facebook pixelShell Static Analysis Rules
BACK TO LIST

Shell rules

Bash, zsh, ksh: regardless what Shell you use, Codiga got you covered. With hundreds of rules, the Codiga Static Engine checks for any issue in your shell script and surfaces issues in your Shell codebase.

1001

Error prone
Medium

This \\N will be a regular 'N' in this context.

1003

Error prone
Medium

Want to escape a single quote? echo 'This is how it'\\''s done'.

1004

Error prone
Medium

This backslash+linefeed is literal. Break outside single quotes if you just want to break the line.

1007

Error prone
High

Remove space after = if trying to assign a value (for empty string

1008

Code style
Minor

This shebang was unrecognized. Note that ShellCheck only handles sh/bash/dash/ksh.

1009

Error prone
Medium

The mentioned syntax error was in this elif clause.

1010

Error prone
High

Use semicolon or linefeed before 'fi' (or quote to make it literal).

1012

Error prone
High

\\r is just literal 'r' here. For carriage return

1014

Error prone
High

Use 'if cmd; then ..' to check exit code

1017

Error prone
Critical

Literal carriage return. Run script through tr -d '\\r' .

1018

Error prone
Critical

This is a unicode non-breaking space. Delete and retype it.

1019

Error prone
Critical

Expected this to be an argument to the unary condition.

Learn more

1020

Error prone
Critical

You need a space before the ]].

1035

Error prone
Critical

You are missing a required space after the !.

1036

Error prone
Critical

(' is invalid here. Did you forget to escape it?

1046

Error prone
Critical

Couldn't find 'fi' for this 'if'.

1047

Error prone
Critical

Expected 'fi' matching previously mentioned 'if'.

1048

Error prone
Critical

Can't have empty else clauses (use 'true' as a no-op).

1049

Error prone
Critical

Did you forget the 'then' for this 'if'?

1050

Error prone
Critical

Expected 'then'.

1054

Error prone
Critical

You need a space after the '{'.

1055

Error prone
Critical

You need at least one command here. Use 'true;' as a no-op.

1056

Error prone
Critical

Expected a '}'. If you have one

1058

Error prone
Critical

Expected 'do'.

1061

Error prone
Critical

Couldn't find 'done' for this 'do'.

1062

Error prone
Critical

Expected 'done' matching previously mentioned 'do'.

1064

Error prone
Critical

Expected a { to open the function definition.

1065

Error prone
Critical

Trying to declare parameters? Don't. Use () and refer to params as $1

1066

Error prone
Critical

Don't use $ on the left side of assignments.

1068

Code style
Minor

Don't put spaces around the = in assignments (or quote to make it literal).

1070

Error prone
Critical

Parsing stopped here. Mismatched keywords or invalid parentheses?

1071

Error prone
Critical

ShellCheck only supports sh/bash/dash/ksh scripts. Sorry!

1072

Error prone
Critical

Expected 'then'. Fix any mentioned problems and try again.

1073

Error prone
Critical

Couldn't parse this escaped char. Fix to allow more checks.

1075

Error prone
Critical

Use 'elif' instead of 'else if' (or put 'if' on new line if nesting).

1078

Error prone
High

Did you forget to close this double quoted string?

1079

Error prone
Medium

This is actually an end quote

1080

Error prone
Critical

You need \\ before line feeds to break lines in [ ].

1082

Error prone
Critical

This file has a UTF-8 BOM. Remove it with: LC\_CTYPE=C sed '1s/^...//' < yourscript .

1083

Code style
Minor

This } is literal. Check expression (missing ;/\\n?) or quote it.

1084

Error prone
Critical

Use #! and not !# for shebang

1086

Error prone
Critical

Don't use $ on the iterator name in for loops.

1087

Code style
Minor

Use braces when expanding arrays

1088

Error prone
Critical

Parsing stopped here. Invalid use of parentheses?

1089

Error prone
Critical

Parsing stopped here. Is this keyword correctly matched up?

1090

Code style
Minor

Can't follow non-constant source. Use a directive to specify location.

1091

Error prone
Medium

Not following: /etc/os-release was not specified as input (see shellcheck -x).

1095

Error prone
Critical

You need a space or linefeed between the function name and body.

1097

Code style
Minor

Unexpected ==. For assignment

1099

Best practice
Critical

You need a space before the #.

1101

Error prone
Critical

Delete trailing spaces after \\ to break line (or use quotes for literal space).

1102

Error prone
High

Shells disambiguate $(( differently or not at all. For $(command substition)

1104

Error prone
Critical

Use #! and not ! for shebang

1105

Error prone
High

Shells disambiguate (( differently or not at all. For subshell

1110

Error prone
High

This is a unicode quote. Delete and retype it (or quote to make literal).

1111

Error prone
High

This is a unicode quote. Delete and retype it (or ignore/singlequote for literal).

1113

Error prone
Critical

Use #! for the shebang

1114

Code style
Minor

Remove leading spaces before the shebang.

1115

Error prone
Critical

Remove spaces between # and ! in the shebang.

1116

Error prone
Critical

Missing $ on a $((..)) expression? (or use ( ( for arrays).

1117

Code style
Minor

Backslash is literal in \\’". Prefer explicit escaping: "\\\\’"."

1119

Error prone
Critical

Add a linefeed between end token and terminating ')'.

1126

Error prone
Critical

Place shellcheck directives before commands

1127

Error prone
Critical

Was this intended as a comment? Use # in sh.

1128

Error prone
Critical

The shebang must be on the first line. Delete blanks and move comments.

2000

Best practice
Minor

See if you can use ${#variable} instead.

2001

Code style
Minor

See if you can use ${variable//search/replace} instead.

2002

Code style
Minor

Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.

2003

Best practice
Minor

expr is antiquated. Consider rewriting this using $((..))

2004

Code style
Minor

$/${} is unnecessary on arithmetic variables.

2005

Code style
Minor

Useless echo? Instead of 'echo $(cmd)'

2006

Best practice
Minor

Use $(...) notation instead of legacy backticked `...`.

2007

Code style
Minor

Use $((..)) instead of deprecated $[..]

2009

Error prone
Medium

Consider using pgrep instead of grepping ps output.

2010

Error prone
High

Don't use ls | grep. Use a glob or a for loop with a condition to allow non-alphanumeric filenames.

2011

Error prone
High

Use 'find .. -print0 | xargs -0 ..' or 'find .. -exec .. +' to allow non-alphanumeric filenames.

2012

Code style
Minor

Use find instead of ls to better handle non-alphanumeric filenames.

2013

Code style
Minor

To read lines rather than words

2014

Error prone
Medium

This will expand once before find runs

2015

Error prone
Medium

Note that A && B || C is not if-then-else. C may run when A is true.

2016

Code style
Minor

Expressions don't expand in single quotes

2017

Error prone
Medium

Increase precision by replacing a/b*c with a*c/b.

2018

Error prone
Medium

Use '[:lower:]' to support accents and foreign alphabets.

2019

Error prone
Medium

Use '[:upper:]' to support accents and foreign alphabets.

2020

Error prone
Medium

tr replaces sets of chars

2021

Error prone
Medium

Don't use [] around classes in tr

2022

Error prone
Medium

Note that unlike globs

2023

Error prone
Medium

The shell may override 'time' as seen in man time(1). Use 'command time ..' for that one.

2024

Error prone
High

sudo doesn't affect redirects. Use sudo cat file | ..

2026

Error prone
Medium

This word is outside of quotes. Did you intend to 'nest ''single quotes'"' instead'? "

2027

Error prone
High

The surrounding quotes actually unquote this. Remove or escape them.

2028

Error prone
Medium

echo won't expand escape sequences. Consider printf.

2029

Error prone
Medium

Expansion on the client side

2030

Error prone
Medium

Modification of RSYSLOG\_VERSION is local (to subshell caused by pipeline).

2031

Error prone
Medium

RSYSLOG\_VERSION was modified in a subshell. That change might be lost.

2032

Error prone
Medium

Use own script or sh -c '..' to run this from sudo.

2033

Error prone
High

Shell functions can't be passed to external commands.

2034

Code style
Minor

START\_OF\_ROOT\_PARTITION appears unused. Verify use (or export if used externally).

2035

Code style
Minor

Use ./*glob* or -- *glob* so names with dashes won't become options.

2036

Error prone
High

If you wanted to assign the output of the pipeline

2038

Code style
Minor

Use -print0/-0 or -exec + to allow for non-alphanumeric filenames.

2039

Code style
Minor

Undefined keyword for POSIX sh

2043

Code style
Minor

This loop will only ever run once for a constant value. Did you perhaps mean to loop over dir/*

2044

Code style
Minor

For loops over find output are fragile. Use find -exec or a while read loop.

2045

Code style
Minor

Iterating over ls output is fragile. Use globs.

2046

Safety
High

Quote this to prevent word splitting.

2048

Code style
Minor

Use $@" (with quotes) to prevent whitespace problems."

2049

Error prone
High

"=~ is for regex, but this looks like a glob. Use = instead."

2050

Error prone
High

This expression is constant. Did you forget the $ on a variable?

2053

Code style
Minor

Quote the right-hand side of != in [[ ]] to prevent glob matching.

2059

Code style
Minor

Don't use variables in the printf format string. Use printf ..\%s.." "$foo"."

2060

Error prone
High

Quote parameters to tr to prevent glob expansion.

2061

Code style
Minor

Quote the parameter to -iname so the shell won't interpret it.

2062

Error prone
High

Quote the grep pattern so the shell won't interpret it.

2063

Error prone
High

Grep uses regex

2064

Code style
Minor

Use single quotes

2066

Error prone
Critical

Since you double quoted this

2067

Error prone
Critical

Missing ';' or + terminating -exec. You can't use |/||/&&

2068

Code style
Minor

Double quote array expansions to avoid re-splitting elements.

2069

Error prone
High

To redirect stdout+stderr

2070

Error prone
Critical

-n doesn't work with unquoted arguments. Quote or use [[ ]].

2071

Code style
Minor

> is for string comparisons. Use -gt instead.

2072

Error prone
Critical

Decimals are not supported. Either use integers only

2076

Error prone
Critical

Don't quote rhs of =~

2077

Error prone
Critical

You need spaces around the comparison operator.

2078

Error prone
Critical

This expression is constant. Did you forget a $ somewhere?

2081

Error prone
Critical

[ .. ] can't match globs. Use [[ .. ]] or case statement.

2082

Error prone
Critical

To expand via indirection

2086

Safety
High

Double quote to prevent globbing and word splitting.

2087

Error prone
High

Quote 'VS\_CMDS' to make here document expansions happen on the server side rather than on the client.

2088

Error prone
High

Tilde does not expand in quotes. Use $HOME.

2089

Code style
Minor

Quotes/backslashes will be treated literally. Use an array.

2090

Code style
Minor

Quotes/backslashes in this variable will not be respected.

2091

Code style
Minor

Remove surrounding $() to avoid executing output.

2092

Error prone
High

Remove backticks to avoid executing output.

2093

Error prone
High

Remove exec " if script should continue after this command."

2094

Code style
Minor

Make sure not to read and write the same file in the same pipeline.

2096

Error prone
Critical

On most OS, shebangs can only specify a single parameter

2097

Error prone
High

This assignment is only seen by the forked process.

2098

Error prone
High

This expansion will not see the mentioned assignment.

2100

Error prone
High

Use $((..)) for arithmetics

2102

Error prone
Medium

Ranges can only match single chars (mentioned due to duplicates).

2103

Code style
Minor

Use a ( subshell ) to avoid having to cd back.

2104

Error prone
Critical

In functions, use return instead of break

2105

Error prone
Critical

continue is only valid in loops.

2112

Code style
Minor

function' keyword is non-standard. Delete it.

2113

Error prone
High

function' keyword is non-standard. Use 'foo()' instead of 'function foo'.

2115

Error prone
High

Use ${var:?}" to ensure this never expands to /usr ."

2116

Code style
Minor

Useless echo? Instead of 'cmd $(echo foo)'

2119

Code style
Minor

Use start\_mysql $@" if function's $1 should mean script's $1."

2120

Code style
Minor

A function references arguments but no argument is passed

2121

Code style
Minor

To assign a variable, do not use set

2124

Error prone
High

Assigning an array to a string! Assign as array

2125

Error prone
High

Brace expansions and globs are literal in assignments. Quote it or use an array.

2126

Error prone
Minor

Consider using grep -c instead of grep|wc -l.

2128

Code style
Minor

Expanding an array without an index only gives the first element.

2129

Code style
Minor

Consider using { cmd1; cmd2; } >> file instead of individual redirects.

2139

Error prone
High

This expands when defined

2140

Code style
Minor

Word is of the form A"B"C" (B indicated). Did you mean "ABC" or "A\\"B\\"C"?"

2142

Error prone
Critical

Aliases can't use positional parameters. Use a function.

2143

Error prone
Minor

Use egrep -q instead of comparing output with [ -n .. ].

2144

Error prone
Critical

-e doesn't work with globs. Use a for loop.

2145

Code style
Minor

Argument mixes string and array. Use * or separate argument.

2146

Error prone
High

This action ignores everything before the -o. Use \\( \\) to group.

2148

Code style
Minor

Tips depend on target shell and yours is unknown. Add a shebang.

2152

Error prone
Critical

Can only return 0-255. Other data should be written to stdout.

2153

Code style
Minor

Possible misspelling: FGREP may not be assigned

2154

Code style
Minor

xtra is referenced but not assigned.

2155

Code style
Minor

Declare and assign separately to avoid masking return values.

2156

Error prone
High

Injecting filenames is fragile and insecure. Use parameters.

2157

Error prone
Critical

Argument to -z is always false due to literal strings.

2160

Error prone
Minor

Instead of '[ true ]', just use 'true'

2161

Error prone
Minor

Instead of '[ 1 ]', just use '1'

2162

Code style
Minor

read without -r will mangle backslashes.

2163

Code style
Minor

This does not export 'atom\_env\_pair'. Remove $/${} for that

2164

Code style
Minor

Use 'cd ... || exit' or 'cd ... || return' in case cd fails.

2165

Error prone
High

This nested loop overrides the index variable of its parent.

2166

Error prone
Medium

Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.

2167

Error prone
High

This parent loop has its index variable overridden.

2168

Error prone
Critical

local' is only valid in functions.

2169

Error prone
High

Not supported in dash

2171

Error prone
High

Found trailing ] outside test. Missing [?

2172

Error prone
High

Trapping signals by number is not well defined. Prefer signal names.

2173

Error prone
Critical

SIGKILL/SIGSTOP can not be trapped.

2174

Error prone
High

When used with -p

2175

Error prone
Minor

Quote this invalid brace expansion since it should be passed literally to eval.

2176

Error prone
High

time' is undefined for pipelines. time single stage or bash -c instead.

2178

Error prone
High

Variable was used as an array but is now assigned a string.

2179

Error prone
High

Use array+=(item") to append items to an array."

2181

Code style
Minor

Check exit code directly with e.g. 'if mycmd;'

2183

Error prone
High

This format string has 1 variables

2184

Error prone
High

Quote arguments to unset so they're not glob expanded.

2185

Code style
Minor

Some finds don't have a default path. Specify '.' explicitly.

2186

Code style
Minor

tempfile is deprecated. Use mktemp instead.

2187

Error prone
High

Ash scripts will be checked as Dash. Add '# shellcheck shell=dash' to silence.

2188

Error prone
High

This redirection doesn't have a command. Move to its command (or use 'true' as no-op).

2190

Error prone
High

Elements in associative arrays need index

2191

Code style
Minor

The = here is literal. To assign by index

2193

Error prone
High

The arguments to this comparison can never be equal. Make sure your syntax is correct.

2194

Error prone
High

This word is constant. Did you forget the $ on a variable?

2195

Error prone
High

This pattern will never match the case statement's word. Double check them.

2196

Best practice
Minor

egrep is non-standard and deprecated. Use grep -E instead.

2197

Error prone
Medium

fgrep is non-standard and deprecated. Use grep -F instead.

2198

Code style
Minor

Arrays don't work as operands in [ ]. Use a loop (or concatenate with * instead of @).

2199

Error prone
Critical

Arrays implicitly concatenate in [[ ]]. Use a loop (or explicit * instead of @).

2203

Error prone
Critical

Globs are ignored in [[ ]] except right of =/!=. Use a loop.

2206

Code style
Minor

Quote to prevent word splitting/globbing

2207

Code style
Minor

Prefer mapfile or read -a to split command output (or quote to avoid splitting).

2209

Code style
Minor

Use var=$(command) to assign output (or quote to assign string).

2210

Error prone
High

This is a file redirection. Was it supposed to be a comparison or fd operation?

2211

Error prone
High

This is a glob used as a command name. Was it supposed to be in ${..}

2213

Error prone
High

getopts specified -v

2214

Error prone
High

This case is not specified by getopts.

2215

Error prone
High

This flag is used as a command name. Bad line break or missing [ .. ]?

2216

Error prone
High

Piping to 'rm', a command that doesn't read stdin. Wrong command or missing xargs?

2217

Error prone
High

Redirecting to 'true'

2219

Code style
Minor

Instead of 'let expr'

2220

Error prone
High

Invalid flags are not handled. Add a *) case.

2221

Error prone
High

This pattern always overrides a later one.

2222

Error prone
High

This pattern never matches because of a previous pattern.

2223

Code style
Minor

This default assignment may cause DoS due to globbing. Quote it.

2225

Error prone
Critical

This cp has no destination. Check the arguments.

2226

Error prone
High

This ln has no destination. Check the arguments

2230

Code style
Minor

which is a non-standard tool. Use builtin 'command -v' instead.

2231

Code style
Minor

Quote expansions in this for loop glob to prevent wordsplitting

2232

Error prone
High

Can't use sudo with builtins like cd. Did you want sudo sh -c .. instead?

2233

Error prone
Minor

Remove superfluous (..) around condition.

2234

Error prone
Minor

Remove superfluous (..) around test command.

2235

Error prone
Minor

Use { ..; } instead of (..) to avoid subshell overhead.

2236

Error prone
Minor

Use -n instead of ! -z.

2237

Error prone
Minor

Use [ -n .. ] instead of ! [ -z .. ].

2242

Error prone
Critical

Can only exit with status 0-255. Other data should be written to stdout/stderr.

2239

Best practice
High

Ensure the shebang uses an absolute path to the interpreter

2254

Best practice
Medium

Quote expansions in case patterns to match literally rather than as a glob

2057

Error prone
High

Detect unknown binary operator

1133

Code style
Medium

Unexpected start of line. If breaking lines, |/||/&& should be at the end of the previous one.

1112

Error prone
Medium

This is a unicode quote. Delete and retype it (or ignore/doublequote for literal).

2041

Best practice
High

To run as a command, use $(..) instead of '..'

2218

Error prone
Medium

This function is only defined later. Move the definition up.

2238

Best practice
Medium

Redirecting to/from command name instead of file. Did you want pipes/xargs (or quote to ignore)?

2229

Error prone
Medium

This does not read foo. Remove $/${} for that, or use ${var?} to quiet

2065

Error prone
Medium

This is interpreted as a shell file redirection, not a comparison

2246

Error prone
Critical

This shebang specifies a directory. Ensure the interpreter is a file

1039

Code style
Minor

Remove indentation before end token

1108

Code style
High

You need a space before and after the =

2107

Best practice
High

Instead of [ a && b ], use [ a ] && [ b ]

1130

Code style
Medium

Need a space before :

2227

Error prone
Medium

Redirection applies to the find command itself.

2170

Error prone
Medium

Invalid number for -eq. Use = to compare as string