tree: run shellharden on bash files #328
Conversation
Running shell harden on bash files makes them more secure and less buggy as vulnerabilities to malicious glob expansion and the like are reduced. GHA CI check for PRs incoming... Signed-off-by: Ethan Carter Edwards <[email protected]>
|
@Theoreticallyhugo I would appreciate it you would look over this/test it to see if there is anything I overlooked |
|
will do in the next two-three days! |
| @@ -130,13 +130,13 @@ main() { | |||
| true) | |||
| flags="#{?window_flags,#[fg=${dark_purple}]#{window_flags},}" | |||
| current_flags="#{?window_flags,#[fg=${light_purple}]#{window_flags},}" | |||
| esac | |||
| ;; esac | |||
There was a problem hiding this comment.
i find it somewhat confusing that the ;; is at the beginning of this and not the end of the previous line, but thats nitpicking on my part. no need to change it if you dont wanna
|
the ssh-session plugin broke, and i havent yet found out why. |
| ssh_user=$(whoami) | ||
| fi | ||
|
|
||
| echo $ssh_user | ||
| echo "$ssh_user" | ||
| } | ||
|
|
||
| get_remote_info() { | ||
| local command=$1 |
There was a problem hiding this comment.
this variable appears to be unused?
| fi | ||
| } | ||
|
|
||
| ssh_connected() { | ||
| # Get current pane command | ||
| local cmd=$(tmux display-message -p "#{pane_current_command}") | ||
|
|
||
| [ $cmd = "ssh" ] || [ $cmd = "sshpass" ] | ||
| [ "$cmd" = "ssh" ] || [ "$cmd" = "sshpass" ] |
There was a problem hiding this comment.
for some reason the entire script only works if this line is replaced by the following:
if [ "$cmd" = "ssh" ] || [ "$cmd" = "sshpass" ]; then
echo true
else
echo false
fii dont really get why.
tested on macos sequoia 15.2. (tested it thoroughly, rebooted my mac and tested again)
There was a problem hiding this comment.
(will probably test on linux sometime later today or tomorrow)
| @@ -43,7 +43,7 @@ main() | |||
| getFullMessage | |||
| fi | |||
|
|
|||
| sleep $RATE | |||
| sleep "$RATE" | |||
| } | |||
|
|
|||
| getFullMessage() | |||
There was a problem hiding this comment.
in the following lines ! -z is used, and since shellharden replaces all -n and -z, we might want to replace these too.
| output=$(echo "$branch") | ||
| else | ||
| output=$(echo "$diff_symbol $branch") | ||
| fi | ||
| fi | ||
|
|
||
| else | ||
| if [ $(checkEmptySymbol $current_symbol) == "true" ]; then | ||
| if [ "$(checkEmptySymbol "$current_symbol")" == "true" ]; then | ||
| output=$(echo "$branch") | ||
| else | ||
| output=$(echo "$current_symbol $branch") |
There was a problem hiding this comment.
this is a reduntant echo isnt it? (and many others in this file)
| output=$(echo "${changes} $branch") | ||
| else | ||
| output=$(echo "$diff_symbol ${changes} $branch") | ||
| fi | ||
| else | ||
| if [ $(checkEmptySymbol $diff_symbol) == "true" ]; then | ||
| if [ "$(checkEmptySymbol "$diff_symbol")" == "true" ]; then | ||
| output=$(echo "$branch") |
There was a problem hiding this comment.
there seem to be more reduntant echos in this file.
| @@ -18,18 +18,18 @@ getChanges() | |||
| declare -i updated=0; | |||
| declare -i deleted=0; | |||
|
|
|||
| for i in $(git -C $path --no-optional-locks status -s) | |||
| for i in "$(git -C "$path" --no-optional-locks status -s)" | |||
There was a problem hiding this comment.
these double quotes seem to break the program
| } | ||
|
|
||
|
|
||
| # getting the #{pane_current_path} from dracula.sh is no longer possible | ||
| getPaneDir() | ||
| { | ||
| nextone="false" | ||
| for i in $(tmux list-panes -F "#{pane_active} #{pane_current_path}"); | ||
| for i in "$(tmux list-panes -F "#{pane_active} #{pane_current_path}")"; |
There was a problem hiding this comment.
these double quotes seem to break the program
| } | ||
|
|
||
|
|
||
| # getting the #{pane_current_path} from dracula.sh is no longer possible | ||
| getPaneDir() | ||
| { | ||
| nextone="false" | ||
| for i in $(tmux list-panes -F "#{pane_active} #{pane_current_path}"); | ||
| for i in "$(tmux list-panes -F "#{pane_active} #{pane_current_path}")"; |
There was a problem hiding this comment.
i cant test fossil, but this seems to be the same issue as with git
| @@ -18,18 +18,18 @@ getChanges() | |||
| declare -i updated=0; | |||
| declare -i deleted=0; | |||
|
|
|||
| for i in $(cd $path; fossil changes --differ|cut -f1 -d' ') | |||
| for i in "$(cd "$path"; fossil changes --differ|cut -f1 -d' ')" | |||
There was a problem hiding this comment.
i cant test fossil, but this seems to be the same issue as with git
| @@ -7,7 +7,7 @@ source "$current_dir/utils.sh" | |||
| getPaneDir() { | |||
| nextone="false" | |||
| ret="" | |||
| for i in $(tmux list-panes -F "#{pane_active} #{pane_current_path}"); do | |||
| for i in "$(tmux list-panes -F "#{pane_active} #{pane_current_path}")"; do | |||
There was a problem hiding this comment.
this seems to break the scripts functionality
|
@Theoreticallyhugo i think it would just be best if I close this PR. I was a bit naive to do this, lol. |
|
yeah no makes sense 😅 |
|
Thanks for all your work on testing it. I should have been more diligent. |
Running shellharden on bash files makes them more secure and less buggy as vulnerabilities to malicious glob expansion and the like are reduced.
GHA CI check for PRs incoming... eventually...