buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf

List of Findings

Error: SHELLCHECK_WARNING (CWE-398): [#def1]
/usr/share/buildah/test/system/add.bats:116:11: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2))
#  114|   @test "add single file creates absolute path with correct permissions" {
#  115|     _prefetch ubuntu
#  116|->   imgName=ubuntu-image
#  117|     createrandom ${TEST_SCRATCH_DIR}/distutils.cfg
#  118|     permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg)

Error: SHELLCHECK_WARNING (CWE-398): [#def2]
/usr/share/buildah/test/system/add.bats:136:11: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2))
#  134|   @test "add single file creates relative path with correct permissions" {
#  135|     _prefetch ubuntu
#  136|->   imgName=ubuntu-image
#  137|     createrandom ${TEST_SCRATCH_DIR}/distutils.cfg
#  138|     permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg)

Error: SHELLCHECK_WARNING (CWE-156): [#def3]
/usr/share/buildah/test/system/blobcache.bats:41:10: warning[SC2046]: Quote this to prevent word splitting.
#   39|   		for blob in ${blobcachedir}/* ; do
#   40|   			if cmp -s ${content} ${blob} ; then
#   41|-> 				echo $(file ${blob}) and ${content} have the same contents, was cached
#   42|   				match=true
#   43|   				break

Error: SHELLCHECK_WARNING (CWE-569): [#def4]
/usr/share/buildah/test/system/bud.bats:171:17: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  169|                   --authfile ${TEST_SCRATCH_DIR}/test.auth \
#  170|                   --tls-verify=false \
#  171|->                 $* \
#  172|                   $imgname \
#  173|                   docker://localhost:${REGISTRY_PORT}/$imgname

Error: SHELLCHECK_WARNING (CWE-140): [#def5]
/usr/share/buildah/test/system/bud.bats:278:23: warning[SC2207]: Prefer mapfile or read -a to split command output (or quote to avoid splitting).
#  276|     # Containerfile must contain one or more (four, as of 2022-10) lines
#  277|     # of the form 'ARG TARGETxxx' for each of the variables of interest.
#  278|->   local -a checkvars=($(sed -ne 's/^ARG //p' <$containerfile))
#  279|     assert "${checkvars[*]}" != "" \
#  280|            "INTERNAL ERROR! No 'ARG xxx' lines in $containerfile!"

Error: SHELLCHECK_WARNING (CWE-156): [#def6]
/usr/share/buildah/test/system/bud.bats:528:29: warning[SC2046]: Quote this to prevent word splitting.
#  526|     run_buildah 125 build -t testbud3 $WITH_POLICY_JSON $BUDFILES/dockerignore3
#  527|     expect_output --substring 'building.*"COPY test1.txt /upload/test1.txt".*no such file or directory'
#  528|->   expect_output --substring $(realpath "$BUDFILES/dockerignore3/.dockerignore")
#  529|   }
#  530|   

Error: SHELLCHECK_WARNING (CWE-457): [#def7]
/usr/share/buildah/test/system/bud.bats:718:10: warning[SC2154]: targetArch is referenced but not assigned (did you mean 'targetarch'?).
#  716|     targetarch="arm64"
#  717|   
#  718|->   if [[ "$targetArch" == "$myarch" ]]; then
#  719|       targetarch="amd64"
#  720|     fi

Error: SHELLCHECK_WARNING (CWE-140): [#def8]
/usr/share/buildah/test/system/bud.bats:2250:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
# 2248|   @test "bud-from-scratch-label" {
# 2249|     run_buildah --version
# 2250|->   local -a output_fields=($output)
# 2251|     buildah_version=${output_fields[2]}
# 2252|     want_output='map["io.buildah.version":"'$buildah_version'" "test":"label"]'

Error: SHELLCHECK_WARNING (CWE-140): [#def9]
/usr/share/buildah/test/system/bud.bats:2374:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
# 2372|   
# 2373|     run_buildah --version
# 2374|->   local -a output_fields=($output)
# 2375|     buildah_version=${output_fields[2]}
# 2376|   

Error: SHELLCHECK_WARNING (CWE-563): [#def10]
/usr/share/buildah/test/system/bud.bats:3053:3: warning[SC2034]: from_cid appears unused. Verify use (or export if used externally).
# 3051|     expect_output --substring "@unique.test.string@"
# 3052|     run_buildah from --quiet ${from_target}
# 3053|->   from_cid=$output
# 3054|     run_buildah from ${target}
# 3055|   }

Error: SHELLCHECK_WARNING (CWE-398): [#def11]
/usr/share/buildah/test/system/bud.bats:3068:10: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2))
# 3066|   
# 3067|   @test "bud with Dockerfile from valid URL" {
# 3068|->   target=url-image
# 3069|     url=https://raw.githubusercontent.com/containers/buildah/main/tests/bud/from-scratch/Dockerfile
# 3070|     run_buildah build $WITH_POLICY_JSON -t ${target} ${url}

Error: SHELLCHECK_WARNING (CWE-398): [#def12]
/usr/share/buildah/test/system/bud.bats:3075:10: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2))
# 3073|   
# 3074|   @test "bud with Dockerfile from invalid URL" {
# 3075|->   target=url-image
# 3076|     url=https://raw.githubusercontent.com/containers/buildah/main/tests/bud/from-scratch/Dockerfile.bogus
# 3077|     run_buildah 125 build $WITH_POLICY_JSON -t ${target} ${url}

Error: SHELLCHECK_WARNING (CWE-156): [#def13]
/usr/share/buildah/test/system/bud.bats:3666:8: warning[SC2046]: Quote this to prevent word splitting.
# 3664|   
# 3665|     # Check that both the version with --jobs 1 and --jobs=N have the same number of files
# 3666|->   test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l)
# 3667|   }
# 3668|   

Error: SHELLCHECK_WARNING (CWE-156): [#def14]
/usr/share/buildah/test/system/bud.bats:3666:51: warning[SC2046]: Quote this to prevent word splitting.
# 3664|   
# 3665|     # Check that both the version with --jobs 1 and --jobs=N have the same number of files
# 3666|->   test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l)
# 3667|   }
# 3668|   

Error: SHELLCHECK_WARNING (CWE-140): [#def15]
/usr/share/buildah/test/system/bud.bats:4112:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
# 4110|   @test "bud-no-change-label" {
# 4111|     run_buildah --version
# 4112|->   local -a output_fields=($output)
# 4113|     buildah_version=${output_fields[2]}
# 4114|     want_output='map["io.buildah.version":"'$buildah_version'" "test":"label"]'

Error: SHELLCHECK_WARNING (CWE-571): [#def16]
/usr/share/buildah/test/system/bud.bats:4543:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4541|     mkdir -p $ocidir/blobs/sha256
# 4542|     # Build an image config and image manifest in parallel
# 4543|->   local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}')
# 4544|     local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}')
# 4545|     local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}')

Error: SHELLCHECK_WARNING (CWE-571): [#def17]
/usr/share/buildah/test/system/bud.bats:4544:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4542|     # Build an image config and image manifest in parallel
# 4543|     local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}')
# 4544|->   local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}')
# 4545|     local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}')
# 4546|     local configvariantkv=${configvariant:+'"variant": "'${configvariant}'", '}

Error: SHELLCHECK_WARNING (CWE-571): [#def18]
/usr/share/buildah/test/system/bud.bats:4545:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4543|     local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}')
# 4544|     local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}')
# 4545|->   local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}')
# 4546|     local configvariantkv=${configvariant:+'"variant": "'${configvariant}'", '}
# 4547|     echo '{"architecture": "'"${configarch}"'", "os": "'"${configos}"'", '"${configvariantkv}"'"rootfs": {"type": "layers", "diff_ids": [' > ${TEST_SCRATCH_DIR}/config.json

Error: SHELLCHECK_WARNING (CWE-571): [#def19]
/usr/share/buildah/test/system/bud.bats:4556:11: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4554|       tar -c -C ${TEST_SCRATCH_DIR} -f ${TEST_SCRATCH_DIR}/layer$layer.tar file$layer
# 4555|       # Get the layer blob's digest and size
# 4556|->     local diffid=$(sha256sum ${TEST_SCRATCH_DIR}/layer$layer.tar)
# 4557|       local diffsize=$(wc -c ${TEST_SCRATCH_DIR}/layer$layer.tar)
# 4558|       # Link the blob into where an OCI layout would put it.

Error: SHELLCHECK_WARNING (CWE-571): [#def20]
/usr/share/buildah/test/system/bud.bats:4557:11: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4555|       # Get the layer blob's digest and size
# 4556|       local diffid=$(sha256sum ${TEST_SCRATCH_DIR}/layer$layer.tar)
# 4557|->     local diffsize=$(wc -c ${TEST_SCRATCH_DIR}/layer$layer.tar)
# 4558|       # Link the blob into where an OCI layout would put it.
# 4559|       ln ${TEST_SCRATCH_DIR}/layer$layer.tar $ocidir/blobs/sha256/${diffid%% *}

Error: SHELLCHECK_WARNING (CWE-571): [#def21]
/usr/share/buildah/test/system/bud.bats:4576:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4574|     echo ']}, "config": { "Cmd": ["/bin/sh"], "Env": [ "PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin" ]}}' >> ${TEST_SCRATCH_DIR}/config.json
# 4575|     # Compute the config blob's digest and size, so that we can list it in the manifest.
# 4576|->   local configsize=$(wc -c ${TEST_SCRATCH_DIR}/config.json)
# 4577|     local configdigest=$(sha256sum ${TEST_SCRATCH_DIR}/config.json)
# 4578|     # Finish the manifest with information about the config blob.

Error: SHELLCHECK_WARNING (CWE-571): [#def22]
/usr/share/buildah/test/system/bud.bats:4577:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4575|     # Compute the config blob's digest and size, so that we can list it in the manifest.
# 4576|     local configsize=$(wc -c ${TEST_SCRATCH_DIR}/config.json)
# 4577|->   local configdigest=$(sha256sum ${TEST_SCRATCH_DIR}/config.json)
# 4578|     # Finish the manifest with information about the config blob.
# 4579|     echo '], "config": { "mediaType": "application/vnd.oci.image.config.v1+json", "digest": "sha256:'${configdigest%% *}'", "size": '${configsize%% *}'}}' >> ${TEST_SCRATCH_DIR}/manifest.json

Error: SHELLCHECK_WARNING (CWE-571): [#def23]
/usr/share/buildah/test/system/bud.bats:4581:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4579|     echo '], "config": { "mediaType": "application/vnd.oci.image.config.v1+json", "digest": "sha256:'${configdigest%% *}'", "size": '${configsize%% *}'}}' >> ${TEST_SCRATCH_DIR}/manifest.json
# 4580|     # Compute the manifest's digest and size, so that we can list it in the OCI layout index.
# 4581|->   local manifestsize=$(wc -c ${TEST_SCRATCH_DIR}/manifest.json)
# 4582|     local manifestdigest=$(sha256sum ${TEST_SCRATCH_DIR}/manifest.json)
# 4583|     # Link the config blob and manifest into where an OCI layout would put them.

Error: SHELLCHECK_WARNING (CWE-571): [#def24]
/usr/share/buildah/test/system/bud.bats:4582:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4580|     # Compute the manifest's digest and size, so that we can list it in the OCI layout index.
# 4581|     local manifestsize=$(wc -c ${TEST_SCRATCH_DIR}/manifest.json)
# 4582|->   local manifestdigest=$(sha256sum ${TEST_SCRATCH_DIR}/manifest.json)
# 4583|     # Link the config blob and manifest into where an OCI layout would put them.
# 4584|     ln ${TEST_SCRATCH_DIR}/config.json $ocidir/blobs/sha256/${configdigest%% *}

Error: SHELLCHECK_WARNING (CWE-670): [#def25]
/usr/share/buildah/test/system/bud.bats:4598:11: warning[SC2128]: Expanding an array without an index only gives the first element.
# 4596|     # out of all of this.
# 4597|     run_buildah inspect --format '{{.History}}' fakeregistry.podman.invalid/notreal
# 4598|->   assert "${lines}" == '[]'  "base image generated for test had history field that was not an empty slice"
# 4599|     # Build images using our image-with-no-history as a base, to check that we
# 4600|     # don't trip over ourselves when doing so.

Error: SHELLCHECK_WARNING (CWE-571): [#def26]
/usr/share/buildah/test/system/bud.bats:4647:10: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 4645|   
# 4646|     # Envariable from environment
# 4647|->   export foo=$(random_string 20)
# 4648|     run_buildah build $WITH_POLICY_JSON -t ${target} --build-arg foo $BUDFILES/build-arg
# 4649|     assert "${lines[3]}" = "$foo"

Error: SHELLCHECK_WARNING (CWE-140): [#def27]
/usr/share/buildah/test/system/bud.bats:4674:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
# 4672|     run_buildah build $WITH_POLICY_JSON -t ${target} $BUDFILES/from-scratch
# 4673|     run_buildah --version
# 4674|->   local -a output_fields=($output)
# 4675|     buildah_version=${output_fields[2]}
# 4676|   

Error: SHELLCHECK_WARNING (CWE-153): [#def28]
/usr/share/buildah/test/system/bud.bats:4893:23: warning[SC2053]: Quote the right-hand side of != in [[ ]] to prevent glob matching.
# 4891|       # as a sanity thing.
# 4892|       for other in $actions; do
# 4893|->       if [[ $other != $action ]]; then
# 4894|           assert "$(< ${TEST_SCRATCH_DIR}/${action}1)" != "$(< ${TEST_SCRATCH_DIR}/${other}1)" \
# 4895|                  "iidfile(${action}1) != iidfile(${other}1)"

Error: SHELLCHECK_WARNING (CWE-156): [#def29]
/usr/share/buildah/test/system/bud.bats:6342:17: warning[SC2046]: Quote this to prevent word splitting.
# 6340|     # Build and export container to tar
# 6341|     run_buildah build --no-cache $WITH_POLICY_JSON -t ${target} -f $BUDFILES/containerfile/Containerfile.in $BUDFILES/containerfile
# 6342|->   podman export $(podman create --name ${target} --net=host ${target}) --output=$contextdir.tar
# 6343|   
# 6344|     # We are done exporting so remove images and containers which are not needed

Error: SHELLCHECK_WARNING (CWE-156): [#def30]
/usr/share/buildah/test/system/bud.bats:6367:17: warning[SC2046]: Quote this to prevent word splitting.
# 6365|     # Build and export container to tar
# 6366|     run_buildah build --no-cache $WITH_POLICY_JSON -t ${target} -f $BUDFILES/add-run-dir/Dockerfile
# 6367|->   podman export $(podman create --name ${target} --net=host ${target}) --output=$contextdir.tar
# 6368|   
# 6369|     # We are done exporting so remove images and containers which are not needed

Error: SHELLCHECK_WARNING (CWE-149): [#def31]
/usr/share/buildah/test/system/bud.bats:6553:21: warning[SC2140]: Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A\"B\"C"?
# 6551|   _EOF
# 6552|     target=env-image
# 6553|->   check="FTP_PROXY="FTP" ftp_proxy=ftp http_proxy=http HTTPS_PROXY=HTTPS"
# 6554|     bogus="BOGUS_PROXY=BOGUS"
# 6555|     eval $check $bogus run_buildah build --unsetenv PATH $WITH_POLICY_JSON -t oci-${target} -f $mytmpdir/Containerfile .

Error: SHELLCHECK_WARNING (CWE-457): [#def32]
/usr/share/buildah/test/system/bud.bats:6817:9: warning[SC2154]: http_proxy is referenced but not assigned.
# 6815|     expect_rc=6
# 6816|     expect_err="Could not resolve host: www.redhat.com"
# 6817|->   if [[ $http_proxy != "" ]]; then
# 6818|       expect_rc=5
# 6819|       expect_err="Could not resolve proxy:"

Error: SHELLCHECK_WARNING (CWE-156): [#def33]
/usr/share/buildah/test/system/bud.bats:6932:11: warning[SC2046]: Quote this to prevent word splitting.
# 6930|     echo FROM busybox > ${TEST_SCRATCH_DIR}/Containerfile
# 6931|     arch=amd64
# 6932|->   if test $(arch) = x86_64 ; then
# 6933|       arch=arm64
# 6934|     fi

Error: SHELLCHECK_WARNING: [#def34]
/usr/share/buildah/test/system/cdi.bats:12:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal).
#   10|     sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml
#   11|     chmod 644 $cdidir/containers-cdi.yaml
#   12|->   echo === Begin CDI configuration in $cdidir/containers-cdi.yaml ===
#   13|     cat $cdidir/containers-cdi.yaml
#   14|     echo === End CDI configuration ===

Error: SHELLCHECK_WARNING: [#def35]
/usr/share/buildah/test/system/cdi.bats:14:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal).
#   12|     echo === Begin CDI configuration in $cdidir/containers-cdi.yaml ===
#   13|     cat $cdidir/containers-cdi.yaml
#   14|->   echo === End CDI configuration ===
#   15|     run_buildah build $WITH_POLICY_JSON --cdi-config-dir=$cdidir --security-opt label=disable --device=containers.github.io/sample=all --device=/dev/null:/dev/outsidenull:rwm $BUDFILES/cdi
#   16|   }

Error: SHELLCHECK_WARNING: [#def36]
/usr/share/buildah/test/system/cdi.bats:25:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal).
#   23|     sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml
#   24|     chmod 644 $cdidir/containers-cdi.yaml
#   25|->   echo === Begin CDI configuration in $cdidir/containers-cdi.yaml ===
#   26|     cat $cdidir/containers-cdi.yaml
#   27|     echo === End CDI configuration ===

Error: SHELLCHECK_WARNING: [#def37]
/usr/share/buildah/test/system/cdi.bats:27:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal).
#   25|     echo === Begin CDI configuration in $cdidir/containers-cdi.yaml ===
#   26|     cat $cdidir/containers-cdi.yaml
#   27|->   echo === End CDI configuration ===
#   28|     run_buildah from $WITH_POLICY_JSON --security-opt label=disable --cdi-config-dir=$cdidir --device=containers.github.io/sample=all --device=/dev/null:/dev/outsidenull:rwm busybox
#   29|     cid="$output"

Error: SHELLCHECK_WARNING: [#def38]
/usr/share/buildah/test/system/cdi.bats:40:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal).
#   38|     sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml
#   39|     chmod 644 $cdidir/containers-cdi.yaml
#   40|->   echo === Begin CDI configuration in $cdidir/containers-cdi.yaml ===
#   41|     cat $cdidir/containers-cdi.yaml
#   42|     echo === End CDI configuration ===

Error: SHELLCHECK_WARNING: [#def39]
/usr/share/buildah/test/system/cdi.bats:42:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal).
#   40|     echo === Begin CDI configuration in $cdidir/containers-cdi.yaml ===
#   41|     cat $cdidir/containers-cdi.yaml
#   42|->   echo === End CDI configuration ===
#   43|     run_buildah from $WITH_POLICY_JSON --security-opt label=disable busybox
#   44|     cid="$output"

Error: SHELLCHECK_WARNING (CWE-156): [#def40]
/usr/share/buildah/test/system/chroot.bats:50:14: warning[SC2046]: Quote this to prevent word splitting.
#   48|     # looking for $storagedir, so tweak perms to let them do at least that much
#   49|     fixupdir=$storagedir
#   50|->   while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do
#   51|       # walk up to root, or the first parent that we don't own
#   52|       if test $(stat -c %u $fixupdir) -ne $(id -u) ; then

Error: SHELLCHECK_WARNING (CWE-156): [#def41]
/usr/share/buildah/test/system/chroot.bats:50:44: warning[SC2046]: Quote this to prevent word splitting.
#   48|     # looking for $storagedir, so tweak perms to let them do at least that much
#   49|     fixupdir=$storagedir
#   50|->   while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do
#   51|       # walk up to root, or the first parent that we don't own
#   52|       if test $(stat -c %u $fixupdir) -ne $(id -u) ; then

Error: SHELLCHECK_WARNING (CWE-156): [#def42]
/usr/share/buildah/test/system/chroot.bats:52:13: warning[SC2046]: Quote this to prevent word splitting.
#   50|     while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do
#   51|       # walk up to root, or the first parent that we don't own
#   52|->     if test $(stat -c %u $fixupdir) -ne $(id -u) ; then
#   53|         break
#   54|       fi

Error: SHELLCHECK_WARNING (CWE-156): [#def43]
/usr/share/buildah/test/system/chroot.bats:52:41: warning[SC2046]: Quote this to prevent word splitting.
#   50|     while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do
#   51|       # walk up to root, or the first parent that we don't own
#   52|->     if test $(stat -c %u $fixupdir) -ne $(id -u) ; then
#   53|         break
#   54|       fi

Error: SHELLCHECK_WARNING (CWE-140): [#def44]
/usr/share/buildah/test/system/commit.bats:169:33: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#  167|   
#  168|   	run_buildah --version
#  169|->         local -a output_fields=($output)
#  170|   	buildah_version=${output_fields[2]}
#  171|   

Error: SHELLCHECK_WARNING (CWE-156): [#def45]
/usr/share/buildah/test/system/commit.bats:302:30: warning[SC2046]: Quote this to prevent word splitting.
#  300|     cid=$output
#  301|     run_buildah run $cid touch /testfile
#  302|->   run_buildah run $cid chown $(id -u):$(id -g) /testfile
#  303|     run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image
#  304|     config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json)

Error: SHELLCHECK_WARNING (CWE-156): [#def46]
/usr/share/buildah/test/system/commit.bats:302:39: warning[SC2046]: Quote this to prevent word splitting.
#  300|     cid=$output
#  301|     run_buildah run $cid touch /testfile
#  302|->   run_buildah run $cid chown $(id -u):$(id -g) /testfile
#  303|     run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image
#  304|     config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json)

Error: SHELLCHECK_WARNING (CWE-156): [#def47]
/usr/share/buildah/test/system/commit.bats:315:23: warning[SC2046]: Quote this to prevent word splitting.
#  313|     # ownership information should be forced to be in number/number format
#  314|     # instead of name/name because the names are gone
#  315|->   assert "$output" =~ $(id -u)/$(id -g)
#  316|   }
#  317|   

Error: SHELLCHECK_WARNING (CWE-156): [#def48]
/usr/share/buildah/test/system/commit.bats:315:32: warning[SC2046]: Quote this to prevent word splitting.
#  313|     # ownership information should be forced to be in number/number format
#  314|     # instead of name/name because the names are gone
#  315|->   assert "$output" =~ $(id -u)/$(id -g)
#  316|   }
#  317|   

Error: SHELLCHECK_WARNING (CWE-563): [#def49]
/usr/share/buildah/test/system/containers.bats:18:3: warning[SC2034]: cid2 appears unused. Verify use (or export if used externally).
#   16|     cid1=$output
#   17|     run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
#   18|->   cid2=$output
#   19|     run_buildah containers --filter name=$cid1
#   20|     expect_line_count 2

Error: SHELLCHECK_WARNING (CWE-571): [#def50]
/usr/share/buildah/test/system/digest.bats:12:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   10|   
#   11|     # If image includes '_v2sN', verify that image is schema version N
#   12|->   local expected_schemaversion=$(expr "$img" : '.*_v2s\([0-9]\)')
#   13|     if [ -n "$expected_schemaversion" ]; then
#   14|         actual_schemaversion=$(imgtype -expected-manifest-type '*' -show-manifest $img | jq .schemaVersion)

Error: SHELLCHECK_WARNING (CWE-571): [#def51]
/usr/share/buildah/test/system/digest.bats:52:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   50|     #
#   51|     # Check that the first and second .fsLayers and .history elements are dups
#   52|->   local manifest=$(imgtype -expected-manifest-type '*' -show-manifest ${IMG})
#   53|     for element in fsLayers history; do
#   54|         local first=$(jq ".${element}[0]" <<<"$manifest")

Error: SHELLCHECK_WARNING (CWE-571): [#def52]
/usr/share/buildah/test/system/digest.bats:54:13: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   52|     local manifest=$(imgtype -expected-manifest-type '*' -show-manifest ${IMG})
#   53|     for element in fsLayers history; do
#   54|->       local first=$(jq ".${element}[0]" <<<"$manifest")
#   55|         local second=$(jq ".${element}[1]" <<<"$manifest")
#   56|         expect_output --from="$second" "$first" "${IMG}: .${element}[1] == [0]"

Error: SHELLCHECK_WARNING (CWE-571): [#def53]
/usr/share/buildah/test/system/digest.bats:55:13: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   53|     for element in fsLayers history; do
#   54|         local first=$(jq ".${element}[0]" <<<"$manifest")
#   55|->       local second=$(jq ".${element}[1]" <<<"$manifest")
#   56|         expect_output --from="$second" "$first" "${IMG}: .${element}[1] == [0]"
#   57|     done

Error: SHELLCHECK_WARNING (CWE-477): [#def54]
/usr/share/buildah/test/system/digest/make-v2sN:58:17: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   56|   # FIXME: do we really need to know? Will it ever, in practice, be non-root?
#   57|   user=$(id -un)
#   58|-> if [ -n "$user" -a "$user" != "root" ]; then
#   59|       add_to_readme "By (user)" "$user"
#   60|   fi

Error: SHELLCHECK_WARNING (CWE-156): [#def55]
/usr/share/buildah/test/system/digest/make-v2sN:62:20: warning[SC2046]: Quote this to prevent word splitting.
#   60|   fi
#   61|   
#   62|-> create_script=$(cd $(dirname $0) && git ls-files --full-name $ME)
#   63|   if [ -z "$create_script" ]; then
#   64|       create_script=$0

Error: SHELLCHECK_WARNING (CWE-156): [#def56]
/usr/share/buildah/test/system/digest/make-v2sN:68:16: warning[SC2046]: Quote this to prevent word splitting.
#   66|   add_to_readme "By (script)" "$create_script"
#   67|   
#   68|-> git_state=$(cd $(dirname $0) && git describe --dirty)
#   69|   if [ -n "$git_state" ]; then
#   70|       add_to_readme "git state" "$git_state"

Error: SHELLCHECK_WARNING (CWE-156): [#def57]
/usr/share/buildah/test/system/digest/make-v2sN:88:29: warning[SC2046]: Quote this to prevent word splitting.
#   86|   # clean up interim layers. It's also necessary for dealing with v2s1 layers.
#   87|   
#   88|-> TMPDIR=$(mktemp --tmpdir -d $(basename $0).XXXXXXX)
#   89|   push_flags=
#   90|   if [[ $schemaversion -eq 1 ]]; then

Error: SHELLCHECK_WARNING (CWE-156): [#def58]
/usr/share/buildah/test/system/digest/make-v2sN:133:26: warning[SC2046]: Quote this to prevent word splitting.
#  131|       # Manifest is embedded in the image but as a string, not actual JSON;
#  132|       # the eval-echo converts it to usable JSON
#  133|->     manifest=$(eval echo $(buildah inspect ${IMGNAME} | jq .Manifest))
#  134|   
#  135|       # Check desired schema version:

Error: SHELLCHECK_WARNING (CWE-563): [#def59]
/usr/share/buildah/test/system/formats.bats:16:3: warning[SC2034]: expect appears unused. Verify use (or export if used externally).
#   14|     imgtype_dkr="application/vnd.docker.distribution.manifest.v2+json"
#   15|   
#   16|->   expect=""
#   17|     case "$2" in
#   18|         oci)    want=$imgtype_oci; reject=$imgtype_dkr;;

Error: SHELLCHECK_WARNING (CWE-156): [#def60]
/usr/share/buildah/test/system/from.bats:498:60: warning[SC2046]: Quote this to prevent word splitting.
#  496|     run_buildah from --quiet --pull $WITH_POLICY_JSON --arch=arm64 alpine
#  497|     other=$output
#  498|->   run_buildah from --quiet --pull $WITH_POLICY_JSON --arch=$(go env GOARCH) alpine
#  499|     cid=$output
#  500|     run_buildah copy --from $other $cid /etc/apk/arch /root/other-arch

Error: SHELLCHECK_WARNING (CWE-563): [#def61]
/usr/share/buildah/test/system/from.bats:541:3: warning[SC2034]: target appears unused. Verify use (or export if used externally).
#  539|     run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
#  540|     run_buildah push $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
#  541|->   target=busybox-image
#  542|     run_buildah from -q $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
#  543|     run_buildah rm $output

Error: SHELLCHECK_WARNING (CWE-138): [#def62]
/usr/share/buildah/test/system/help.bats:72:64: error[SC2145]: Argument mixes string and array. Use * or separate argument.
#   70|       # the old command parser and cobra.
#   71|       assert "$count" -gt 0 \
#   72|->            "Internal error: no commands found in 'buildah help $@' list"
#   73|   
#   74|       # Sanity check: make sure the special loops above triggered at least once.

Error: SHELLCHECK_WARNING (CWE-1164): [#def63]
/usr/share/buildah/test/system/help.bats:79:18: warning[SC2043]: This loop will only ever run once. Bad quoting or missing glob/expansion?
#   77|           # This loop is copied from podman test and redundant for buildah now.
#   78|           # But this is kept for future extension.
#   79|->         for i in subcommands; do
#   80|               if [[ -z ${found[$i]} ]]; then
#   81|                   die "Internal error: '$i' subtest did not trigger"

Error: SHELLCHECK_WARNING (CWE-670): [#def64]
/usr/share/buildah/test/system/helpers.bash:4:40: warning[SC2128]: Expanding an array without an index only gives the first element.
#    2|   
#    3|   # Directory in which tests live
#    4|-> TEST_SOURCES=${TEST_SOURCES:-$(dirname ${BASH_SOURCE})}
#    5|   
#    6|   BUILDAH_BINARY=${BUILDAH_BINARY:-$TEST_SOURCES/../bin/buildah}

Error: SHELLCHECK_WARNING (CWE-670): [#def65]
/usr/share/buildah/test/system/helpers.bash:12:16: warning[SC2128]: Expanding an array without an index only gives the first element.
#   10|   INET_BINARY=${INET_BINARY:-$TEST_SOURCES/../bin/inet}
#   11|   STORAGE_DRIVER=${STORAGE_DRIVER:-vfs}
#   12|-> PATH=$(dirname ${BASH_SOURCE})/../bin:${PATH}
#   13|   OCI=${CI_DESIRED_RUNTIME:-$(${BUILDAH_BINARY} info --format '{{.host.OCIRuntime}}' || command -v runc || command -v crun)}
#   14|   # Default timeout for a buildah command.

Error: SHELLCHECK_WARNING (CWE-156): [#def66]
/usr/share/buildah/test/system/helpers.bash:26:6: warning[SC2046]: Quote this to prevent word splitting.
#   24|   # Prompt to display when logging buildah commands; distinguish root/rootless
#   25|   _LOG_PROMPT='$'
#   26|-> if [ $(id -u) -eq 0 ]; then
#   27|       _LOG_PROMPT='#'
#   28|   fi

Error: SHELLCHECK_WARNING (CWE-563): [#def67]
/usr/share/buildah/test/system/helpers.bash:31:1: warning[SC2034]: BUDFILES appears unused. Verify use (or export if used externally).
#   29|   
#   30|   # Shortcut for directory containing Containerfiles for bud.bats
#   31|-> BUDFILES=${TEST_SOURCES}/bud
#   32|   
#   33|   # Used hundreds of times throughout all the tests

Error: SHELLCHECK_WARNING (CWE-563): [#def68]
/usr/share/buildah/test/system/helpers.bash:34:1: warning[SC2034]: WITH_POLICY_JSON appears unused. Verify use (or export if used externally).
#   32|   
#   33|   # Used hundreds of times throughout all the tests
#   34|-> WITH_POLICY_JSON="--signature-policy ${TEST_SOURCES}/policy.json"
#   35|   
#   36|   # We don't invoke gnupg directly in many places, but this avoids ENOTTY errors

Error: SHELLCHECK_WARNING (CWE-252): [#def69]
/usr/share/buildah/test/system/helpers.bash:46:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails.
#   44|   
#   45|   function setup_tests() {
#   46|->     pushd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
#   47|   
#   48|       # $TEST_SCRATCH_DIR is a custom scratch directory for each @test,

Error: SHELLCHECK_WARNING (CWE-670): [#def70]
/usr/share/buildah/test/system/helpers.bash:46:38: warning[SC2128]: Expanding an array without an index only gives the first element.
#   44|   
#   45|   function setup_tests() {
#   46|->     pushd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
#   47|   
#   48|       # $TEST_SCRATCH_DIR is a custom scratch directory for each @test,

Error: SHELLCHECK_WARNING (CWE-252): [#def71]
/usr/share/buildah/test/system/helpers.bash:93:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails.
#   91|         chmod 600 "$4"
#   92|       fi
#   93|->     pushd ${2:-${TEST_SCRATCH_DIR}} > /dev/null
#   94|       go build -o serve ${TEST_SOURCES}/serve/serve.go
#   95|       portfile=$(mktemp)

Error: SHELLCHECK_WARNING (CWE-563): [#def72]
/usr/share/buildah/test/system/helpers.bash:124:5: warning[SC2034]: HTTP_SERVER_PORT appears unused. Verify use (or export if used externally).
#  122|           fi
#  123|       done
#  124|->     HTTP_SERVER_PORT=$(cat ${portfile})
#  125|       rm -f ${portfile}
#  126|       popd > /dev/null

Error: SHELLCHECK_WARNING (CWE-252): [#def73]
/usr/share/buildah/test/system/helpers.bash:126:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails.
#  124|       HTTP_SERVER_PORT=$(cat ${portfile})
#  125|       rm -f ${portfile}
#  126|->     popd > /dev/null
#  127|   }
#  128|   

Error: SHELLCHECK_WARNING (CWE-252): [#def74]
/usr/share/buildah/test/system/helpers.bash:158:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails.
#  156|       rm -fr ${TEST_SCRATCH_DIR}
#  157|   
#  158|->     popd
#  159|   }
#  160|   

Error: SHELLCHECK_WARNING: [#def75]
/usr/share/buildah/test/system/helpers.bash:182:25: warning[SC2076]: Remove quotes from right-hand side of =~ to match as a regex rather than literally.
#  180|       local storage=
#  181|       for img in "$@"; do
#  182|->         if [[ "$img" =~ '[vfs@' ]] ; then
#  183|               storage="$img"
#  184|               continue

Error: SHELLCHECK_WARNING (CWE-398): [#def76]
/usr/share/buildah/test/system/helpers.bash:193:20: warning[SC2115]: Use "${var:?}" to ensure this never expands to / .
#  191|               copy dir:$_BUILDAH_IMAGE_CACHEDIR/$fname containers-storage:"$storage""$img"
#  192|           else
#  193|->             rm -fr $_BUILDAH_IMAGE_CACHEDIR/$fname
#  194|               echo "# [copy docker://$img dir:$_BUILDAH_IMAGE_CACHEDIR/$fname]" >&2
#  195|               for attempt in $(seq 3) ; do

Error: SHELLCHECK_WARNING (CWE-563): [#def77]
/usr/share/buildah/test/system/helpers.bash:195:13: warning[SC2034]: attempt appears unused. Verify use (or export if used externally).
#  193|               rm -fr $_BUILDAH_IMAGE_CACHEDIR/$fname
#  194|               echo "# [copy docker://$img dir:$_BUILDAH_IMAGE_CACHEDIR/$fname]" >&2
#  195|->             for attempt in $(seq 3) ; do
#  196|                   if copy $COPY_REGISTRY_OPTS docker://"$img" dir:$_BUILDAH_IMAGE_CACHEDIR/$fname ; then
#  197|                       break

Error: SHELLCHECK_WARNING (CWE-670): [#def78]
/usr/share/buildah/test/system/helpers.bash:335:62: warning[SC2128]: Expanding an array without an index only gives the first element.
#  333|           # stdout is only emitted upon error; this echo is to help a debugger
#  334|           echo "${_LOG_PROMPT} $BUILDAH_BINARY $*"
#  335|->         run env CONTAINERS_CONF=${CONTAINERS_CONF:-$(dirname ${BASH_SOURCE})/containers.conf} timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@"
#  336|           # without "quotes", multiple lines are glommed together into one
#  337|           if [ -n "$output" ]; then

Error: SHELLCHECK_WARNING (CWE-457): [#def79]
/usr/share/buildah/test/system/helpers.bash:340:15: warning[SC2154]: status is referenced but not assigned.
#  338|               echo "$output"
#  339|           fi
#  340|->         if [ "$status" -ne 0 ]; then
#  341|               echo -n "[ rc=$status ";
#  342|               if [ -n "$expected_rc" ]; then

Error: SHELLCHECK_WARNING (CWE-477): [#def80]
/usr/share/buildah/test/system/helpers.bash:352:32: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#  350|           fi
#  351|   
#  352|->         if [ "$status" -eq 124 -o "$status" -eq 137 ]; then
#  353|               # FIXME: 'timeout -v' requires coreutils-8.29; travis seems to have
#  354|               #        an older version. If/when travis updates, please add -v

Error: SHELLCHECK_WARNING (CWE-571): [#def81]
/usr/share/buildah/test/system/helpers.bash:497:15: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  495|       local opt
#  496|       for opt; do
#  497|->         local value=$(expr "$opt" : '[^=]*=\(.*\)')
#  498|           case "$opt" in
#  499|               --from=*)       actual="$value";   shift;;

Error: SHELLCHECK_WARNING (CWE-457): [#def82]
/usr/share/buildah/test/system/helpers.bash:520:19: warning[SC2154]: lines is referenced but not assigned (did you mean 'line'?).
#  518|       local testname="${2:-${MOST_RECENT_BUILDAH_COMMAND:-[no test name given]}}"
#  519|   
#  520|->     local actual="${#lines[@]}"
#  521|       if [ "$actual" -eq "$expect" ]; then
#  522|           return

Error: SHELLCHECK_WARNING (CWE-571): [#def83]
/usr/share/buildah/test/system/helpers.bash:629:11: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  627|   ##################
#  628|   function is_cgroupsv2() {
#  629|->     local cgroupfs_t=$(stat -f -c %T /sys/fs/cgroup)
#  630|       test "$cgroupfs_t" = "cgroup2fs"
#  631|   }

Error: SHELLCHECK_WARNING (CWE-156): [#def84]
/usr/share/buildah/test/system/helpers.bash:688:31: warning[SC2046]: Quote this to prevent word splitting.
#  686|       skip "unshare was not able to create a pid namespace"
#  687|     fi
#  688|->   if ! unshare -U --map-users $(id -u),0,1 true ; then
#  689|       skip "unshare does not support --map-users"
#  690|     fi

Error: SHELLCHECK_WARNING (CWE-563): [#def85]
/usr/share/buildah/test/system/helpers.bash:716:3: warning[SC2034]: GITPORT appears unused. Verify use (or export if used externally).
#  714|       fi
#  715|     done
#  716|->   GITPORT=$(cat ${TEST_SCRATCH_DIR}/git-daemon/port)
#  717|   }
#  718|   

Error: SHELLCHECK_WARNING (CWE-156): [#def86]
/usr/share/buildah/test/system/helpers.bash:721:10: warning[SC2046]: Quote this to prevent word splitting.
#  719|   function stop_git_daemon() {
#  720|     if test -s ${TEST_SCRATCH_DIR}/git-daemon/pid ; then
#  721|->     kill $(cat ${TEST_SCRATCH_DIR}/git-daemon/pid)
#  722|       rm -f ${TEST_SCRATCH_DIR}/git-daemon/pid
#  723|     fi

Error: SHELLCHECK_WARNING (CWE-156): [#def87]
/usr/share/buildah/test/system/helpers.bash.t:6:3: warning[SC2046]: Quote this to prevent word splitting.
#    4|   #
#    5|   
#    6|-> . $(dirname ${BASH_SOURCE})/helpers.bash
#    7|   
#    8|   INDEX=1

Error: SHELLCHECK_WARNING (CWE-670): [#def88]
/usr/share/buildah/test/system/helpers.bash.t:6:13: warning[SC2128]: Expanding an array without an index only gives the first element.
#    4|   #
#    5|   
#    6|-> . $(dirname ${BASH_SOURCE})/helpers.bash
#    7|   
#    8|   INDEX=1

Error: SHELLCHECK_WARNING (CWE-140): [#def89]
/usr/share/buildah/test/system/inspect.bats:34:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#   32|     # including version. Strip it out,
#   33|     run_buildah --version
#   34|->   local -a output_fields=($output)
#   35|     buildah_version=${output_fields[2]}
#   36|     inspect_cleaned=$(echo "$inspect_after_commit" | sed "s/io.buildah.version:${buildah_version}//g")

Error: SHELLCHECK_WARNING (CWE-569): [#def90]
/usr/share/buildah/test/system/lists.bats:260:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  258|   @test "manifest-from-tag" {
#  259|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST}
#  260|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST}
#  261|       expect_output --substring $(go env GOARCH)
#  262|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def91]
/usr/share/buildah/test/system/lists.bats:260:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  258|   @test "manifest-from-tag" {
#  259|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST}
#  260|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST}
#  261|       expect_output --substring $(go env GOARCH)
#  262|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def92]
/usr/share/buildah/test/system/lists.bats:260:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  258|   @test "manifest-from-tag" {
#  259|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST}
#  260|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST}
#  261|       expect_output --substring $(go env GOARCH)
#  262|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def93]
/usr/share/buildah/test/system/lists.bats:260:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  258|   @test "manifest-from-tag" {
#  259|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST}
#  260|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST}
#  261|       expect_output --substring $(go env GOARCH)
#  262|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-398): [#def94]
/usr/share/buildah/test/system/lists.bats:260:59: warning[SC1078]: Did you forget to close this single quoted string?
#  258|   @test "manifest-from-tag" {
#  259|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST}
#  260|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST}
#  261|       expect_output --substring $(go env GOARCH)
#  262|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-156): [#def95]
/usr/share/buildah/test/system/lists.bats:263:31: warning[SC2046]: Quote this to prevent word splitting.
#  261|       expect_output --substring $(go env GOARCH)
#  262|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container
#  263|->     expect_output --substring $(go env GOARCH)
#  264|   }
#  265|   

Error: SHELLCHECK_WARNING (CWE-569): [#def96]
/usr/share/buildah/test/system/lists.bats:268:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  266|   @test "manifest-from-digest" {
#  267|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST}
#  268|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST}
#  269|       expect_output --substring $(go env GOARCH)
#  270|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def97]
/usr/share/buildah/test/system/lists.bats:268:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  266|   @test "manifest-from-digest" {
#  267|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST}
#  268|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST}
#  269|       expect_output --substring $(go env GOARCH)
#  270|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def98]
/usr/share/buildah/test/system/lists.bats:268:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  266|   @test "manifest-from-digest" {
#  267|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST}
#  268|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST}
#  269|       expect_output --substring $(go env GOARCH)
#  270|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def99]
/usr/share/buildah/test/system/lists.bats:268:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  266|   @test "manifest-from-digest" {
#  267|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST}
#  268|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST}
#  269|       expect_output --substring $(go env GOARCH)
#  270|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-398): [#def100]
/usr/share/buildah/test/system/lists.bats:268:59: warning[SC1078]: Did you forget to close this single quoted string?
#  266|   @test "manifest-from-digest" {
#  267|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST}
#  268|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST}
#  269|       expect_output --substring $(go env GOARCH)
#  270|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-156): [#def101]
/usr/share/buildah/test/system/lists.bats:271:31: warning[SC2046]: Quote this to prevent word splitting.
#  269|       expect_output --substring $(go env GOARCH)
#  270|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container
#  271|->     expect_output --substring $(go env GOARCH)
#  272|   }
#  273|   

Error: SHELLCHECK_WARNING (CWE-569): [#def102]
/usr/share/buildah/test/system/lists.bats:276:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  274|   @test "manifest-from-instance" {
#  275|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE}
#  276|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE}
#  277|       expect_output --substring arm64
#  278|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def103]
/usr/share/buildah/test/system/lists.bats:276:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  274|   @test "manifest-from-instance" {
#  275|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE}
#  276|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE}
#  277|       expect_output --substring arm64
#  278|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def104]
/usr/share/buildah/test/system/lists.bats:276:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  274|   @test "manifest-from-instance" {
#  275|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE}
#  276|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE}
#  277|       expect_output --substring arm64
#  278|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-569): [#def105]
/usr/share/buildah/test/system/lists.bats:276:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  274|   @test "manifest-from-instance" {
#  275|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE}
#  276|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE}
#  277|       expect_output --substring arm64
#  278|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-398): [#def106]
/usr/share/buildah/test/system/lists.bats:276:59: warning[SC1078]: Did you forget to close this single quoted string?
#  274|   @test "manifest-from-instance" {
#  275|       run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE}
#  276|->     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE}
#  277|       expect_output --substring arm64
#  278|       run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container

Error: SHELLCHECK_WARNING (CWE-156): [#def107]
/usr/share/buildah/test/system/lists.bats:301:40: warning[SC2046]: Quote this to prevent word splitting.
#  299|       run_buildah bud --layers --iidfile ${TEST_SCRATCH_DIR}/image-id.txt ${TEST_SCRATCH_DIR}/build
#  300|       # Make sure we can add the new image to the list.
#  301|->     run_buildah manifest add test-list $(< ${TEST_SCRATCH_DIR}/image-id.txt)
#  302|   }
#  303|   

Error: SHELLCHECK_WARNING (CWE-156): [#def108]
/usr/share/buildah/test/system/mkcw.bats:92:20: warning[SC2046]: Quote this to prevent word splitting.
#   90|     iidfile="$TEST_SCRATCH_DIR/iid"
#   91|     run_buildah commit --iidfile $iidfile --cw type=SEV,ignore_attestation_errors,passphrase="$passphrase" "$ctrID"
#   92|->   mkcw_check_image $(< $iidfile)
#   93|   
#   94|     run_buildah commit --iidfile $iidfile --cw type=sev,ignore_attestation_errors,passphrase="$passphrase" "$ctrID"

Error: SHELLCHECK_WARNING (CWE-156): [#def109]
/usr/share/buildah/test/system/mkcw.bats:95:20: warning[SC2046]: Quote this to prevent word splitting.
#   93|   
#   94|     run_buildah commit --iidfile $iidfile --cw type=sev,ignore_attestation_errors,passphrase="$passphrase" "$ctrID"
#   95|->   mkcw_check_image $(< $iidfile)
#   96|   }
#   97|   

Error: SHELLCHECK_WARNING (CWE-156): [#def110]
/usr/share/buildah/test/system/mkcw.bats:108:20: warning[SC2046]: Quote this to prevent word splitting.
#  106|     echo -n "mkcw build" > "$TEST_SCRATCH_DIR"/key
#  107|     run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env
#  108|->   mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid)
#  109|   
#  110|     run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env

Error: SHELLCHECK_WARNING (CWE-156): [#def111]
/usr/share/buildah/test/system/mkcw.bats:111:20: warning[SC2046]: Quote this to prevent word splitting.
#  109|   
#  110|     run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env
#  111|->   mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid)
#  112|   
#  113|     # the key thing about this next bit is mixing --layers with a final

Error: SHELLCHECK_WARNING (CWE-156): [#def112]
/usr/share/buildah/test/system/mkcw.bats:117:20: warning[SC2046]: Quote this to prevent word splitting.
#  115|     echo -n "mkcw build --layers" > "$TEST_SCRATCH_DIR"/key
#  116|     run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw build --layers" --layers -f bud/env/Dockerfile.check-env bud/env
#  117|->   mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid)
#  118|   }

Error: SHELLCHECK_WARNING (CWE-571): [#def113]
/usr/share/buildah/test/system/namespaces.bats:88:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   86|   
#   87|     assert "$_output_idmap" != "" "Internal error: output_idmap is empty"
#   88|->   local _idmap=$(sed -E -e 's, +, ,g' -e 's,^ +,,g' <<< "${_output_idmap}")
#   89|     expect_output --from="$_idmap" "${_expect_idmap}" "$_testname"
#   90|   

Error: SHELLCHECK_WARNING (CWE-156): [#def114]
/usr/share/buildah/test/system/namespaces.bats:135:17: warning[SC2046]: Quote this to prevent word splitting.
#  133|         # Look for a name that's in both the subuid and subgid files.
#  134|         for candidate in $(sed -e 's,:.*,,g' /etc/subuid); do
#  135|->         if test $(sed -e 's,:.*,,g' -e "/$candidate/!d" /etc/subgid) == "$candidate"; then
#  136|             # Read the start of the subuid/subgid ranges.  Assume length=65536.
#  137|             userbase=$(sed -e "/^${candidate}:/!d" -e 's,^[^:]*:,,g' -e 's,:[^:]*,,g' /etc/subuid)

Error: SHELLCHECK_WARNING (CWE-88): [#def115]
/usr/share/buildah/test/system/namespaces.bats:323:24: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#  321|       # "run" doesn't have --userns option.
#  322|       if [ "$nsflag" != "userns" ]; then
#  323|->       for different in ${types[@]} ; do
#  324|           # Check that, if we override it, we get what we specify for "run".
#  325|           run_buildah run $RUNOPTS --"$nsflag"=$different "$ctr" readlink /proc/self/ns/"$nstype"

Error: SHELLCHECK_WARNING (CWE-563): [#def116]
/usr/share/buildah/test/system/rm.bats:40:3: warning[SC2034]: cid1 appears unused. Verify use (or export if used externally).
#   38|     _prefetch alpine busybox
#   39|     run_buildah from $WITH_POLICY_JSON scratch
#   40|->   cid1=$output
#   41|     run_buildah from --quiet $WITH_POLICY_JSON alpine
#   42|     cid2=$output

Error: SHELLCHECK_WARNING (CWE-563): [#def117]
/usr/share/buildah/test/system/rmi.bats:62:3: warning[SC2034]: cid1 appears unused. Verify use (or export if used externally).
#   60|     _prefetch alpine busybox
#   61|     run_buildah from $WITH_POLICY_JSON scratch
#   62|->   cid1=$output
#   63|     run_buildah from --quiet $WITH_POLICY_JSON alpine
#   64|     cid2=$output

Error: SHELLCHECK_WARNING (CWE-563): [#def118]
/usr/share/buildah/test/system/rmi.bats:64:3: warning[SC2034]: cid2 appears unused. Verify use (or export if used externally).
#   62|     cid1=$output
#   63|     run_buildah from --quiet $WITH_POLICY_JSON alpine
#   64|->   cid2=$output
#   65|     run_buildah from --quiet $WITH_POLICY_JSON busybox
#   66|     cid3=$output

Error: SHELLCHECK_WARNING (CWE-563): [#def119]
/usr/share/buildah/test/system/rmi.bats:66:3: warning[SC2034]: cid3 appears unused. Verify use (or export if used externally).
#   64|     cid2=$output
#   65|     run_buildah from --quiet $WITH_POLICY_JSON busybox
#   66|->   cid3=$output
#   67|     run_buildah 125 rmi --all
#   68|     run_buildah images -q

Error: SHELLCHECK_WARNING (CWE-156): [#def120]
/usr/share/buildah/test/system/run.bats:186:7: warning[SC2046]: Quote this to prevent word splitting.
#  184|   	skip_if_no_runtime
#  185|   
#  186|-> 	eval $(go env)
#  187|   	echo CGO_ENABLED=${CGO_ENABLED}
#  188|   	if test "$CGO_ENABLED" -ne 1; then

Error: SHELLCHECK_WARNING (CWE-569): [#def121]
/usr/share/buildah/test/system/run.bats:614:5: error[SC1035]: You need a space after the [ and before the ].
#  612|   
#  613|   	rootless=0
#  614|-> 	if ["$(id -u)" -ne 0 ]; then
#  615|   		rootless=1
#  616|   	fi

Error: SHELLCHECK_WARNING (CWE-571): [#def122]
/usr/share/buildah/test/system/run.bats:663:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  661|   	_prefetch ubuntu
#  662|   
#  663|-> 	local hostname=h-$(random_string)
#  664|   
#  665|   	run_buildah from --quiet --pull=false $WITH_POLICY_JSON ubuntu

Error: SHELLCHECK_WARNING (CWE-398): [#def123]
/usr/share/buildah/test/system/run.bats:706:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet).
#  704|   	cid=$output
#  705|   	run_buildah run --network=host --hostname $hostname $cid cat /etc/hosts
#  706|-> 	assert "$output" =~ "$ip[[:blank:]]$hostname"
#  707|   	hostOutput=$output
#  708|   	m=$(buildah mount $cid)

Error: SHELLCHECK_WARNING (CWE-398): [#def124]
/usr/share/buildah/test/system/run.bats:716:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet).
#  714|   	# --isolation chroot implies host networking so check for the correct hosts entry
#  715|   	run_buildah run --isolation chroot --hostname $hostname $cid cat /etc/hosts
#  716|-> 	assert "$output" =~ "$ip[[:blank:]]$hostname"
#  717|   	run_buildah rm -a
#  718|   

Error: SHELLCHECK_WARNING (CWE-571): [#def125]
/usr/share/buildah/test/system/run.bats:739:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  737|   	cid=$output
#  738|   
#  739|-> 	local hostname=h-$(random_string)
#  740|   	ip=$(hostname -I | cut -f 1 -d " ")
#  741|   	run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts

Error: SHELLCHECK_WARNING (CWE-398): [#def126]
/usr/share/buildah/test/system/run.bats:742:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet).
#  740|   	ip=$(hostname -I | cut -f 1 -d " ")
#  741|   	run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts
#  742|-> 	assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "--network pasta adds correct hostname"
#  743|   	# FIXME we need pasta 20240814 or newer in the VMs to enable this
#  744|   	# assert "$output" =~ "169.254.1.2[[:blank:]]host.containers.internal" "--network pasta adds correct internal entry"

Error: SHELLCHECK_WARNING (CWE-398): [#def127]
/usr/share/buildah/test/system/run.bats:749:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet).
#  747|   	echo -e "[network]\ndefault_rootless_network_cmd = \"pasta\"" > ${TEST_SCRATCH_DIR}/containers.conf
#  748|   	CONTAINERS_CONF_OVERRIDE=${TEST_SCRATCH_DIR}/containers.conf run_buildah run --hostname $hostname $cid cat /etc/hosts
#  749|-> 	assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "default_rootless_network_cmd = \"pasta\" works"
#  750|   
#  751|   	# resolv.conf checks

Error: SHELLCHECK_WARNING (CWE-457): [#def128]
/usr/share/buildah/test/system/run.bats:931:9: warning[SC2154]: test is referenced but not assigned (for output from commands, use "$(test ...)" ).
#  929|   	skip_if_root_environment
#  930|   	if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then
#  931|-> 		skip "$test does not work when DBUS_SESSION_BUS_ADDRESS is not defined"
#  932|   	fi
#  933|   	_prefetch alpine

Error: SHELLCHECK_WARNING (CWE-277): [#def129]
/usr/share/buildah/test/system/sign.bats:11:12: warning[SC2174]: When used with -p, -m only applies to the deepest directory.
#    9|   
#   10|     export GNUPGHOME=${TEST_SCRATCH_DIR}/.gnupg
#   11|->   mkdir -p --mode=0700 $GNUPGHOME
#   12|   
#   13|     # gpg on f30 and above needs this, otherwise:

Error: SHELLCHECK_WARNING (CWE-571): [#def130]
/usr/share/buildah/test/system/sign.bats:53:3: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead.
#   51|     run_buildah push $WITH_POLICY_JSON --remove-signatures signed-alpine-image dir:${TEST_SCRATCH_DIR}/unsigned-image
#   52|     ls -l ${TEST_SCRATCH_DIR}/unsigned-image/
#   53|->   ! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1
#   54|   
#   55|     run_buildah commit $WITH_POLICY_JSON $cid unsigned-alpine-image

Error: SHELLCHECK_WARNING (CWE-571): [#def131]
/usr/share/buildah/test/system/sign.bats:69:3: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead.
#   67|     run_buildah push $WITH_POLICY_JSON "$imageID" dir:${TEST_SCRATCH_DIR}/unsigned-image
#   68|     ls -l ${TEST_SCRATCH_DIR}/unsigned-image/
#   69|->   ! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1
#   70|   
#   71|     # Build a manifest list and try to push the list with signatures.

Error: SHELLCHECK_WARNING (CWE-563): [#def132]
/usr/share/buildah/test/system/source.bats:42:3: warning[SC2034]: creatd appears unused. Verify use (or export if used externally).
#   40|     run jq -r .created $srcdir/blobs/sha256/$configDigest
#   41|     assert "$status" -eq 0 "status of jq .created on configDigest"
#   42|->   creatd=$output
#   43|     run date --date="$output"
#   44|     assert "$status" -eq 0 "status of date (this should never ever fail)"

Error: SHELLCHECK_WARNING (CWE-156): [#def133]
/usr/share/buildah/test/system/test_buildah_authentication.sh:139:16: warning[SC2046]: Quote this to prevent word splitting.
#  137|   ########
#  138|   buildah rm $ctrid
#  139|-> buildah rmi -f $(buildah images -q)
#  140|   
#  141|   ########

Error: SHELLCHECK_WARNING (CWE-156): [#def134]
/usr/share/buildah/test/system/test_buildah_authentication.sh:205:16: warning[SC2046]: Quote this to prevent word splitting.
#  203|   ########
#  204|   buildah rm --all
#  205|-> buildah rmi -f $(buildah images -q)
#  206|   
#  207|   ########

Error: SHELLCHECK_WARNING (CWE-156): [#def135]
/usr/share/buildah/test/system/test_buildah_authentication.sh:235:14: warning[SC2046]: Quote this to prevent word splitting.
#  233|   rm -f ./Dockerfile
#  234|   rm -rf ${TESTDIR}/auth
#  235|-> docker rm -f $(docker ps --all -q)
#  236|   docker rmi -f $(docker images -q)
#  237|   buildah rm $(buildah containers -q)

Error: SHELLCHECK_WARNING (CWE-156): [#def136]
/usr/share/buildah/test/system/test_buildah_authentication.sh:236:15: warning[SC2046]: Quote this to prevent word splitting.
#  234|   rm -rf ${TESTDIR}/auth
#  235|   docker rm -f $(docker ps --all -q)
#  236|-> docker rmi -f $(docker images -q)
#  237|   buildah rm $(buildah containers -q)
#  238|   buildah rmi -f $(buildah images -q)

Error: SHELLCHECK_WARNING (CWE-156): [#def137]
/usr/share/buildah/test/system/test_buildah_authentication.sh:237:12: warning[SC2046]: Quote this to prevent word splitting.
#  235|   docker rm -f $(docker ps --all -q)
#  236|   docker rmi -f $(docker images -q)
#  237|-> buildah rm $(buildah containers -q)
#  238|   buildah rmi -f $(buildah images -q)

Error: SHELLCHECK_WARNING (CWE-156): [#def138]
/usr/share/buildah/test/system/test_buildah_authentication.sh:238:16: warning[SC2046]: Quote this to prevent word splitting.
#  236|   docker rmi -f $(docker images -q)
#  237|   buildah rm $(buildah containers -q)
#  238|-> buildah rmi -f $(buildah images -q)

Error: SHELLCHECK_WARNING (CWE-252): [#def139]
/usr/share/buildah/test/system/test_buildah_build_rpm.sh:32:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   30|   # Clone buildah from GitHub.com
#   31|   ########
#   32|-> cd $SBOX
#   33|   git clone https://github.com/containers/buildah.git
#   34|   cd $GITROOT

Error: SHELLCHECK_WARNING (CWE-252): [#def140]
/usr/share/buildah/test/system/test_buildah_build_rpm.sh:34:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   32|   cd $SBOX
#   33|   git clone https://github.com/containers/buildah.git
#   34|-> cd $GITROOT
#   35|   
#   36|   ########

Error: SHELLCHECK_WARNING (CWE-156): [#def141]
/usr/share/buildah/test/system/test_buildah_build_rpm.sh:102:12: warning[SC2046]: Quote this to prevent word splitting.
#  100|   # Clean up Buildah
#  101|   ########
#  102|-> buildah rm $(buildah containers -q)
#  103|   buildah rmi -f $(buildah images -q)
#  104|   

Error: SHELLCHECK_WARNING (CWE-156): [#def142]
/usr/share/buildah/test/system/test_buildah_build_rpm.sh:103:16: warning[SC2046]: Quote this to prevent word splitting.
#  101|   ########
#  102|   buildah rm $(buildah containers -q)
#  103|-> buildah rmi -f $(buildah images -q)
#  104|   
#  105|   ########

Error: SHELLCHECK_WARNING (CWE-156): [#def143]
/usr/share/buildah/test/system/test_buildah_build_rpm.sh:122:12: warning[SC2046]: Quote this to prevent word splitting.
#  120|   rm -rf ${SBOX}
#  121|   rm -rf ${PACKAGES}
#  122|-> buildah rm $(buildah containers -q)
#  123|   buildah rmi -f $(buildah images -q)
#  124|   ${PACKAGER} remove -y buildah

Error: SHELLCHECK_WARNING (CWE-156): [#def144]
/usr/share/buildah/test/system/test_buildah_build_rpm.sh:123:16: warning[SC2046]: Quote this to prevent word splitting.
#  121|   rm -rf ${PACKAGES}
#  122|   buildah rm $(buildah containers -q)
#  123|-> buildah rmi -f $(buildah images -q)
#  124|   ${PACKAGER} remove -y buildah

Error: SHELLCHECK_WARNING (CWE-670): [#def145]
/usr/share/buildah/test/system/test_runner.sh:4:31: warning[SC2128]: Expanding an array without an index only gives the first element.
#    2|   set -e
#    3|   
#    4|-> cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
#    5|   
#    6|   # Default to using /var/tmp for test space, since it's more likely to support

Error: SHELLCHECK_WARNING (CWE-138): [#def146]
/usr/share/buildah/test/system/test_runner.sh:11:15: error[SC2145]: Argument mixes string and array. Use * or separate argument.
#    9|   
#   10|   function execute() {
#   11|-> 	>&2 echo "++ $@"
#   12|   	eval "$@"
#   13|   }

Error: SHELLCHECK_WARNING: [#def147]
/usr/share/buildah/test/system/test_runner.sh:12:8: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string).
#   10|   function execute() {
#   11|   	>&2 echo "++ $@"
#   12|-> 	eval "$@"
#   13|   }
#   14|   

Error: SHELLCHECK_WARNING (CWE-563): [#def148]
/usr/share/buildah/test/system/tools/vendor/github.com/golangci/misspell/install-misspell.sh:338:1: warning[SC2034]: PROJECT_NAME appears unused. Verify use (or export if used externally).
#  336|   EOF
#  337|   
#  338|-> PROJECT_NAME="misspell"
#  339|   OWNER=golangci
#  340|   REPO="misspell"

Error: SHELLCHECK_WARNING (CWE-829): [#def149]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/benchmark.sh:8:6: warning[SC2092]: Remove backticks to avoid executing output (or use eval if intentional).
#    6|   reference_git=${2:-.}
#    7|   
#    8|-> if ! `hash benchstat 2>/dev/null`; then
#    9|       echo "Installing benchstat"
#   10|       go get golang.org/x/perf/cmd/benchstat

Error: SHELLCHECK_WARNING (CWE-252): [#def150]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:78:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails.
#   76|       fi
#   77|   
#   78|->     pushd "$dir"
#   79|       go test -covermode=atomic  -coverpkg=./... -coverprofile=coverage.out.tmp ./...
#   80|       grep -Ev '(fuzz|testsuite|tomltestgen|gotoml-test-decoder|gotoml-test-encoder)' coverage.out.tmp > coverage.out

Error: SHELLCHECK_WARNING (CWE-252): [#def151]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:83:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails.
#   81|       go tool cover -func=coverage.out
#   82|       echo "Coverage profile for ${branch}: ${dir}/coverage.out" >&2
#   83|->     popd
#   84|   
#   85|       if [ "${branch}" != "HEAD" ]; then

Error: SHELLCHECK_WARNING (CWE-252): [#def152]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:147:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails.
#  145|       fi
#  146|   
#  147|->     pushd "$dir"
#  148|   
#  149|       if [ "${replace}" != "" ]; then

Error: SHELLCHECK_WARNING (CWE-252): [#def153]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:156:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails.
#  154|       export GOMAXPROCS=2
#  155|       go test '-bench=^Benchmark(Un)?[mM]arshal' -count=10 -run=Nothing ./... | tee "${out}"
#  156|->     popd
#  157|   
#  158|       if [ "${branch}" != "HEAD" ]; then

Error: SHELLCHECK_WARNING (CWE-156): [#def154]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:277:23: warning[SC2046]: Quote this to prevent word splitting.
#  275|       esac
#  276|   
#  277|->     bench "${1-HEAD}" `mktemp`
#  278|   }
#  279|   

Error: SHELLCHECK_WARNING (CWE-88): [#def155]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:281:31: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#  279|   
#  280|   case "$1" in
#  281|->     coverage) shift; coverage $@;;
#  282|       benchmark) shift; benchmark $@;;
#  283|       *) usage "bad argument $1";;

Error: SHELLCHECK_WARNING (CWE-88): [#def156]
/usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:282:33: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#  280|   case "$1" in
#  281|       coverage) shift; coverage $@;;
#  282|->     benchmark) shift; benchmark $@;;
#  283|       *) usage "bad argument $1";;
#  284|   esac

Error: SHELLCHECK_WARNING (CWE-569): [#def157]
/usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/entrypoint.sh:11:12: warning[SC2048]: Use "${array[@]}" (with quotes) to prevent whitespace problems.
#    9|   fi
#   10|   
#   11|-> /bin/gosec ${ARGS[*]}

Error: SHELLCHECK_WARNING (CWE-563): [#def158]
/usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/install.sh:340:1: warning[SC2034]: BINARY appears unused. Verify use (or export if used externally).
#  338|   OWNER=securego
#  339|   REPO="gosec"
#  340|-> BINARY=gosec
#  341|   FORMAT=tar.gz
#  342|   OS=$(uname_os)

Error: SHELLCHECK_WARNING: [#def159]
/usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/perf-diff.sh:34:7: warning[SC1014]: Use 'if cmd; then ..' to check exit code, or 'if [[ $(cmd) == .. ]]' to check output.
#   32|   # Compute the difference of the execution time.
#   33|   diff=$(($duration - $duration_master))
#   34|-> if [[ diff -lt 0 ]]; then
#   35|     diff=$(($diff * -1))
#   36|   fi

Error: SHELLCHECK_WARNING (CWE-156): [#def160]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:53:47: warning[SC2046]: Quote this to prevent word splitting.
#   51|   	# Files generated through docker (use $cmd so you can Ctl-C the build or run)
#   52|   	$cmd docker build --tag generate:$GOOS $GOOS
#   53|-> 	$cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && pwd):/build generate:$GOOS
#   54|   	exit
#   55|   fi

Error: SHELLCHECK_WARNING (CWE-569): [#def161]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:1: warning[SC2221]: This pattern always overrides a later one on line 59.
#   57|   GOOSARCH_in=syscall_$GOOSARCH.go
#   58|   case "$GOOSARCH" in
#   59|-> _* | *_ | _)
#   60|   	echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2
#   61|   	exit 1

Error: SHELLCHECK_WARNING (CWE-569): [#def162]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:6: warning[SC2221]: This pattern always overrides a later one on line 59.
#   57|   GOOSARCH_in=syscall_$GOOSARCH.go
#   58|   case "$GOOSARCH" in
#   59|-> _* | *_ | _)
#   60|   	echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2
#   61|   	exit 1

Error: SHELLCHECK_WARNING (CWE-569): [#def163]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:11: warning[SC2222]: This pattern never matches because of a previous pattern on line 59.
#   57|   GOOSARCH_in=syscall_$GOOSARCH.go
#   58|   case "$GOOSARCH" in
#   59|-> _* | *_ | _)
#   60|   	echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2
#   61|   	exit 1

Error: SHELLCHECK_WARNING (CWE-149): [#def164]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:234:125: warning[SC2027]: The surrounding quotes actually unquote this. Remove or escape them.
#  232|   			if [ "$GOOSARCH" == "aix_ppc64" ]; then
#  233|   				# aix/ppc64 script generates files instead of writing to stdin.
#  234|-> 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ;
#  235|   			elif [ "$GOOS" == "illumos" ]; then
#  236|   			        # illumos code generation requires a --illumos switch

Error: SHELLCHECK_WARNING (CWE-149): [#def165]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:234:167: warning[SC2027]: The surrounding quotes actually unquote this. Remove or escape them.
#  232|   			if [ "$GOOSARCH" == "aix_ppc64" ]; then
#  233|   				# aix/ppc64 script generates files instead of writing to stdin.
#  234|-> 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ;
#  235|   			elif [ "$GOOS" == "illumos" ]; then
#  236|   			        # illumos code generation requires a --illumos switch

Error: SHELLCHECK_WARNING (CWE-563): [#def166]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:37:1: warning[SC2034]: uname appears unused. Verify use (or export if used externally).
#   35|   fi
#   36|   
#   37|-> uname=$(uname)
#   38|   
#   39|   includes_AIX='

Error: SHELLCHECK_WARNING (CWE-563): [#def167]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:39:1: warning[SC2034]: includes_AIX appears unused. Verify use (or export if used externally).
#   37|   uname=$(uname)
#   38|   
#   39|-> includes_AIX='
#   40|   #include <net/if.h>
#   41|   #include <net/netopt.h>

Error: SHELLCHECK_WARNING (CWE-563): [#def168]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:55:1: warning[SC2034]: includes_Darwin appears unused. Verify use (or export if used externally).
#   53|   '
#   54|   
#   55|-> includes_Darwin='
#   56|   #define _DARWIN_C_SOURCE
#   57|   #define KERNEL 1

Error: SHELLCHECK_WARNING (CWE-563): [#def169]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:93:1: warning[SC2034]: includes_DragonFly appears unused. Verify use (or export if used externally).
#   91|   '
#   92|   
#   93|-> includes_DragonFly='
#   94|   #include <sys/types.h>
#   95|   #include <sys/event.h>

Error: SHELLCHECK_WARNING (CWE-563): [#def170]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:116:1: warning[SC2034]: includes_FreeBSD appears unused. Verify use (or export if used externally).
#  114|   '
#  115|   
#  116|-> includes_FreeBSD='
#  117|   #include <sys/capsicum.h>
#  118|   #include <sys/param.h>

Error: SHELLCHECK_WARNING (CWE-563): [#def171]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:153:1: warning[SC2034]: includes_Linux appears unused. Verify use (or export if used externally).
#  151|   '
#  152|   
#  153|-> includes_Linux='
#  154|   #define _LARGEFILE_SOURCE
#  155|   #define _LARGEFILE64_SOURCE

Error: SHELLCHECK_WARNING (CWE-563): [#def172]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:343:1: warning[SC2034]: includes_NetBSD appears unused. Verify use (or export if used externally).
#  341|   '
#  342|   
#  343|-> includes_NetBSD='
#  344|   #include <sys/types.h>
#  345|   #include <sys/param.h>

Error: SHELLCHECK_WARNING (CWE-563): [#def173]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:372:1: warning[SC2034]: includes_OpenBSD appears unused. Verify use (or export if used externally).
#  370|   '
#  371|   
#  372|-> includes_OpenBSD='
#  373|   #include <sys/types.h>
#  374|   #include <sys/param.h>

Error: SHELLCHECK_WARNING (CWE-563): [#def174]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:413:1: warning[SC2034]: includes_SunOS appears unused. Verify use (or export if used externally).
#  411|   '
#  412|   
#  413|-> includes_SunOS='
#  414|   #include <limits.h>
#  415|   #include <sys/types.h>

Error: SHELLCHECK_WARNING (CWE-569): [#def175]
/usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:454:9: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
#  452|   #include <time.h>
#  453|   '
#  454|-> ccflags="$@"
#  455|   
#  456|   # Write go tool cgo -godefs input.

Error: SHELLCHECK_WARNING (CWE-571): [#def176]
/usr/share/buildah/test/system/tutorial.bats:18:2: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead.
#   16|   	echo "build output:"
#   17|   	echo "${output}"
#   18|-> 	! grep -q init.scope <<< "$buildoutput"
#   19|   	run sed -e '0,/^CUT START/d' -e '/^CUT END/,//d' <<< "$buildoutput"
#   20|   	# should've found a /sys/fs/cgroup with stuff in it

Error: SHELLCHECK_WARNING (CWE-153): [#def177]
/usr/share/buildah/test/system/validate/pr-should-include-tests.t:63:25: warning[SC2053]: Quote the right-hand side of != in [[ ]] to prevent glob matching.
#   61|       local actual_rc=$?
#   62|   
#   63|->     if [[ $actual_rc != $expected_rc ]]; then
#   64|           echo "not ok $testnum $testname"
#   65|           echo "#  expected rc $expected_rc"

Error: SHELLCHECK_WARNING (CWE-571): [#def178]
/usr/share/buildah/test/system/validate/pr-should-include-tests.t:120:12: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  118|       export GITVALIDATE_EPOCH=$parent_sha
#  119|       export CIRRUS_CHANGE_IN_REPO=$commit_sha
#  120|->     export CIRRUS_CHANGE_TITLE=$(git log -1 --format=%s $commit_sha)
#  121|       export CIRRUS_CHANGE_MESSAGE=
#  122|       export CIRRUS_PR=$pr

Error: GCC_ANALYZER_WARNING (CWE-775): [#def179]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:118:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’
#  116|   		new_size = used + BUFSTEP;
#  117|   		new_buf = realloc(buf, new_size);
#  118|-> 		if (new_buf == NULL) {
#  119|   			free(buf);
#  120|   			fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def180]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’
#  123|   		buf = new_buf;
#  124|   		size = new_size;
#  125|-> 		memset(buf + used, '\0', size - used);
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’
#  123|   		buf = new_buf;
#  124|   		size = new_size;
#  125|-> 		memset(buf + used, '\0', size - used);
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {
#  128|-> 			fprintf(stderr, "read(): %m\n");
#  129|   			return NULL;
#  130|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {
#  128|-> 			fprintf(stderr, "read(): %m\n");
#  129|   			return NULL;
#  130|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
#  152|   		}
#  153|   	}
#  154|-> 	ret[i] = NULL;
#  155|   	return ret;
#  156|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
#  152|   		}
#  153|   	}
#  154|-> 	ret[i] = NULL;
#  155|   	return ret;
#  156|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:291:12: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:18: included_from: Included from here.
#  289|   		return fd;
#  290|   
#  291|-> 	if (fexecve(fd, argv, environ) == -1) {
#  292|   		close(fd);
#  293|   		fprintf(stderr, "Error during reexec(...): %m\n");

Error: COMPILER_WARNING (CWE-1164): [#def187]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/mattn/go-sqlite3/sqlite3.go:85:1: warning[-Wunused-function]: ‘_sqlite3_exec’ defined but not used
#   85 | _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes)
#      | ^~~~~~~~~~~~~
#   83|   
#   84|   static int
#   85|-> _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes)
#   86|   {
#   87|     int rv = sqlite3_exec(db, pcmd, 0, 0, 0);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def188]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New'
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c'
#   75|   	CK_C_GetFunctionList list;
#   76|   	struct ctx *c = calloc(1, sizeof(struct ctx));
#   77|-> 	c->handle = dlopen(module, RTLD_LAZY);
#   78|   	if (c->handle == NULL) {
#   79|   		free(c);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def189]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’
#   75|   	CK_C_GetFunctionList list;
#   76|   	struct ctx *c = calloc(1, sizeof(struct ctx));
#   77|-> 	c->handle = dlopen(module, RTLD_LAZY);
#   78|   	if (c->handle == NULL) {
#   79|   		free(c);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def190]
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’
buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’
#  314|   			continue;
#  315|   		}
#  316|-> 		temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
#  317|   	}
#  318|   	return c->sym->C_GetAttributeValue(session, object, temp, templen);

Scan Properties

analyzer-version-clippy1.82.0
analyzer-version-cppcheck2.16.0
analyzer-version-gcc14.2.1
analyzer-version-gcc-analyzer14.2.1
analyzer-version-shellcheck0.10.0
analyzer-version-unicontrol0.0.2
enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
exit-code0
hostip-172-16-1-254.us-west-2.compute.internal
mock-configfedora-rawhide-x86_64
project-namebuildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf
store-results-to/tmp/tmpmk0mxqqv/buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf.tar.xz
time-created2024-11-08 16:50:53
time-finished2024-11-08 17:03:55
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpmk0mxqqv/buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmpmk0mxqqv/buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf.src.rpm'
tool-versioncsmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9