Error: SHELLCHECK_WARNING (CWE-398): [#def1] /usr/share/buildah/test/system/add.bats:116:11: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 114| @test "add single file creates absolute path with correct permissions" { # 115| _prefetch ubuntu # 116|-> imgName=ubuntu-image # 117| createrandom ${TEST_SCRATCH_DIR}/distutils.cfg # 118| permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg) Error: SHELLCHECK_WARNING (CWE-398): [#def2] /usr/share/buildah/test/system/add.bats:136:11: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 134| @test "add single file creates relative path with correct permissions" { # 135| _prefetch ubuntu # 136|-> imgName=ubuntu-image # 137| createrandom ${TEST_SCRATCH_DIR}/distutils.cfg # 138| permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg) Error: SHELLCHECK_WARNING (CWE-156): [#def3] /usr/share/buildah/test/system/blobcache.bats:41:10: warning[SC2046]: Quote this to prevent word splitting. # 39| for blob in ${blobcachedir}/* ; do # 40| if cmp -s ${content} ${blob} ; then # 41|-> echo $(file ${blob}) and ${content} have the same contents, was cached # 42| match=true # 43| break Error: SHELLCHECK_WARNING (CWE-569): [#def4] /usr/share/buildah/test/system/bud.bats:171:17: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems. # 169| --authfile ${TEST_SCRATCH_DIR}/test.auth \ # 170| --tls-verify=false \ # 171|-> $* \ # 172| $imgname \ # 173| docker://localhost:${REGISTRY_PORT}/$imgname Error: SHELLCHECK_WARNING (CWE-140): [#def5] /usr/share/buildah/test/system/bud.bats:278:23: warning[SC2207]: Prefer mapfile or read -a to split command output (or quote to avoid splitting). # 276| # Containerfile must contain one or more (four, as of 2022-10) lines # 277| # of the form 'ARG TARGETxxx' for each of the variables of interest. # 278|-> local -a checkvars=($(sed -ne 's/^ARG //p' <$containerfile)) # 279| assert "${checkvars[*]}" != "" \ # 280| "INTERNAL ERROR! No 'ARG xxx' lines in $containerfile!" Error: SHELLCHECK_WARNING (CWE-156): [#def6] /usr/share/buildah/test/system/bud.bats:528:29: warning[SC2046]: Quote this to prevent word splitting. # 526| run_buildah 125 build -t testbud3 $WITH_POLICY_JSON $BUDFILES/dockerignore3 # 527| expect_output --substring 'building.*"COPY test1.txt /upload/test1.txt".*no such file or directory' # 528|-> expect_output --substring $(realpath "$BUDFILES/dockerignore3/.dockerignore") # 529| } # 530| Error: SHELLCHECK_WARNING (CWE-457): [#def7] /usr/share/buildah/test/system/bud.bats:718:10: warning[SC2154]: targetArch is referenced but not assigned (did you mean 'targetarch'?). # 716| targetarch="arm64" # 717| # 718|-> if [[ "$targetArch" == "$myarch" ]]; then # 719| targetarch="amd64" # 720| fi Error: SHELLCHECK_WARNING (CWE-140): [#def8] /usr/share/buildah/test/system/bud.bats:2250:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 2248| @test "bud-from-scratch-label" { # 2249| run_buildah --version # 2250|-> local -a output_fields=($output) # 2251| buildah_version=${output_fields[2]} # 2252| want_output='map["io.buildah.version":"'$buildah_version'" "test":"label"]' Error: SHELLCHECK_WARNING (CWE-140): [#def9] /usr/share/buildah/test/system/bud.bats:2374:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 2372| # 2373| run_buildah --version # 2374|-> local -a output_fields=($output) # 2375| buildah_version=${output_fields[2]} # 2376| Error: SHELLCHECK_WARNING (CWE-563): [#def10] /usr/share/buildah/test/system/bud.bats:3053:3: warning[SC2034]: from_cid appears unused. Verify use (or export if used externally). # 3051| expect_output --substring "@unique.test.string@" # 3052| run_buildah from --quiet ${from_target} # 3053|-> from_cid=$output # 3054| run_buildah from ${target} # 3055| } Error: SHELLCHECK_WARNING (CWE-398): [#def11] /usr/share/buildah/test/system/bud.bats:3068:10: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 3066| # 3067| @test "bud with Dockerfile from valid URL" { # 3068|-> target=url-image # 3069| url=https://raw.githubusercontent.com/containers/buildah/main/tests/bud/from-scratch/Dockerfile # 3070| run_buildah build $WITH_POLICY_JSON -t ${target} ${url} Error: SHELLCHECK_WARNING (CWE-398): [#def12] /usr/share/buildah/test/system/bud.bats:3075:10: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 3073| # 3074| @test "bud with Dockerfile from invalid URL" { # 3075|-> target=url-image # 3076| url=https://raw.githubusercontent.com/containers/buildah/main/tests/bud/from-scratch/Dockerfile.bogus # 3077| run_buildah 125 build $WITH_POLICY_JSON -t ${target} ${url} Error: SHELLCHECK_WARNING (CWE-156): [#def13] /usr/share/buildah/test/system/bud.bats:3666:8: warning[SC2046]: Quote this to prevent word splitting. # 3664| # 3665| # Check that both the version with --jobs 1 and --jobs=N have the same number of files # 3666|-> test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l) # 3667| } # 3668| Error: SHELLCHECK_WARNING (CWE-156): [#def14] /usr/share/buildah/test/system/bud.bats:3666:51: warning[SC2046]: Quote this to prevent word splitting. # 3664| # 3665| # Check that both the version with --jobs 1 and --jobs=N have the same number of files # 3666|-> test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l) # 3667| } # 3668| Error: SHELLCHECK_WARNING (CWE-140): [#def15] /usr/share/buildah/test/system/bud.bats:4112:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 4110| @test "bud-no-change-label" { # 4111| run_buildah --version # 4112|-> local -a output_fields=($output) # 4113| buildah_version=${output_fields[2]} # 4114| want_output='map["io.buildah.version":"'$buildah_version'" "test":"label"]' Error: SHELLCHECK_WARNING (CWE-571): [#def16] /usr/share/buildah/test/system/bud.bats:4543:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4541| mkdir -p $ocidir/blobs/sha256 # 4542| # Build an image config and image manifest in parallel # 4543|-> local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}') # 4544| local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}') # 4545| local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}') Error: SHELLCHECK_WARNING (CWE-571): [#def17] /usr/share/buildah/test/system/bud.bats:4544:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4542| # Build an image config and image manifest in parallel # 4543| local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}') # 4544|-> local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}') # 4545| local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}') # 4546| local configvariantkv=${configvariant:+'"variant": "'${configvariant}'", '} Error: SHELLCHECK_WARNING (CWE-571): [#def18] /usr/share/buildah/test/system/bud.bats:4545:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4543| local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}') # 4544| local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}') # 4545|-> local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}') # 4546| local configvariantkv=${configvariant:+'"variant": "'${configvariant}'", '} # 4547| echo '{"architecture": "'"${configarch}"'", "os": "'"${configos}"'", '"${configvariantkv}"'"rootfs": {"type": "layers", "diff_ids": [' > ${TEST_SCRATCH_DIR}/config.json Error: SHELLCHECK_WARNING (CWE-571): [#def19] /usr/share/buildah/test/system/bud.bats:4556:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4554| tar -c -C ${TEST_SCRATCH_DIR} -f ${TEST_SCRATCH_DIR}/layer$layer.tar file$layer # 4555| # Get the layer blob's digest and size # 4556|-> local diffid=$(sha256sum ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4557| local diffsize=$(wc -c ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4558| # Link the blob into where an OCI layout would put it. Error: SHELLCHECK_WARNING (CWE-571): [#def20] /usr/share/buildah/test/system/bud.bats:4557:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4555| # Get the layer blob's digest and size # 4556| local diffid=$(sha256sum ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4557|-> local diffsize=$(wc -c ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4558| # Link the blob into where an OCI layout would put it. # 4559| ln ${TEST_SCRATCH_DIR}/layer$layer.tar $ocidir/blobs/sha256/${diffid%% *} Error: SHELLCHECK_WARNING (CWE-571): [#def21] /usr/share/buildah/test/system/bud.bats:4576:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4574| echo ']}, "config": { "Cmd": ["/bin/sh"], "Env": [ "PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin" ]}}' >> ${TEST_SCRATCH_DIR}/config.json # 4575| # Compute the config blob's digest and size, so that we can list it in the manifest. # 4576|-> local configsize=$(wc -c ${TEST_SCRATCH_DIR}/config.json) # 4577| local configdigest=$(sha256sum ${TEST_SCRATCH_DIR}/config.json) # 4578| # Finish the manifest with information about the config blob. Error: SHELLCHECK_WARNING (CWE-571): [#def22] /usr/share/buildah/test/system/bud.bats:4577:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4575| # Compute the config blob's digest and size, so that we can list it in the manifest. # 4576| local configsize=$(wc -c ${TEST_SCRATCH_DIR}/config.json) # 4577|-> local configdigest=$(sha256sum ${TEST_SCRATCH_DIR}/config.json) # 4578| # Finish the manifest with information about the config blob. # 4579| echo '], "config": { "mediaType": "application/vnd.oci.image.config.v1+json", "digest": "sha256:'${configdigest%% *}'", "size": '${configsize%% *}'}}' >> ${TEST_SCRATCH_DIR}/manifest.json Error: SHELLCHECK_WARNING (CWE-571): [#def23] /usr/share/buildah/test/system/bud.bats:4581:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4579| echo '], "config": { "mediaType": "application/vnd.oci.image.config.v1+json", "digest": "sha256:'${configdigest%% *}'", "size": '${configsize%% *}'}}' >> ${TEST_SCRATCH_DIR}/manifest.json # 4580| # Compute the manifest's digest and size, so that we can list it in the OCI layout index. # 4581|-> local manifestsize=$(wc -c ${TEST_SCRATCH_DIR}/manifest.json) # 4582| local manifestdigest=$(sha256sum ${TEST_SCRATCH_DIR}/manifest.json) # 4583| # Link the config blob and manifest into where an OCI layout would put them. Error: SHELLCHECK_WARNING (CWE-571): [#def24] /usr/share/buildah/test/system/bud.bats:4582:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4580| # Compute the manifest's digest and size, so that we can list it in the OCI layout index. # 4581| local manifestsize=$(wc -c ${TEST_SCRATCH_DIR}/manifest.json) # 4582|-> local manifestdigest=$(sha256sum ${TEST_SCRATCH_DIR}/manifest.json) # 4583| # Link the config blob and manifest into where an OCI layout would put them. # 4584| ln ${TEST_SCRATCH_DIR}/config.json $ocidir/blobs/sha256/${configdigest%% *} Error: SHELLCHECK_WARNING (CWE-670): [#def25] /usr/share/buildah/test/system/bud.bats:4598:11: warning[SC2128]: Expanding an array without an index only gives the first element. # 4596| # out of all of this. # 4597| run_buildah inspect --format '{{.History}}' fakeregistry.podman.invalid/notreal # 4598|-> assert "${lines}" == '[]' "base image generated for test had history field that was not an empty slice" # 4599| # Build images using our image-with-no-history as a base, to check that we # 4600| # don't trip over ourselves when doing so. Error: SHELLCHECK_WARNING (CWE-571): [#def26] /usr/share/buildah/test/system/bud.bats:4647:10: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4645| # 4646| # Envariable from environment # 4647|-> export foo=$(random_string 20) # 4648| run_buildah build $WITH_POLICY_JSON -t ${target} --build-arg foo $BUDFILES/build-arg # 4649| assert "${lines[3]}" = "$foo" Error: SHELLCHECK_WARNING (CWE-140): [#def27] /usr/share/buildah/test/system/bud.bats:4674:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 4672| run_buildah build $WITH_POLICY_JSON -t ${target} $BUDFILES/from-scratch # 4673| run_buildah --version # 4674|-> local -a output_fields=($output) # 4675| buildah_version=${output_fields[2]} # 4676| Error: SHELLCHECK_WARNING (CWE-153): [#def28] /usr/share/buildah/test/system/bud.bats:4893:23: warning[SC2053]: Quote the right-hand side of != in [[ ]] to prevent glob matching. # 4891| # as a sanity thing. # 4892| for other in $actions; do # 4893|-> if [[ $other != $action ]]; then # 4894| assert "$(< ${TEST_SCRATCH_DIR}/${action}1)" != "$(< ${TEST_SCRATCH_DIR}/${other}1)" \ # 4895| "iidfile(${action}1) != iidfile(${other}1)" Error: SHELLCHECK_WARNING (CWE-156): [#def29] /usr/share/buildah/test/system/bud.bats:6342:17: warning[SC2046]: Quote this to prevent word splitting. # 6340| # Build and export container to tar # 6341| run_buildah build --no-cache $WITH_POLICY_JSON -t ${target} -f $BUDFILES/containerfile/Containerfile.in $BUDFILES/containerfile # 6342|-> podman export $(podman create --name ${target} --net=host ${target}) --output=$contextdir.tar # 6343| # 6344| # We are done exporting so remove images and containers which are not needed Error: SHELLCHECK_WARNING (CWE-156): [#def30] /usr/share/buildah/test/system/bud.bats:6367:17: warning[SC2046]: Quote this to prevent word splitting. # 6365| # Build and export container to tar # 6366| run_buildah build --no-cache $WITH_POLICY_JSON -t ${target} -f $BUDFILES/add-run-dir/Dockerfile # 6367|-> podman export $(podman create --name ${target} --net=host ${target}) --output=$contextdir.tar # 6368| # 6369| # We are done exporting so remove images and containers which are not needed Error: SHELLCHECK_WARNING (CWE-149): [#def31] /usr/share/buildah/test/system/bud.bats:6553:21: warning[SC2140]: Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A\"B\"C"? # 6551| _EOF # 6552| target=env-image # 6553|-> check="FTP_PROXY="FTP" ftp_proxy=ftp http_proxy=http HTTPS_PROXY=HTTPS" # 6554| bogus="BOGUS_PROXY=BOGUS" # 6555| eval $check $bogus run_buildah build --unsetenv PATH $WITH_POLICY_JSON -t oci-${target} -f $mytmpdir/Containerfile . Error: SHELLCHECK_WARNING (CWE-457): [#def32] /usr/share/buildah/test/system/bud.bats:6817:9: warning[SC2154]: http_proxy is referenced but not assigned. # 6815| expect_rc=6 # 6816| expect_err="Could not resolve host: www.redhat.com" # 6817|-> if [[ $http_proxy != "" ]]; then # 6818| expect_rc=5 # 6819| expect_err="Could not resolve proxy:" Error: SHELLCHECK_WARNING (CWE-156): [#def33] /usr/share/buildah/test/system/bud.bats:6932:11: warning[SC2046]: Quote this to prevent word splitting. # 6930| echo FROM busybox > ${TEST_SCRATCH_DIR}/Containerfile # 6931| arch=amd64 # 6932|-> if test $(arch) = x86_64 ; then # 6933| arch=arm64 # 6934| fi Error: SHELLCHECK_WARNING: [#def34] /usr/share/buildah/test/system/cdi.bats:12:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 10| sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml # 11| chmod 644 $cdidir/containers-cdi.yaml # 12|-> echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 13| cat $cdidir/containers-cdi.yaml # 14| echo === End CDI configuration === Error: SHELLCHECK_WARNING: [#def35] /usr/share/buildah/test/system/cdi.bats:14:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 12| echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 13| cat $cdidir/containers-cdi.yaml # 14|-> echo === End CDI configuration === # 15| run_buildah build $WITH_POLICY_JSON --cdi-config-dir=$cdidir --security-opt label=disable --device=containers.github.io/sample=all --device=/dev/null:/dev/outsidenull:rwm $BUDFILES/cdi # 16| } Error: SHELLCHECK_WARNING: [#def36] /usr/share/buildah/test/system/cdi.bats:25:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 23| sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml # 24| chmod 644 $cdidir/containers-cdi.yaml # 25|-> echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 26| cat $cdidir/containers-cdi.yaml # 27| echo === End CDI configuration === Error: SHELLCHECK_WARNING: [#def37] /usr/share/buildah/test/system/cdi.bats:27:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 25| echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 26| cat $cdidir/containers-cdi.yaml # 27|-> echo === End CDI configuration === # 28| run_buildah from $WITH_POLICY_JSON --security-opt label=disable --cdi-config-dir=$cdidir --device=containers.github.io/sample=all --device=/dev/null:/dev/outsidenull:rwm busybox # 29| cid="$output" Error: SHELLCHECK_WARNING: [#def38] /usr/share/buildah/test/system/cdi.bats:40:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 38| sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml # 39| chmod 644 $cdidir/containers-cdi.yaml # 40|-> echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 41| cat $cdidir/containers-cdi.yaml # 42| echo === End CDI configuration === Error: SHELLCHECK_WARNING: [#def39] /usr/share/buildah/test/system/cdi.bats:42:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 40| echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 41| cat $cdidir/containers-cdi.yaml # 42|-> echo === End CDI configuration === # 43| run_buildah from $WITH_POLICY_JSON --security-opt label=disable busybox # 44| cid="$output" Error: SHELLCHECK_WARNING (CWE-156): [#def40] /usr/share/buildah/test/system/chroot.bats:50:14: warning[SC2046]: Quote this to prevent word splitting. # 48| # looking for $storagedir, so tweak perms to let them do at least that much # 49| fixupdir=$storagedir # 50|-> while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52| if test $(stat -c %u $fixupdir) -ne $(id -u) ; then Error: SHELLCHECK_WARNING (CWE-156): [#def41] /usr/share/buildah/test/system/chroot.bats:50:44: warning[SC2046]: Quote this to prevent word splitting. # 48| # looking for $storagedir, so tweak perms to let them do at least that much # 49| fixupdir=$storagedir # 50|-> while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52| if test $(stat -c %u $fixupdir) -ne $(id -u) ; then Error: SHELLCHECK_WARNING (CWE-156): [#def42] /usr/share/buildah/test/system/chroot.bats:52:13: warning[SC2046]: Quote this to prevent word splitting. # 50| while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52|-> if test $(stat -c %u $fixupdir) -ne $(id -u) ; then # 53| break # 54| fi Error: SHELLCHECK_WARNING (CWE-156): [#def43] /usr/share/buildah/test/system/chroot.bats:52:41: warning[SC2046]: Quote this to prevent word splitting. # 50| while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52|-> if test $(stat -c %u $fixupdir) -ne $(id -u) ; then # 53| break # 54| fi Error: SHELLCHECK_WARNING (CWE-140): [#def44] /usr/share/buildah/test/system/commit.bats:169:33: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 167| # 168| run_buildah --version # 169|-> local -a output_fields=($output) # 170| buildah_version=${output_fields[2]} # 171| Error: SHELLCHECK_WARNING (CWE-156): [#def45] /usr/share/buildah/test/system/commit.bats:302:30: warning[SC2046]: Quote this to prevent word splitting. # 300| cid=$output # 301| run_buildah run $cid touch /testfile # 302|-> run_buildah run $cid chown $(id -u):$(id -g) /testfile # 303| run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image # 304| config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json) Error: SHELLCHECK_WARNING (CWE-156): [#def46] /usr/share/buildah/test/system/commit.bats:302:39: warning[SC2046]: Quote this to prevent word splitting. # 300| cid=$output # 301| run_buildah run $cid touch /testfile # 302|-> run_buildah run $cid chown $(id -u):$(id -g) /testfile # 303| run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image # 304| config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json) Error: SHELLCHECK_WARNING (CWE-156): [#def47] /usr/share/buildah/test/system/commit.bats:315:23: warning[SC2046]: Quote this to prevent word splitting. # 313| # ownership information should be forced to be in number/number format # 314| # instead of name/name because the names are gone # 315|-> assert "$output" =~ $(id -u)/$(id -g) # 316| } # 317| Error: SHELLCHECK_WARNING (CWE-156): [#def48] /usr/share/buildah/test/system/commit.bats:315:32: warning[SC2046]: Quote this to prevent word splitting. # 313| # ownership information should be forced to be in number/number format # 314| # instead of name/name because the names are gone # 315|-> assert "$output" =~ $(id -u)/$(id -g) # 316| } # 317| Error: SHELLCHECK_WARNING (CWE-563): [#def49] /usr/share/buildah/test/system/containers.bats:18:3: warning[SC2034]: cid2 appears unused. Verify use (or export if used externally). # 16| cid1=$output # 17| run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox # 18|-> cid2=$output # 19| run_buildah containers --filter name=$cid1 # 20| expect_line_count 2 Error: SHELLCHECK_WARNING (CWE-571): [#def50] /usr/share/buildah/test/system/digest.bats:12:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 10| # 11| # If image includes '_v2sN', verify that image is schema version N # 12|-> local expected_schemaversion=$(expr "$img" : '.*_v2s\([0-9]\)') # 13| if [ -n "$expected_schemaversion" ]; then # 14| actual_schemaversion=$(imgtype -expected-manifest-type '*' -show-manifest $img | jq .schemaVersion) Error: SHELLCHECK_WARNING (CWE-571): [#def51] /usr/share/buildah/test/system/digest.bats:52:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 50| # # 51| # Check that the first and second .fsLayers and .history elements are dups # 52|-> local manifest=$(imgtype -expected-manifest-type '*' -show-manifest ${IMG}) # 53| for element in fsLayers history; do # 54| local first=$(jq ".${element}[0]" <<<"$manifest") Error: SHELLCHECK_WARNING (CWE-571): [#def52] /usr/share/buildah/test/system/digest.bats:54:13: warning[SC2155]: Declare and assign separately to avoid masking return values. # 52| local manifest=$(imgtype -expected-manifest-type '*' -show-manifest ${IMG}) # 53| for element in fsLayers history; do # 54|-> local first=$(jq ".${element}[0]" <<<"$manifest") # 55| local second=$(jq ".${element}[1]" <<<"$manifest") # 56| expect_output --from="$second" "$first" "${IMG}: .${element}[1] == [0]" Error: SHELLCHECK_WARNING (CWE-571): [#def53] /usr/share/buildah/test/system/digest.bats:55:13: warning[SC2155]: Declare and assign separately to avoid masking return values. # 53| for element in fsLayers history; do # 54| local first=$(jq ".${element}[0]" <<<"$manifest") # 55|-> local second=$(jq ".${element}[1]" <<<"$manifest") # 56| expect_output --from="$second" "$first" "${IMG}: .${element}[1] == [0]" # 57| done Error: SHELLCHECK_WARNING (CWE-477): [#def54] /usr/share/buildah/test/system/digest/make-v2sN:58:17: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. # 56| # FIXME: do we really need to know? Will it ever, in practice, be non-root? # 57| user=$(id -un) # 58|-> if [ -n "$user" -a "$user" != "root" ]; then # 59| add_to_readme "By (user)" "$user" # 60| fi Error: SHELLCHECK_WARNING (CWE-156): [#def55] /usr/share/buildah/test/system/digest/make-v2sN:62:20: warning[SC2046]: Quote this to prevent word splitting. # 60| fi # 61| # 62|-> create_script=$(cd $(dirname $0) && git ls-files --full-name $ME) # 63| if [ -z "$create_script" ]; then # 64| create_script=$0 Error: SHELLCHECK_WARNING (CWE-156): [#def56] /usr/share/buildah/test/system/digest/make-v2sN:68:16: warning[SC2046]: Quote this to prevent word splitting. # 66| add_to_readme "By (script)" "$create_script" # 67| # 68|-> git_state=$(cd $(dirname $0) && git describe --dirty) # 69| if [ -n "$git_state" ]; then # 70| add_to_readme "git state" "$git_state" Error: SHELLCHECK_WARNING (CWE-156): [#def57] /usr/share/buildah/test/system/digest/make-v2sN:88:29: warning[SC2046]: Quote this to prevent word splitting. # 86| # clean up interim layers. It's also necessary for dealing with v2s1 layers. # 87| # 88|-> TMPDIR=$(mktemp --tmpdir -d $(basename $0).XXXXXXX) # 89| push_flags= # 90| if [[ $schemaversion -eq 1 ]]; then Error: SHELLCHECK_WARNING (CWE-156): [#def58] /usr/share/buildah/test/system/digest/make-v2sN:133:26: warning[SC2046]: Quote this to prevent word splitting. # 131| # Manifest is embedded in the image but as a string, not actual JSON; # 132| # the eval-echo converts it to usable JSON # 133|-> manifest=$(eval echo $(buildah inspect ${IMGNAME} | jq .Manifest)) # 134| # 135| # Check desired schema version: Error: SHELLCHECK_WARNING (CWE-563): [#def59] /usr/share/buildah/test/system/formats.bats:16:3: warning[SC2034]: expect appears unused. Verify use (or export if used externally). # 14| imgtype_dkr="application/vnd.docker.distribution.manifest.v2+json" # 15| # 16|-> expect="" # 17| case "$2" in # 18| oci) want=$imgtype_oci; reject=$imgtype_dkr;; Error: SHELLCHECK_WARNING (CWE-156): [#def60] /usr/share/buildah/test/system/from.bats:498:60: warning[SC2046]: Quote this to prevent word splitting. # 496| run_buildah from --quiet --pull $WITH_POLICY_JSON --arch=arm64 alpine # 497| other=$output # 498|-> run_buildah from --quiet --pull $WITH_POLICY_JSON --arch=$(go env GOARCH) alpine # 499| cid=$output # 500| run_buildah copy --from $other $cid /etc/apk/arch /root/other-arch Error: SHELLCHECK_WARNING (CWE-563): [#def61] /usr/share/buildah/test/system/from.bats:541:3: warning[SC2034]: target appears unused. Verify use (or export if used externally). # 539| run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT} # 540| run_buildah push $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest # 541|-> target=busybox-image # 542| run_buildah from -q $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest # 543| run_buildah rm $output Error: SHELLCHECK_WARNING (CWE-138): [#def62] /usr/share/buildah/test/system/help.bats:72:64: error[SC2145]: Argument mixes string and array. Use * or separate argument. # 70| # the old command parser and cobra. # 71| assert "$count" -gt 0 \ # 72|-> "Internal error: no commands found in 'buildah help $@' list" # 73| # 74| # Sanity check: make sure the special loops above triggered at least once. Error: SHELLCHECK_WARNING (CWE-1164): [#def63] /usr/share/buildah/test/system/help.bats:79:18: warning[SC2043]: This loop will only ever run once. Bad quoting or missing glob/expansion? # 77| # This loop is copied from podman test and redundant for buildah now. # 78| # But this is kept for future extension. # 79|-> for i in subcommands; do # 80| if [[ -z ${found[$i]} ]]; then # 81| die "Internal error: '$i' subtest did not trigger" Error: SHELLCHECK_WARNING (CWE-670): [#def64] /usr/share/buildah/test/system/helpers.bash:4:40: warning[SC2128]: Expanding an array without an index only gives the first element. # 2| # 3| # Directory in which tests live # 4|-> TEST_SOURCES=${TEST_SOURCES:-$(dirname ${BASH_SOURCE})} # 5| # 6| BUILDAH_BINARY=${BUILDAH_BINARY:-$TEST_SOURCES/../bin/buildah} Error: SHELLCHECK_WARNING (CWE-670): [#def65] /usr/share/buildah/test/system/helpers.bash:12:16: warning[SC2128]: Expanding an array without an index only gives the first element. # 10| INET_BINARY=${INET_BINARY:-$TEST_SOURCES/../bin/inet} # 11| STORAGE_DRIVER=${STORAGE_DRIVER:-vfs} # 12|-> PATH=$(dirname ${BASH_SOURCE})/../bin:${PATH} # 13| OCI=${CI_DESIRED_RUNTIME:-$(${BUILDAH_BINARY} info --format '{{.host.OCIRuntime}}' || command -v runc || command -v crun)} # 14| # Default timeout for a buildah command. Error: SHELLCHECK_WARNING (CWE-156): [#def66] /usr/share/buildah/test/system/helpers.bash:26:6: warning[SC2046]: Quote this to prevent word splitting. # 24| # Prompt to display when logging buildah commands; distinguish root/rootless # 25| _LOG_PROMPT='$' # 26|-> if [ $(id -u) -eq 0 ]; then # 27| _LOG_PROMPT='#' # 28| fi Error: SHELLCHECK_WARNING (CWE-563): [#def67] /usr/share/buildah/test/system/helpers.bash:31:1: warning[SC2034]: BUDFILES appears unused. Verify use (or export if used externally). # 29| # 30| # Shortcut for directory containing Containerfiles for bud.bats # 31|-> BUDFILES=${TEST_SOURCES}/bud # 32| # 33| # Used hundreds of times throughout all the tests Error: SHELLCHECK_WARNING (CWE-563): [#def68] /usr/share/buildah/test/system/helpers.bash:34:1: warning[SC2034]: WITH_POLICY_JSON appears unused. Verify use (or export if used externally). # 32| # 33| # Used hundreds of times throughout all the tests # 34|-> WITH_POLICY_JSON="--signature-policy ${TEST_SOURCES}/policy.json" # 35| # 36| # We don't invoke gnupg directly in many places, but this avoids ENOTTY errors Error: SHELLCHECK_WARNING (CWE-252): [#def69] /usr/share/buildah/test/system/helpers.bash:46:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 44| # 45| function setup_tests() { # 46|-> pushd "$(dirname "$(readlink -f "$BASH_SOURCE")")" # 47| # 48| # $TEST_SCRATCH_DIR is a custom scratch directory for each @test, Error: SHELLCHECK_WARNING (CWE-670): [#def70] /usr/share/buildah/test/system/helpers.bash:46:38: warning[SC2128]: Expanding an array without an index only gives the first element. # 44| # 45| function setup_tests() { # 46|-> pushd "$(dirname "$(readlink -f "$BASH_SOURCE")")" # 47| # 48| # $TEST_SCRATCH_DIR is a custom scratch directory for each @test, Error: SHELLCHECK_WARNING (CWE-252): [#def71] /usr/share/buildah/test/system/helpers.bash:93:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 91| chmod 600 "$4" # 92| fi # 93|-> pushd ${2:-${TEST_SCRATCH_DIR}} > /dev/null # 94| go build -o serve ${TEST_SOURCES}/serve/serve.go # 95| portfile=$(mktemp) Error: SHELLCHECK_WARNING (CWE-563): [#def72] /usr/share/buildah/test/system/helpers.bash:124:5: warning[SC2034]: HTTP_SERVER_PORT appears unused. Verify use (or export if used externally). # 122| fi # 123| done # 124|-> HTTP_SERVER_PORT=$(cat ${portfile}) # 125| rm -f ${portfile} # 126| popd > /dev/null Error: SHELLCHECK_WARNING (CWE-252): [#def73] /usr/share/buildah/test/system/helpers.bash:126:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 124| HTTP_SERVER_PORT=$(cat ${portfile}) # 125| rm -f ${portfile} # 126|-> popd > /dev/null # 127| } # 128| Error: SHELLCHECK_WARNING (CWE-252): [#def74] /usr/share/buildah/test/system/helpers.bash:158:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 156| rm -fr ${TEST_SCRATCH_DIR} # 157| # 158|-> popd # 159| } # 160| Error: SHELLCHECK_WARNING: [#def75] /usr/share/buildah/test/system/helpers.bash:182:25: warning[SC2076]: Remove quotes from right-hand side of =~ to match as a regex rather than literally. # 180| local storage= # 181| for img in "$@"; do # 182|-> if [[ "$img" =~ '[vfs@' ]] ; then # 183| storage="$img" # 184| continue Error: SHELLCHECK_WARNING (CWE-398): [#def76] /usr/share/buildah/test/system/helpers.bash:193:20: warning[SC2115]: Use "${var:?}" to ensure this never expands to / . # 191| copy dir:$_BUILDAH_IMAGE_CACHEDIR/$fname containers-storage:"$storage""$img" # 192| else # 193|-> rm -fr $_BUILDAH_IMAGE_CACHEDIR/$fname # 194| echo "# [copy docker://$img dir:$_BUILDAH_IMAGE_CACHEDIR/$fname]" >&2 # 195| for attempt in $(seq 3) ; do Error: SHELLCHECK_WARNING (CWE-563): [#def77] /usr/share/buildah/test/system/helpers.bash:195:13: warning[SC2034]: attempt appears unused. Verify use (or export if used externally). # 193| rm -fr $_BUILDAH_IMAGE_CACHEDIR/$fname # 194| echo "# [copy docker://$img dir:$_BUILDAH_IMAGE_CACHEDIR/$fname]" >&2 # 195|-> for attempt in $(seq 3) ; do # 196| if copy $COPY_REGISTRY_OPTS docker://"$img" dir:$_BUILDAH_IMAGE_CACHEDIR/$fname ; then # 197| break Error: SHELLCHECK_WARNING (CWE-670): [#def78] /usr/share/buildah/test/system/helpers.bash:335:62: warning[SC2128]: Expanding an array without an index only gives the first element. # 333| # stdout is only emitted upon error; this echo is to help a debugger # 334| echo "${_LOG_PROMPT} $BUILDAH_BINARY $*" # 335|-> run env CONTAINERS_CONF=${CONTAINERS_CONF:-$(dirname ${BASH_SOURCE})/containers.conf} timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@" # 336| # without "quotes", multiple lines are glommed together into one # 337| if [ -n "$output" ]; then Error: SHELLCHECK_WARNING (CWE-457): [#def79] /usr/share/buildah/test/system/helpers.bash:340:15: warning[SC2154]: status is referenced but not assigned. # 338| echo "$output" # 339| fi # 340|-> if [ "$status" -ne 0 ]; then # 341| echo -n "[ rc=$status "; # 342| if [ -n "$expected_rc" ]; then Error: SHELLCHECK_WARNING (CWE-477): [#def80] /usr/share/buildah/test/system/helpers.bash:352:32: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined. # 350| fi # 351| # 352|-> if [ "$status" -eq 124 -o "$status" -eq 137 ]; then # 353| # FIXME: 'timeout -v' requires coreutils-8.29; travis seems to have # 354| # an older version. If/when travis updates, please add -v Error: SHELLCHECK_WARNING (CWE-571): [#def81] /usr/share/buildah/test/system/helpers.bash:497:15: warning[SC2155]: Declare and assign separately to avoid masking return values. # 495| local opt # 496| for opt; do # 497|-> local value=$(expr "$opt" : '[^=]*=\(.*\)') # 498| case "$opt" in # 499| --from=*) actual="$value"; shift;; Error: SHELLCHECK_WARNING (CWE-457): [#def82] /usr/share/buildah/test/system/helpers.bash:520:19: warning[SC2154]: lines is referenced but not assigned (did you mean 'line'?). # 518| local testname="${2:-${MOST_RECENT_BUILDAH_COMMAND:-[no test name given]}}" # 519| # 520|-> local actual="${#lines[@]}" # 521| if [ "$actual" -eq "$expect" ]; then # 522| return Error: SHELLCHECK_WARNING (CWE-571): [#def83] /usr/share/buildah/test/system/helpers.bash:629:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 627| ################## # 628| function is_cgroupsv2() { # 629|-> local cgroupfs_t=$(stat -f -c %T /sys/fs/cgroup) # 630| test "$cgroupfs_t" = "cgroup2fs" # 631| } Error: SHELLCHECK_WARNING (CWE-156): [#def84] /usr/share/buildah/test/system/helpers.bash:688:31: warning[SC2046]: Quote this to prevent word splitting. # 686| skip "unshare was not able to create a pid namespace" # 687| fi # 688|-> if ! unshare -U --map-users $(id -u),0,1 true ; then # 689| skip "unshare does not support --map-users" # 690| fi Error: SHELLCHECK_WARNING (CWE-563): [#def85] /usr/share/buildah/test/system/helpers.bash:716:3: warning[SC2034]: GITPORT appears unused. Verify use (or export if used externally). # 714| fi # 715| done # 716|-> GITPORT=$(cat ${TEST_SCRATCH_DIR}/git-daemon/port) # 717| } # 718| Error: SHELLCHECK_WARNING (CWE-156): [#def86] /usr/share/buildah/test/system/helpers.bash:721:10: warning[SC2046]: Quote this to prevent word splitting. # 719| function stop_git_daemon() { # 720| if test -s ${TEST_SCRATCH_DIR}/git-daemon/pid ; then # 721|-> kill $(cat ${TEST_SCRATCH_DIR}/git-daemon/pid) # 722| rm -f ${TEST_SCRATCH_DIR}/git-daemon/pid # 723| fi Error: SHELLCHECK_WARNING (CWE-156): [#def87] /usr/share/buildah/test/system/helpers.bash.t:6:3: warning[SC2046]: Quote this to prevent word splitting. # 4| # # 5| # 6|-> . $(dirname ${BASH_SOURCE})/helpers.bash # 7| # 8| INDEX=1 Error: SHELLCHECK_WARNING (CWE-670): [#def88] /usr/share/buildah/test/system/helpers.bash.t:6:13: warning[SC2128]: Expanding an array without an index only gives the first element. # 4| # # 5| # 6|-> . $(dirname ${BASH_SOURCE})/helpers.bash # 7| # 8| INDEX=1 Error: SHELLCHECK_WARNING (CWE-140): [#def89] /usr/share/buildah/test/system/inspect.bats:34:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 32| # including version. Strip it out, # 33| run_buildah --version # 34|-> local -a output_fields=($output) # 35| buildah_version=${output_fields[2]} # 36| inspect_cleaned=$(echo "$inspect_after_commit" | sed "s/io.buildah.version:${buildah_version}//g") Error: SHELLCHECK_WARNING (CWE-569): [#def90] /usr/share/buildah/test/system/lists.bats:260:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 258| @test "manifest-from-tag" { # 259| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 260|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 261| expect_output --substring $(go env GOARCH) # 262| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def91] /usr/share/buildah/test/system/lists.bats:260:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 258| @test "manifest-from-tag" { # 259| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 260|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 261| expect_output --substring $(go env GOARCH) # 262| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def92] /usr/share/buildah/test/system/lists.bats:260:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 258| @test "manifest-from-tag" { # 259| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 260|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 261| expect_output --substring $(go env GOARCH) # 262| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def93] /usr/share/buildah/test/system/lists.bats:260:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 258| @test "manifest-from-tag" { # 259| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 260|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 261| expect_output --substring $(go env GOARCH) # 262| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-398): [#def94] /usr/share/buildah/test/system/lists.bats:260:59: warning[SC1078]: Did you forget to close this single quoted string? # 258| @test "manifest-from-tag" { # 259| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 260|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 261| expect_output --substring $(go env GOARCH) # 262| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-156): [#def95] /usr/share/buildah/test/system/lists.bats:263:31: warning[SC2046]: Quote this to prevent word splitting. # 261| expect_output --substring $(go env GOARCH) # 262| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container # 263|-> expect_output --substring $(go env GOARCH) # 264| } # 265| Error: SHELLCHECK_WARNING (CWE-569): [#def96] /usr/share/buildah/test/system/lists.bats:268:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 266| @test "manifest-from-digest" { # 267| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 268|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 269| expect_output --substring $(go env GOARCH) # 270| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def97] /usr/share/buildah/test/system/lists.bats:268:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 266| @test "manifest-from-digest" { # 267| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 268|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 269| expect_output --substring $(go env GOARCH) # 270| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def98] /usr/share/buildah/test/system/lists.bats:268:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 266| @test "manifest-from-digest" { # 267| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 268|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 269| expect_output --substring $(go env GOARCH) # 270| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def99] /usr/share/buildah/test/system/lists.bats:268:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 266| @test "manifest-from-digest" { # 267| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 268|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 269| expect_output --substring $(go env GOARCH) # 270| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-398): [#def100] /usr/share/buildah/test/system/lists.bats:268:59: warning[SC1078]: Did you forget to close this single quoted string? # 266| @test "manifest-from-digest" { # 267| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 268|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 269| expect_output --substring $(go env GOARCH) # 270| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-156): [#def101] /usr/share/buildah/test/system/lists.bats:271:31: warning[SC2046]: Quote this to prevent word splitting. # 269| expect_output --substring $(go env GOARCH) # 270| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container # 271|-> expect_output --substring $(go env GOARCH) # 272| } # 273| Error: SHELLCHECK_WARNING (CWE-569): [#def102] /usr/share/buildah/test/system/lists.bats:276:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 274| @test "manifest-from-instance" { # 275| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 276|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 277| expect_output --substring arm64 # 278| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def103] /usr/share/buildah/test/system/lists.bats:276:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 274| @test "manifest-from-instance" { # 275| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 276|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 277| expect_output --substring arm64 # 278| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def104] /usr/share/buildah/test/system/lists.bats:276:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 274| @test "manifest-from-instance" { # 275| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 276|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 277| expect_output --substring arm64 # 278| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def105] /usr/share/buildah/test/system/lists.bats:276:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 274| @test "manifest-from-instance" { # 275| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 276|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 277| expect_output --substring arm64 # 278| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-398): [#def106] /usr/share/buildah/test/system/lists.bats:276:59: warning[SC1078]: Did you forget to close this single quoted string? # 274| @test "manifest-from-instance" { # 275| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 276|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 277| expect_output --substring arm64 # 278| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-156): [#def107] /usr/share/buildah/test/system/lists.bats:301:40: warning[SC2046]: Quote this to prevent word splitting. # 299| run_buildah bud --layers --iidfile ${TEST_SCRATCH_DIR}/image-id.txt ${TEST_SCRATCH_DIR}/build # 300| # Make sure we can add the new image to the list. # 301|-> run_buildah manifest add test-list $(< ${TEST_SCRATCH_DIR}/image-id.txt) # 302| } # 303| Error: SHELLCHECK_WARNING (CWE-156): [#def108] /usr/share/buildah/test/system/mkcw.bats:92:20: warning[SC2046]: Quote this to prevent word splitting. # 90| iidfile="$TEST_SCRATCH_DIR/iid" # 91| run_buildah commit --iidfile $iidfile --cw type=SEV,ignore_attestation_errors,passphrase="$passphrase" "$ctrID" # 92|-> mkcw_check_image $(< $iidfile) # 93| # 94| run_buildah commit --iidfile $iidfile --cw type=sev,ignore_attestation_errors,passphrase="$passphrase" "$ctrID" Error: SHELLCHECK_WARNING (CWE-156): [#def109] /usr/share/buildah/test/system/mkcw.bats:95:20: warning[SC2046]: Quote this to prevent word splitting. # 93| # 94| run_buildah commit --iidfile $iidfile --cw type=sev,ignore_attestation_errors,passphrase="$passphrase" "$ctrID" # 95|-> mkcw_check_image $(< $iidfile) # 96| } # 97| Error: SHELLCHECK_WARNING (CWE-156): [#def110] /usr/share/buildah/test/system/mkcw.bats:108:20: warning[SC2046]: Quote this to prevent word splitting. # 106| echo -n "mkcw build" > "$TEST_SCRATCH_DIR"/key # 107| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env # 108|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 109| # 110| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env Error: SHELLCHECK_WARNING (CWE-156): [#def111] /usr/share/buildah/test/system/mkcw.bats:111:20: warning[SC2046]: Quote this to prevent word splitting. # 109| # 110| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env # 111|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 112| # 113| # the key thing about this next bit is mixing --layers with a final Error: SHELLCHECK_WARNING (CWE-156): [#def112] /usr/share/buildah/test/system/mkcw.bats:117:20: warning[SC2046]: Quote this to prevent word splitting. # 115| echo -n "mkcw build --layers" > "$TEST_SCRATCH_DIR"/key # 116| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw build --layers" --layers -f bud/env/Dockerfile.check-env bud/env # 117|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 118| } Error: SHELLCHECK_WARNING (CWE-571): [#def113] /usr/share/buildah/test/system/namespaces.bats:88:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 86| # 87| assert "$_output_idmap" != "" "Internal error: output_idmap is empty" # 88|-> local _idmap=$(sed -E -e 's, +, ,g' -e 's,^ +,,g' <<< "${_output_idmap}") # 89| expect_output --from="$_idmap" "${_expect_idmap}" "$_testname" # 90| Error: SHELLCHECK_WARNING (CWE-156): [#def114] /usr/share/buildah/test/system/namespaces.bats:135:17: warning[SC2046]: Quote this to prevent word splitting. # 133| # Look for a name that's in both the subuid and subgid files. # 134| for candidate in $(sed -e 's,:.*,,g' /etc/subuid); do # 135|-> if test $(sed -e 's,:.*,,g' -e "/$candidate/!d" /etc/subgid) == "$candidate"; then # 136| # Read the start of the subuid/subgid ranges. Assume length=65536. # 137| userbase=$(sed -e "/^${candidate}:/!d" -e 's,^[^:]*:,,g' -e 's,:[^:]*,,g' /etc/subuid) Error: SHELLCHECK_WARNING (CWE-88): [#def115] /usr/share/buildah/test/system/namespaces.bats:323:24: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 321| # "run" doesn't have --userns option. # 322| if [ "$nsflag" != "userns" ]; then # 323|-> for different in ${types[@]} ; do # 324| # Check that, if we override it, we get what we specify for "run". # 325| run_buildah run $RUNOPTS --"$nsflag"=$different "$ctr" readlink /proc/self/ns/"$nstype" Error: SHELLCHECK_WARNING (CWE-563): [#def116] /usr/share/buildah/test/system/rm.bats:40:3: warning[SC2034]: cid1 appears unused. Verify use (or export if used externally). # 38| _prefetch alpine busybox # 39| run_buildah from $WITH_POLICY_JSON scratch # 40|-> cid1=$output # 41| run_buildah from --quiet $WITH_POLICY_JSON alpine # 42| cid2=$output Error: SHELLCHECK_WARNING (CWE-563): [#def117] /usr/share/buildah/test/system/rmi.bats:62:3: warning[SC2034]: cid1 appears unused. Verify use (or export if used externally). # 60| _prefetch alpine busybox # 61| run_buildah from $WITH_POLICY_JSON scratch # 62|-> cid1=$output # 63| run_buildah from --quiet $WITH_POLICY_JSON alpine # 64| cid2=$output Error: SHELLCHECK_WARNING (CWE-563): [#def118] /usr/share/buildah/test/system/rmi.bats:64:3: warning[SC2034]: cid2 appears unused. Verify use (or export if used externally). # 62| cid1=$output # 63| run_buildah from --quiet $WITH_POLICY_JSON alpine # 64|-> cid2=$output # 65| run_buildah from --quiet $WITH_POLICY_JSON busybox # 66| cid3=$output Error: SHELLCHECK_WARNING (CWE-563): [#def119] /usr/share/buildah/test/system/rmi.bats:66:3: warning[SC2034]: cid3 appears unused. Verify use (or export if used externally). # 64| cid2=$output # 65| run_buildah from --quiet $WITH_POLICY_JSON busybox # 66|-> cid3=$output # 67| run_buildah 125 rmi --all # 68| run_buildah images -q Error: SHELLCHECK_WARNING (CWE-156): [#def120] /usr/share/buildah/test/system/run.bats:186:7: warning[SC2046]: Quote this to prevent word splitting. # 184| skip_if_no_runtime # 185| # 186|-> eval $(go env) # 187| echo CGO_ENABLED=${CGO_ENABLED} # 188| if test "$CGO_ENABLED" -ne 1; then Error: SHELLCHECK_WARNING (CWE-569): [#def121] /usr/share/buildah/test/system/run.bats:614:5: error[SC1035]: You need a space after the [ and before the ]. # 612| # 613| rootless=0 # 614|-> if ["$(id -u)" -ne 0 ]; then # 615| rootless=1 # 616| fi Error: SHELLCHECK_WARNING (CWE-571): [#def122] /usr/share/buildah/test/system/run.bats:663:8: warning[SC2155]: Declare and assign separately to avoid masking return values. # 661| _prefetch ubuntu # 662| # 663|-> local hostname=h-$(random_string) # 664| # 665| run_buildah from --quiet --pull=false $WITH_POLICY_JSON ubuntu Error: SHELLCHECK_WARNING (CWE-398): [#def123] /usr/share/buildah/test/system/run.bats:706:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 704| cid=$output # 705| run_buildah run --network=host --hostname $hostname $cid cat /etc/hosts # 706|-> assert "$output" =~ "$ip[[:blank:]]$hostname" # 707| hostOutput=$output # 708| m=$(buildah mount $cid) Error: SHELLCHECK_WARNING (CWE-398): [#def124] /usr/share/buildah/test/system/run.bats:716:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 714| # --isolation chroot implies host networking so check for the correct hosts entry # 715| run_buildah run --isolation chroot --hostname $hostname $cid cat /etc/hosts # 716|-> assert "$output" =~ "$ip[[:blank:]]$hostname" # 717| run_buildah rm -a # 718| Error: SHELLCHECK_WARNING (CWE-571): [#def125] /usr/share/buildah/test/system/run.bats:739:8: warning[SC2155]: Declare and assign separately to avoid masking return values. # 737| cid=$output # 738| # 739|-> local hostname=h-$(random_string) # 740| ip=$(hostname -I | cut -f 1 -d " ") # 741| run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts Error: SHELLCHECK_WARNING (CWE-398): [#def126] /usr/share/buildah/test/system/run.bats:742:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 740| ip=$(hostname -I | cut -f 1 -d " ") # 741| run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts # 742|-> assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "--network pasta adds correct hostname" # 743| # FIXME we need pasta 20240814 or newer in the VMs to enable this # 744| # assert "$output" =~ "169.254.1.2[[:blank:]]host.containers.internal" "--network pasta adds correct internal entry" Error: SHELLCHECK_WARNING (CWE-398): [#def127] /usr/share/buildah/test/system/run.bats:749:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 747| echo -e "[network]\ndefault_rootless_network_cmd = \"pasta\"" > ${TEST_SCRATCH_DIR}/containers.conf # 748| CONTAINERS_CONF_OVERRIDE=${TEST_SCRATCH_DIR}/containers.conf run_buildah run --hostname $hostname $cid cat /etc/hosts # 749|-> assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "default_rootless_network_cmd = \"pasta\" works" # 750| # 751| # resolv.conf checks Error: SHELLCHECK_WARNING (CWE-457): [#def128] /usr/share/buildah/test/system/run.bats:931:9: warning[SC2154]: test is referenced but not assigned (for output from commands, use "$(test ...)" ). # 929| skip_if_root_environment # 930| if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then # 931|-> skip "$test does not work when DBUS_SESSION_BUS_ADDRESS is not defined" # 932| fi # 933| _prefetch alpine Error: SHELLCHECK_WARNING (CWE-277): [#def129] /usr/share/buildah/test/system/sign.bats:11:12: warning[SC2174]: When used with -p, -m only applies to the deepest directory. # 9| # 10| export GNUPGHOME=${TEST_SCRATCH_DIR}/.gnupg # 11|-> mkdir -p --mode=0700 $GNUPGHOME # 12| # 13| # gpg on f30 and above needs this, otherwise: Error: SHELLCHECK_WARNING (CWE-571): [#def130] /usr/share/buildah/test/system/sign.bats:53:3: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead. # 51| run_buildah push $WITH_POLICY_JSON --remove-signatures signed-alpine-image dir:${TEST_SCRATCH_DIR}/unsigned-image # 52| ls -l ${TEST_SCRATCH_DIR}/unsigned-image/ # 53|-> ! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1 # 54| # 55| run_buildah commit $WITH_POLICY_JSON $cid unsigned-alpine-image Error: SHELLCHECK_WARNING (CWE-571): [#def131] /usr/share/buildah/test/system/sign.bats:69:3: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead. # 67| run_buildah push $WITH_POLICY_JSON "$imageID" dir:${TEST_SCRATCH_DIR}/unsigned-image # 68| ls -l ${TEST_SCRATCH_DIR}/unsigned-image/ # 69|-> ! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1 # 70| # 71| # Build a manifest list and try to push the list with signatures. Error: SHELLCHECK_WARNING (CWE-563): [#def132] /usr/share/buildah/test/system/source.bats:42:3: warning[SC2034]: creatd appears unused. Verify use (or export if used externally). # 40| run jq -r .created $srcdir/blobs/sha256/$configDigest # 41| assert "$status" -eq 0 "status of jq .created on configDigest" # 42|-> creatd=$output # 43| run date --date="$output" # 44| assert "$status" -eq 0 "status of date (this should never ever fail)" Error: SHELLCHECK_WARNING (CWE-156): [#def133] /usr/share/buildah/test/system/test_buildah_authentication.sh:139:16: warning[SC2046]: Quote this to prevent word splitting. # 137| ######## # 138| buildah rm $ctrid # 139|-> buildah rmi -f $(buildah images -q) # 140| # 141| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def134] /usr/share/buildah/test/system/test_buildah_authentication.sh:205:16: warning[SC2046]: Quote this to prevent word splitting. # 203| ######## # 204| buildah rm --all # 205|-> buildah rmi -f $(buildah images -q) # 206| # 207| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def135] /usr/share/buildah/test/system/test_buildah_authentication.sh:235:14: warning[SC2046]: Quote this to prevent word splitting. # 233| rm -f ./Dockerfile # 234| rm -rf ${TESTDIR}/auth # 235|-> docker rm -f $(docker ps --all -q) # 236| docker rmi -f $(docker images -q) # 237| buildah rm $(buildah containers -q) Error: SHELLCHECK_WARNING (CWE-156): [#def136] /usr/share/buildah/test/system/test_buildah_authentication.sh:236:15: warning[SC2046]: Quote this to prevent word splitting. # 234| rm -rf ${TESTDIR}/auth # 235| docker rm -f $(docker ps --all -q) # 236|-> docker rmi -f $(docker images -q) # 237| buildah rm $(buildah containers -q) # 238| buildah rmi -f $(buildah images -q) Error: SHELLCHECK_WARNING (CWE-156): [#def137] /usr/share/buildah/test/system/test_buildah_authentication.sh:237:12: warning[SC2046]: Quote this to prevent word splitting. # 235| docker rm -f $(docker ps --all -q) # 236| docker rmi -f $(docker images -q) # 237|-> buildah rm $(buildah containers -q) # 238| buildah rmi -f $(buildah images -q) Error: SHELLCHECK_WARNING (CWE-156): [#def138] /usr/share/buildah/test/system/test_buildah_authentication.sh:238:16: warning[SC2046]: Quote this to prevent word splitting. # 236| docker rmi -f $(docker images -q) # 237| buildah rm $(buildah containers -q) # 238|-> buildah rmi -f $(buildah images -q) Error: SHELLCHECK_WARNING (CWE-252): [#def139] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:32:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. # 30| # Clone buildah from GitHub.com # 31| ######## # 32|-> cd $SBOX # 33| git clone https://github.com/containers/buildah.git # 34| cd $GITROOT Error: SHELLCHECK_WARNING (CWE-252): [#def140] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:34:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. # 32| cd $SBOX # 33| git clone https://github.com/containers/buildah.git # 34|-> cd $GITROOT # 35| # 36| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def141] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:102:12: warning[SC2046]: Quote this to prevent word splitting. # 100| # Clean up Buildah # 101| ######## # 102|-> buildah rm $(buildah containers -q) # 103| buildah rmi -f $(buildah images -q) # 104| Error: SHELLCHECK_WARNING (CWE-156): [#def142] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:103:16: warning[SC2046]: Quote this to prevent word splitting. # 101| ######## # 102| buildah rm $(buildah containers -q) # 103|-> buildah rmi -f $(buildah images -q) # 104| # 105| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def143] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:122:12: warning[SC2046]: Quote this to prevent word splitting. # 120| rm -rf ${SBOX} # 121| rm -rf ${PACKAGES} # 122|-> buildah rm $(buildah containers -q) # 123| buildah rmi -f $(buildah images -q) # 124| ${PACKAGER} remove -y buildah Error: SHELLCHECK_WARNING (CWE-156): [#def144] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:123:16: warning[SC2046]: Quote this to prevent word splitting. # 121| rm -rf ${PACKAGES} # 122| buildah rm $(buildah containers -q) # 123|-> buildah rmi -f $(buildah images -q) # 124| ${PACKAGER} remove -y buildah Error: SHELLCHECK_WARNING (CWE-670): [#def145] /usr/share/buildah/test/system/test_runner.sh:4:31: warning[SC2128]: Expanding an array without an index only gives the first element. # 2| set -e # 3| # 4|-> cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" # 5| # 6| # Default to using /var/tmp for test space, since it's more likely to support Error: SHELLCHECK_WARNING (CWE-138): [#def146] /usr/share/buildah/test/system/test_runner.sh:11:15: error[SC2145]: Argument mixes string and array. Use * or separate argument. # 9| # 10| function execute() { # 11|-> >&2 echo "++ $@" # 12| eval "$@" # 13| } Error: SHELLCHECK_WARNING: [#def147] /usr/share/buildah/test/system/test_runner.sh:12:8: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string). # 10| function execute() { # 11| >&2 echo "++ $@" # 12|-> eval "$@" # 13| } # 14| Error: SHELLCHECK_WARNING (CWE-563): [#def148] /usr/share/buildah/test/system/tools/vendor/github.com/golangci/misspell/install-misspell.sh:338:1: warning[SC2034]: PROJECT_NAME appears unused. Verify use (or export if used externally). # 336| EOF # 337| # 338|-> PROJECT_NAME="misspell" # 339| OWNER=golangci # 340| REPO="misspell" Error: SHELLCHECK_WARNING (CWE-829): [#def149] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/benchmark.sh:8:6: warning[SC2092]: Remove backticks to avoid executing output (or use eval if intentional). # 6| reference_git=${2:-.} # 7| # 8|-> if ! `hash benchstat 2>/dev/null`; then # 9| echo "Installing benchstat" # 10| go get golang.org/x/perf/cmd/benchstat Error: SHELLCHECK_WARNING (CWE-252): [#def150] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:78:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 76| fi # 77| # 78|-> pushd "$dir" # 79| go test -covermode=atomic -coverpkg=./... -coverprofile=coverage.out.tmp ./... # 80| grep -Ev '(fuzz|testsuite|tomltestgen|gotoml-test-decoder|gotoml-test-encoder)' coverage.out.tmp > coverage.out Error: SHELLCHECK_WARNING (CWE-252): [#def151] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:83:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 81| go tool cover -func=coverage.out # 82| echo "Coverage profile for ${branch}: ${dir}/coverage.out" >&2 # 83|-> popd # 84| # 85| if [ "${branch}" != "HEAD" ]; then Error: SHELLCHECK_WARNING (CWE-252): [#def152] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:147:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 145| fi # 146| # 147|-> pushd "$dir" # 148| # 149| if [ "${replace}" != "" ]; then Error: SHELLCHECK_WARNING (CWE-252): [#def153] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:156:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 154| export GOMAXPROCS=2 # 155| go test '-bench=^Benchmark(Un)?[mM]arshal' -count=10 -run=Nothing ./... | tee "${out}" # 156|-> popd # 157| # 158| if [ "${branch}" != "HEAD" ]; then Error: SHELLCHECK_WARNING (CWE-156): [#def154] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:277:23: warning[SC2046]: Quote this to prevent word splitting. # 275| esac # 276| # 277|-> bench "${1-HEAD}" `mktemp` # 278| } # 279| Error: SHELLCHECK_WARNING (CWE-88): [#def155] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:281:31: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 279| # 280| case "$1" in # 281|-> coverage) shift; coverage $@;; # 282| benchmark) shift; benchmark $@;; # 283| *) usage "bad argument $1";; Error: SHELLCHECK_WARNING (CWE-88): [#def156] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:282:33: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 280| case "$1" in # 281| coverage) shift; coverage $@;; # 282|-> benchmark) shift; benchmark $@;; # 283| *) usage "bad argument $1";; # 284| esac Error: SHELLCHECK_WARNING (CWE-569): [#def157] /usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/entrypoint.sh:11:12: warning[SC2048]: Use "${array[@]}" (with quotes) to prevent whitespace problems. # 9| fi # 10| # 11|-> /bin/gosec ${ARGS[*]} Error: SHELLCHECK_WARNING (CWE-563): [#def158] /usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/install.sh:340:1: warning[SC2034]: BINARY appears unused. Verify use (or export if used externally). # 338| OWNER=securego # 339| REPO="gosec" # 340|-> BINARY=gosec # 341| FORMAT=tar.gz # 342| OS=$(uname_os) Error: SHELLCHECK_WARNING: [#def159] /usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/perf-diff.sh:34:7: warning[SC1014]: Use 'if cmd; then ..' to check exit code, or 'if [[ $(cmd) == .. ]]' to check output. # 32| # Compute the difference of the execution time. # 33| diff=$(($duration - $duration_master)) # 34|-> if [[ diff -lt 0 ]]; then # 35| diff=$(($diff * -1)) # 36| fi Error: SHELLCHECK_WARNING (CWE-156): [#def160] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:53:47: warning[SC2046]: Quote this to prevent word splitting. # 51| # Files generated through docker (use $cmd so you can Ctl-C the build or run) # 52| $cmd docker build --tag generate:$GOOS $GOOS # 53|-> $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && pwd):/build generate:$GOOS # 54| exit # 55| fi Error: SHELLCHECK_WARNING (CWE-569): [#def161] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:1: warning[SC2221]: This pattern always overrides a later one on line 59. # 57| GOOSARCH_in=syscall_$GOOSARCH.go # 58| case "$GOOSARCH" in # 59|-> _* | *_ | _) # 60| echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2 # 61| exit 1 Error: SHELLCHECK_WARNING (CWE-569): [#def162] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:6: warning[SC2221]: This pattern always overrides a later one on line 59. # 57| GOOSARCH_in=syscall_$GOOSARCH.go # 58| case "$GOOSARCH" in # 59|-> _* | *_ | _) # 60| echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2 # 61| exit 1 Error: SHELLCHECK_WARNING (CWE-569): [#def163] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:11: warning[SC2222]: This pattern never matches because of a previous pattern on line 59. # 57| GOOSARCH_in=syscall_$GOOSARCH.go # 58| case "$GOOSARCH" in # 59|-> _* | *_ | _) # 60| echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2 # 61| exit 1 Error: SHELLCHECK_WARNING (CWE-149): [#def164] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:234:125: warning[SC2027]: The surrounding quotes actually unquote this. Remove or escape them. # 232| if [ "$GOOSARCH" == "aix_ppc64" ]; then # 233| # aix/ppc64 script generates files instead of writing to stdin. # 234|-> echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ; # 235| elif [ "$GOOS" == "illumos" ]; then # 236| # illumos code generation requires a --illumos switch Error: SHELLCHECK_WARNING (CWE-149): [#def165] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:234:167: warning[SC2027]: The surrounding quotes actually unquote this. Remove or escape them. # 232| if [ "$GOOSARCH" == "aix_ppc64" ]; then # 233| # aix/ppc64 script generates files instead of writing to stdin. # 234|-> echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ; # 235| elif [ "$GOOS" == "illumos" ]; then # 236| # illumos code generation requires a --illumos switch Error: SHELLCHECK_WARNING (CWE-563): [#def166] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:37:1: warning[SC2034]: uname appears unused. Verify use (or export if used externally). # 35| fi # 36| # 37|-> uname=$(uname) # 38| # 39| includes_AIX=' Error: SHELLCHECK_WARNING (CWE-563): [#def167] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:39:1: warning[SC2034]: includes_AIX appears unused. Verify use (or export if used externally). # 37| uname=$(uname) # 38| # 39|-> includes_AIX=' # 40| #include <net/if.h> # 41| #include <net/netopt.h> Error: SHELLCHECK_WARNING (CWE-563): [#def168] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:55:1: warning[SC2034]: includes_Darwin appears unused. Verify use (or export if used externally). # 53| ' # 54| # 55|-> includes_Darwin=' # 56| #define _DARWIN_C_SOURCE # 57| #define KERNEL 1 Error: SHELLCHECK_WARNING (CWE-563): [#def169] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:93:1: warning[SC2034]: includes_DragonFly appears unused. Verify use (or export if used externally). # 91| ' # 92| # 93|-> includes_DragonFly=' # 94| #include <sys/types.h> # 95| #include <sys/event.h> Error: SHELLCHECK_WARNING (CWE-563): [#def170] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:116:1: warning[SC2034]: includes_FreeBSD appears unused. Verify use (or export if used externally). # 114| ' # 115| # 116|-> includes_FreeBSD=' # 117| #include <sys/capsicum.h> # 118| #include <sys/param.h> Error: SHELLCHECK_WARNING (CWE-563): [#def171] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:153:1: warning[SC2034]: includes_Linux appears unused. Verify use (or export if used externally). # 151| ' # 152| # 153|-> includes_Linux=' # 154| #define _LARGEFILE_SOURCE # 155| #define _LARGEFILE64_SOURCE Error: SHELLCHECK_WARNING (CWE-563): [#def172] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:343:1: warning[SC2034]: includes_NetBSD appears unused. Verify use (or export if used externally). # 341| ' # 342| # 343|-> includes_NetBSD=' # 344| #include <sys/types.h> # 345| #include <sys/param.h> Error: SHELLCHECK_WARNING (CWE-563): [#def173] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:372:1: warning[SC2034]: includes_OpenBSD appears unused. Verify use (or export if used externally). # 370| ' # 371| # 372|-> includes_OpenBSD=' # 373| #include <sys/types.h> # 374| #include <sys/param.h> Error: SHELLCHECK_WARNING (CWE-563): [#def174] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:413:1: warning[SC2034]: includes_SunOS appears unused. Verify use (or export if used externally). # 411| ' # 412| # 413|-> includes_SunOS=' # 414| #include <limits.h> # 415| #include <sys/types.h> Error: SHELLCHECK_WARNING (CWE-569): [#def175] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:454:9: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 452| #include <time.h> # 453| ' # 454|-> ccflags="$@" # 455| # 456| # Write go tool cgo -godefs input. Error: SHELLCHECK_WARNING (CWE-571): [#def176] /usr/share/buildah/test/system/tutorial.bats:18:2: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead. # 16| echo "build output:" # 17| echo "${output}" # 18|-> ! grep -q init.scope <<< "$buildoutput" # 19| run sed -e '0,/^CUT START/d' -e '/^CUT END/,//d' <<< "$buildoutput" # 20| # should've found a /sys/fs/cgroup with stuff in it Error: SHELLCHECK_WARNING (CWE-153): [#def177] /usr/share/buildah/test/system/validate/pr-should-include-tests.t:63:25: warning[SC2053]: Quote the right-hand side of != in [[ ]] to prevent glob matching. # 61| local actual_rc=$? # 62| # 63|-> if [[ $actual_rc != $expected_rc ]]; then # 64| echo "not ok $testnum $testname" # 65| echo "# expected rc $expected_rc" Error: SHELLCHECK_WARNING (CWE-571): [#def178] /usr/share/buildah/test/system/validate/pr-should-include-tests.t:120:12: warning[SC2155]: Declare and assign separately to avoid masking return values. # 118| export GITVALIDATE_EPOCH=$parent_sha # 119| export CIRRUS_CHANGE_IN_REPO=$commit_sha # 120|-> export CIRRUS_CHANGE_TITLE=$(git log -1 --format=%s $commit_sha) # 121| export CIRRUS_CHANGE_MESSAGE= # 122| export CIRRUS_PR=$pr Error: GCC_ANALYZER_WARNING (CWE-775): [#def179] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:118:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’ # 116| new_size = used + BUFSTEP; # 117| new_buf = realloc(buf, new_size); # 118|-> if (new_buf == NULL) { # 119| free(buf); # 120| fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def180] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’ # 123| buf = new_buf; # 124| size = new_size; # 125|-> memset(buf + used, '\0', size - used); # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def181] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’ # 123| buf = new_buf; # 124| size = new_size; # 125|-> memset(buf + used, '\0', size - used); # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def182] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { # 128|-> fprintf(stderr, "read(): %m\n"); # 129| return NULL; # 130| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def183] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { # 128|-> fprintf(stderr, "read(): %m\n"); # 129| return NULL; # 130| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def184] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 152| } # 153| } # 154|-> ret[i] = NULL; # 155| return ret; # 156| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def185] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 152| } # 153| } # 154|-> ret[i] = NULL; # 155| return ret; # 156| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def186] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:291:12: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/containers/storage/pkg/unshare/unshare.c:18: included_from: Included from here. # 289| return fd; # 290| # 291|-> if (fexecve(fd, argv, environ) == -1) { # 292| close(fd); # 293| fprintf(stderr, "Error during reexec(...): %m\n"); Error: COMPILER_WARNING (CWE-1164): [#def187] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/mattn/go-sqlite3/sqlite3.go:85:1: warning[-Wunused-function]: ‘_sqlite3_exec’ defined but not used # 85 | _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes) # | ^~~~~~~~~~~~~ # 83| # 84| static int # 85|-> _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes) # 86| { # 87| int rv = sqlite3_exec(db, pcmd, 0, 0, 0); Error: GCC_ANALYZER_WARNING (CWE-476): [#def188] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New' buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c' # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-476): [#def189] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’ # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-401): [#def190] buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’ buildah-1.37.0-build/buildah-1.37.0/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’ # 314| continue; # 315| } # 316|-> temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE)); # 317| } # 318| return c->sym->C_GetAttributeValue(session, object, temp, templen);
analyzer-version-clippy | 1.82.0 |
analyzer-version-cppcheck | 2.16.0 |
analyzer-version-gcc | 14.2.1 |
analyzer-version-gcc-analyzer | 14.2.1 |
analyzer-version-shellcheck | 0.10.0 |
analyzer-version-unicontrol | 0.0.2 |
enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
exit-code | 0 |
host | ip-172-16-1-254.us-west-2.compute.internal |
mock-config | fedora-rawhide-x86_64 |
project-name | buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf |
store-results-to | /tmp/tmpmk0mxqqv/buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf.tar.xz |
time-created | 2024-11-08 16:50:53 |
time-finished | 2024-11-08 17:03:55 |
tool | csmock |
tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpmk0mxqqv/buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmpmk0mxqqv/buildah-1.37.0-1.20241108162027564111.main.210.g7db27d2bf.src.rpm' |
tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |