Newly introduced findings

List of Findings

Error: SHELLCHECK_WARNING (CWE-563): [#def1]
/usr/share/tomcat/bin/catalina.sh:121:10: warning[SC2034]: darwin appears unused. Verify use (or export if used externally).
#  119|   case "`uname`" in
#  120|   CYGWIN*) cygwin=true;;
#  121|-> Darwin*) darwin=true;;
#  122|   OS400*) os400=true;;
#  123|   HP-UX*) hpux=true;;

Error: SHELLCHECK_WARNING (CWE-252): [#def2]
/usr/share/tomcat/bin/catalina.sh:143:43: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#  141|   
#  142|   # Only set CATALINA_HOME if not already set
#  143|-> [ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd`
#  144|   
#  145|   # Copy CATALINA_BASE from CATALINA_HOME if not already set

Error: SHELLCHECK_WARNING: [#def3]
/usr/share/tomcat/bin/catalina.sh:363:48: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  361|           -Dcatalina.home="$CATALINA_HOME" \
#  362|           -Djava.io.tmpdir="$CATALINA_TMPDIR" \
#  363|->         org.apache.catalina.startup.Bootstrap "$@" start
#  364|       else
#  365|         eval exec "\"$_RUNJDB\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER "$JAVA_OPTS" "$CATALINA_OPTS" \

Error: SHELLCHECK_WARNING: [#def4]
/usr/share/tomcat/bin/catalina.sh:371:48: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  369|           -Dcatalina.home="$CATALINA_HOME" \
#  370|           -Djava.io.tmpdir="$CATALINA_TMPDIR" \
#  371|->         org.apache.catalina.startup.Bootstrap "$@" start
#  372|       fi
#  373|     fi

Error: SHELLCHECK_WARNING: [#def5]
/usr/share/tomcat/bin/catalina.sh:390:46: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  388|         -Dcatalina.home="\"$CATALINA_HOME\"" \
#  389|         -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
#  390|->       org.apache.catalina.startup.Bootstrap "$@" start
#  391|     else
#  392|       eval exec "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER "$JAVA_OPTS" "$CATALINA_OPTS" \

Error: SHELLCHECK_WARNING: [#def6]
/usr/share/tomcat/bin/catalina.sh:397:46: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  395|         -Dcatalina.home="\"$CATALINA_HOME\"" \
#  396|         -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
#  397|->       org.apache.catalina.startup.Bootstrap "$@" start
#  398|     fi
#  399|   

Error: SHELLCHECK_WARNING: [#def7]
/usr/share/tomcat/bin/catalina.sh:469:46: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  467|         -Dcatalina.home="\"$CATALINA_HOME\"" \
#  468|         -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
#  469|->       org.apache.catalina.startup.Bootstrap "$@" start \
#  470|         >> "$CATALINA_OUT" 2>&1 "&"
#  471|   

Error: SHELLCHECK_WARNING: [#def8]
/usr/share/tomcat/bin/catalina.sh:478:46: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  476|         -Dcatalina.home="\"$CATALINA_HOME\"" \
#  477|         -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
#  478|->       org.apache.catalina.startup.Bootstrap "$@" start \
#  479|         >> "$CATALINA_OUT" 2>&1 "&"
#  480|   

Error: SHELLCHECK_WARNING (CWE-156): [#def9]
/usr/share/tomcat/bin/catalina.sh:511:17: warning[SC2046]: Quote this to prevent word splitting.
#  509|       if [ -f "$CATALINA_PID" ]; then
#  510|         if [ -s "$CATALINA_PID" ]; then
#  511|->         kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1
#  512|           if [ $? -gt 0 ]; then
#  513|             echo "PID file found but either no matching process was found or the current user does not have permission to stop the process. Stop aborted."

Error: SHELLCHECK_WARNING: [#def10]
/usr/share/tomcat/bin/catalina.sh:530:44: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  528|       -Dcatalina.home="\"$CATALINA_HOME\"" \
#  529|       -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
#  530|->     org.apache.catalina.startup.Bootstrap "$@" stop
#  531|   
#  532|     # stop failed. Shutdown port disabled? Try a normal kill.

Error: SHELLCHECK_WARNING (CWE-156): [#def11]
/usr/share/tomcat/bin/catalina.sh:536:16: warning[SC2046]: Quote this to prevent word splitting.
#  534|       if [ ! -z "$CATALINA_PID" ]; then
#  535|         echo "The stop command failed. Attempting to signal the process to stop through OS signal."
#  536|->       kill -15 `cat "$CATALINA_PID"` >/dev/null 2>&1
#  537|       fi
#  538|     fi

Error: SHELLCHECK_WARNING (CWE-156): [#def12]
/usr/share/tomcat/bin/catalina.sh:543:17: warning[SC2046]: Quote this to prevent word splitting.
#  541|       if [ -f "$CATALINA_PID" ]; then
#  542|         while [ $SLEEP -ge 0 ]; do
#  543|->         kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1
#  544|           if [ $? -gt 0 ]; then
#  545|             rm -f "$CATALINA_PID" >/dev/null 2>&1

Error: SHELLCHECK_WARNING (CWE-156): [#def13]
/usr/share/tomcat/bin/catalina.sh:567:19: warning[SC2046]: Quote this to prevent word splitting.
#  565|             fi
#  566|             echo "To aid diagnostics a thread dump has been written to standard out."
#  567|->           kill -3 `cat "$CATALINA_PID"`
#  568|           fi
#  569|           SLEEP=`expr $SLEEP - 1 `

Error: SHELLCHECK_WARNING (CWE-156): [#def14]
/usr/share/tomcat/bin/catalina.sh:584:21: warning[SC2046]: Quote this to prevent word splitting.
#  582|           kill -9 $PID
#  583|           while [ $KILL_SLEEP_INTERVAL -ge 0 ]; do
#  584|->             kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1
#  585|               if [ $? -gt 0 ]; then
#  586|                   rm -f "$CATALINA_PID" >/dev/null 2>&1

Error: SHELLCHECK_WARNING (CWE-252): [#def15]
/usr/share/tomcat/bin/makebase.sh:45:43: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   43|   
#   44|   # Only set CATALINA_HOME if not already set
#   45|-> [ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd`
#   46|   
#   47|   # first arg is the target directory

Error: SHELLCHECK_WARNING (CWE-457): [#def16]
/usr/share/tomcat/bin/setclasspath.sh:25:6: warning[SC2154]: darwin is referenced but not assigned.
#   23|   # Make sure prerequisite environment variables are set
#   24|   if [ -z "$JAVA_HOME" ] && [ -z "$JRE_HOME" ]; then
#   25|->   if $darwin; then
#   26|       # Bugzilla 54390
#   27|       if [ -x '/usr/libexec/java_home' ] ; then

Error: SHELLCHECK_WARNING (CWE-571): [#def17]
/usr/share/tomcat/bin/setclasspath.sh:28:14: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   26|       # Bugzilla 54390
#   27|       if [ -x '/usr/libexec/java_home' ] ; then
#   28|->       export JAVA_HOME=`/usr/libexec/java_home`
#   29|       # Bugzilla 37284 (reviewed).
#   30|       elif [ -d "/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home" ]; then

Error: SHELLCHECK_WARNING (CWE-156): [#def18]
/usr/share/tomcat/bin/setclasspath.sh:28:24: warning[SC2046]: Quote this to prevent word splitting.
#   26|       # Bugzilla 54390
#   27|       if [ -x '/usr/libexec/java_home' ] ; then
#   28|->       export JAVA_HOME=`/usr/libexec/java_home`
#   29|       # Bugzilla 37284 (reviewed).
#   30|       elif [ -d "/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home" ]; then

Error: SHELLCHECK_WARNING (CWE-457): [#def19]
/usr/share/tomcat/bin/setclasspath.sh:59:9: warning[SC2154]: os400 is referenced but not assigned.
#   57|   # If we're running under jdb, we need a full jdk.
#   58|   if [ "$1" = "debug" ] ; then
#   59|->   if [ "$os400" = "true" ]; then
#   60|       if [ ! -x "$JAVA_HOME"/bin/java ] || [ ! -x "$JAVA_HOME"/bin/javac ]; then
#   61|         echo "The JAVA_HOME environment variable is not defined correctly"

Error: SHELLCHECK_WARNING (CWE-563): [#def20]
/usr/share/tomcat/bin/tool-wrapper.sh:43:10: warning[SC2034]: darwin appears unused. Verify use (or export if used externally).
#   41|   case "`uname`" in
#   42|   CYGWIN*) cygwin=true;;
#   43|-> Darwin*) darwin=true;;
#   44|   OS400*) os400=true;;
#   45|   esac

Error: SHELLCHECK_WARNING (CWE-252): [#def21]
/usr/share/tomcat/bin/tool-wrapper.sh:64:43: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   62|   
#   63|   # Only set CATALINA_HOME if not already set
#   64|-> [ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd`
#   65|   
#   66|   # Ensure that any user defined CLASSPATH variables are not used on startup,

Error: SHELLCHECK_WARNING: [#def22]
/usr/share/tomcat/bin/tool-wrapper.sh:132:37: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#  130|     -classpath "\"$CLASSPATH\"" \
#  131|     -Dcatalina.home="\"$CATALINA_HOME\"" \
#  132|->   org.apache.catalina.startup.Tool "$@"

Scan Properties

analyzer-version-clippy1.95.0
analyzer-version-cppcheck2.20.0
analyzer-version-gcc16.1.1
analyzer-version-gcc-analyzer16.1.1
analyzer-version-shellcheck0.11.0
analyzer-version-unicontrol0.0.2
diffbase-analyzer-version-clippy1.95.0
diffbase-analyzer-version-cppcheck2.20.0
diffbase-analyzer-version-gcc16.1.1
diffbase-analyzer-version-gcc-analyzer16.1.1
diffbase-analyzer-version-shellcheck0.11.0
diffbase-analyzer-version-unicontrol0.0.2
diffbase-enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code0
diffbase-hostip-172-16-1-33.us-west-2.compute.internal
diffbase-known-false-positives/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpmknown-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
diffbase-mock-configfedora-rawhide-x86_64
diffbase-project-nametomcat-10.1.52-1.fc44
diffbase-store-results-to/tmp/tmptulfeemi/tomcat-10.1.52-1.fc44.tar.xz
diffbase-time-created2026-06-01 17:02:22
diffbase-time-finished2026-06-01 17:04:36
diffbase-toolcsmock
diffbase-tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmptulfeemi/tomcat-10.1.52-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmptulfeemi/tomcat-10.1.52-1.fc44.src.rpm'
diffbase-tool-versioncsmock-3.8.5.20260529.133039.g6f3b5c6-1.el9
enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
exit-code0
hostip-172-16-1-33.us-west-2.compute.internal
known-false-positives/usr/share/csmock/known-false-positives.js
known-false-positives-rpmknown-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
mock-configfedora-rawhide-x86_64
project-nametomcat-10.1.55-1.fc45
store-results-to/tmp/tmp2luzgra2/tomcat-10.1.55-1.fc45.tar.xz
time-created2026-06-01 17:04:45
time-finished2026-06-01 17:06:31
titleNewly introduced findings
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp2luzgra2/tomcat-10.1.55-1.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp2luzgra2/tomcat-10.1.55-1.fc45.src.rpm'
tool-versioncsmock-3.8.5.20260529.133039.g6f3b5c6-1.el9