Google Git
Sign in
gerrit/plugins/task/9c9614f4c37deb62a875474f6380fca6eb933948^!/.
commit
9c9614f4c37deb62a875474f6380fca6eb933948
[log]
author
Nasser Grainawi <nasser.grainawi@linaro.org>
Mon Feb 26 11:06:00 2024 -0800
committer
Nasser Grainawi <nasser.grainawi@linaro.org>
Mon Feb 26 11:25:11 2024 -0800
tree
d8ca468ea1a372289e205d245406186ee5b17c33
parent
7e271fb67be347ba4a19ed3ecf0a88fbcab07437 [diff]
Harden shell commands

Use '--' to separate options and args.

Change-Id: Id27566f8baff949382f4954bb34914270e01acc8

diff --git a/test/check_task_statuses.sh b/test/check_task_statuses.sh
index 61c1acf..dfb0e52 100755
--- a/test/check_task_statuses.sh
+++ b/test/check_task_statuses.sh

@@ -38,7 +38,7 @@
             q_setup setup_repo "$project_dir" "$REMOTE_USERS" "$ref"
         fi
 
-        mkdir -p "$(dirname "$project_dir/$file")"
+        mkdir -p -- "$(dirname -- "$project_dir/$file")"
         md_marker_content "$DOC_STATES" "$marker" | replace_user \
             | testdoc_2_cfg > "$project_dir/$file"
 
@@ -151,7 +151,7 @@
 GROUP_EXPANDED_BY_PLACEHOLDER["{sharded_non_secret_group_uuid_without_space}"]="$(get_sharded_group_uuid "$GROUP_NAME_WITHOUT_SPACE")"
 GROUP_EXPANDED_BY_PLACEHOLDER["{sharded_non_secret_group_uuid_with_space}"]="$(get_sharded_group_uuid "$GROUP_NAME_WITH_SPACE")"
 
-mkdir -p "$OUT" "$ALL_TASKS" "$USER_TASKS"
+mkdir -p -- "$OUT" "$ALL_TASKS" "$USER_TASKS"
 
 q_setup setup_repo "$ALL" "$REMOTE_ALL" "$REF_ALL"
 q_setup setup_repo "$USERS" "$REMOTE_USERS" "$REF_USERS" --initial-commit

diff --git a/test/check_task_visibility.sh b/test/check_task_visibility.sh
index 1dabec4..5e08811 100755
--- a/test/check_task_visibility.sh
+++ b/test/check_task_visibility.sh

@@ -93,7 +93,7 @@
 }
 
 get_remote() { # project > remote_url
-    echo "ssh://$SERVER:$PORT/$(basename "$1")"
+    echo "ssh://$SERVER:$PORT/$(basename -- "$1")"
 }
 
 # Gets json from the preview doc and creates
@@ -129,7 +129,7 @@
         local tip_content
 
         q_setup setup_repo "$project" "$(get_remote "$project")" "$ref"
-        mkdir -p "$(dirname "$project/$file")"
+        mkdir -p "$(dirname -- "$project/$file")"
 
         if diff_indicators_present "$content" ; then
             CHANGE_FILE_MARKER=$marker

diff --git a/test/docker/run.sh b/test/docker/run.sh
index 5f9b412..2e27b25 100755
--- a/test/docker/run.sh
+++ b/test/docker/run.sh

@@ -114,13 +114,13 @@
 COMPOSE_ARGS=(--project-name "$PROJECT_NAME" -f "$COMPOSE_YAML")
 check_prerequisite
 mkdir -p -- "$ARTIFACTS"
-[ -n "$TASK_PLUGIN_JAR" ] && cp -f "$TASK_PLUGIN_JAR" "$ARTIFACTS/task.jar"
+[ -n "$TASK_PLUGIN_JAR" ] && cp -f -- "$TASK_PLUGIN_JAR" "$ARTIFACTS/task.jar"
 if [ ! -e "$ARTIFACTS/task.jar" ] ; then
     MISSING="Missing $ARTIFACTS/task.jar"
     [ -n "$TASK_PLUGIN_JAR" ] && die "$MISSING, check for copy failure?"
     usage "$MISSING, did you forget --task-plugin-jar?"
 fi
-[ -n "$GERRIT_WAR" ] && cp -f "$GERRIT_WAR" "$ARTIFACTS/gerrit.war"
+[ -n "$GERRIT_WAR" ] && cp -f -- "$GERRIT_WAR" "$ARTIFACTS/gerrit.war"
 ( trap cleanup EXIT SIGTERM
     progress "Building docker images" build_images
     run_task_plugin_tests

diff --git a/test/docker/run_tests/create-test-project-and-changes.sh b/test/docker/run_tests/create-test-project-and-changes.sh
index fbf3ba7..6e5621b 100755
--- a/test/docker/run_tests/create-test-project-and-changes.sh
+++ b/test/docker/run_tests/create-test-project-and-changes.sh

@@ -14,7 +14,7 @@
 
 install_changeid_hook() {
     local hook=$(git rev-parse --git-dir)/hooks/commit-msg
-    mkdir -p "$(dirname "$hook")"
+    mkdir -p "$(dirname -- "$hook")"
     curl -Lo "$hook" "http://$GERRIT_HOST:$HTTP_PORT/tools/hooks/commit-msg"
     chmod +x "$hook"
 }

diff --git a/test/lib/lib_helper.sh b/test/lib/lib_helper.sh
index 5c834d4..94157ad 100644
--- a/test/lib/lib_helper.sh
+++ b/test/lib/lib_helper.sh

@@ -31,7 +31,7 @@
     local name=$1 expected=$2 actual=$3
 
     [ "$expected" = "$actual" ]
-    result "$name" "$(diff <(echo "$expected") <(echo "$actual"))"
+    result "$name" "$(diff -- <(echo "$expected") <(echo "$actual"))"
 }
 
 result_root() { # group root
@@ -274,16 +274,16 @@
 
 install_changeid_hook() {
     local hook=$(git rev-parse --git-dir)/hooks/commit-msg
-    mkdir -p "$(dirname "$hook")"
+    mkdir -p -- "$(dirname -- "$hook")"
     curl -Lo "$hook" "http://$SERVER:$HTTP_PORT/tools/hooks/commit-msg"
     chmod +x "$hook"
 }
 
 setup_repo() { # repo remote ref [--initial-commit]
     local repo=$1 remote=$2 ref=$3 init=$4
-    git init "$repo"
+    git init -- "$repo"
     (
-        cd "$repo"
+        cd -- "$repo"
         install_changeid_hook
         git fetch "$remote" "$ref"
         if ! git checkout FETCH_HEAD ; then
@@ -297,7 +297,7 @@
 update_repo() { # repo remote ref
     local repo=$1 remote=$2 ref=$3
     (
-        cd "$repo"
+        cd -- "$repo"
         git add .
         git commit -m 'Testing task plugin'
         git push "$remote" HEAD:"$ref"
@@ -307,7 +307,7 @@
 create_repo_change() { # repo remote ref [change_id] > change_num
     local repo=$1 remote=$2 ref=$3 change_id=$4 msg="Test change"
     (
-        q cd "$repo"
+        q cd -- "$repo"
         uuidgen > file
         q git add .
         [ -n "$change_id" ] && msg=$(commit_message "$msg" "$change_id")
@@ -335,7 +335,7 @@
     echo "$ROOTS" | while read root ; do
         result_root "$name" "$root"
     done
-    out=$(diff "$expected_file" <(echo "$actual") | head -15)
+    out=$(diff -- "$expected_file" <(echo "$actual") | head -15)
     [ -z "$out" ]
     result "$name - Full Test Suite" "$out"
 }