the existence check is good, consider adding:
- Read permission check
- File type validation (ensure it's a regular file)
-if [[ ! ( -f "${FILE}" ) ]]; then +if [[ ! -f "${FILE}" ]] || [[ ! -r "${FILE}" ]]; then printf "%s\n" "::error file=${FILE},title=MISSING::File '${FILE}' not found." >&2 exit 64 fi + +if [[ -L "${FILE}" ]]; then + printf "%s\n" "::warning file=${FILE},title=SYMLINK::File is a symbolic link." >&2 +fi
143-143: Add error handling for the main execution.Consider capturing and handling the return value from process_checkmake_output.
-process_checkmake_output "${FILE}" "${EMSG}" +if ! process_checkmake_output "${FILE}" "${EMSG}"; then + exit 1 +fi
🪛 Shellcheck
.github/tool_checkmake.sh
[warning] 68-68: PATH is the shell search path. Use another name.
(SC2123)
.github/tool_checkmake.sh (2)
1-61: LGTM! Well-structured header with comprehensive disclaimer.
The script begins with a proper shebang line and includes a thorough disclaimer covering warranties and liability limitations.
96-105: LGTM! Well-documented usage function.
The function is well-documented following CEP-7 standards and has a clear, concise implementation.
Originally posted by @coderabbitai[bot] in #184 (review)
also:
.github/tool_checkmake.sh (4)
1-61: Add a brief summary comment before the disclaimer.While the disclaimer is comprehensive, adding a brief summary comment at the top would help readers quickly understand the script's purpose.
Add this comment after the shebang line:
#! /bin/bash +# Tool to lint Makefiles using checkmake. +# Validates Makefile syntax and enforces best practices. + # Disclaimer of Warranties.
80-84: Enhance error message for missing command argument.The warning message for missing command argument could be more descriptive.
Consider this improvement:
- test -z "$1" && { printf "%s\n" "::warning file=${SCRIPT_NAME},title=BUG::Command name is required to check for existence." >&2 ; exit 64 ; } ; + test -z "$1" && { printf "%s\n" "::error file=${SCRIPT_NAME},title=INVALID_USAGE::check_command requires a command name argument." >&2 ; exit 64 ; } ;
125-129: Consider adding Makefile validation.The code checks if the file exists but doesn't verify if it's actually a Makefile.
Consider adding this validation:
if [[ ! ( -f "${FILE}" ) ]]; then printf "%s\n" "::error file=${FILE},title=MISSING::File '${FILE}' not found." >&2 exit 64 +elif [[ ! "${FILE}" =~ Makefile|\.mk$ ]]; then + printf "%s\n" "::error file=${FILE},title=INVALID::File '${FILE}' doesn't appear to be a Makefile." >&2 + exit 65 fi
131-132: Add CEP-7 compliant documentation for process_checkmake_output function.The function lacks proper documentation.
Add this documentation:
+# process_checkmake_output processes the output of checkmake for a given file. +# +# Args: +# $1: The file to check +# $2: The error message to display +# +# Returns: +# 0 if no lint errors found +# 1 if lint errors found or checkmake failed process_checkmake_output() {
Metadata
Metadata
Assignees
Type
Projects
Status