facebook pixelShell Static Analysis Rules
BACK TO LIST

Shell rules

Bash, zsh, ksh: regardless what Shell you use, Codiga got you covered. With hundreds of rules, the Codiga Static Engine checks for any issue in your shell script and surfaces issues in your Shell codebase.

      1001

      Error prone
      Medium

      This \\N will be a regular 'N' in this context.

      1003

      Error prone
      Medium

      Want to escape a single quote? echo 'This is how it'\\''s done'.

      1004

      Error prone
      Medium

      This backslash+linefeed is literal. Break outside single quotes if you just want to break the line.

      1007

      Error prone
      High

      Remove space after = if trying to assign a value (for empty string

      1008

      Code style
      Minor

      This shebang was unrecognized. Note that ShellCheck only handles sh/bash/dash/ksh.

      1009

      Error prone
      Medium

      The mentioned syntax error was in this elif clause.

      1010

      Error prone
      High

      Use semicolon or linefeed before 'fi' (or quote to make it literal).

      1012

      Error prone
      High

      \\r is just literal 'r' here. For carriage return

      1014

      Error prone
      High

      Use 'if cmd; then ..' to check exit code

      1017

      Error prone
      Critical

      Literal carriage return. Run script through tr -d '\\r' .

      1018

      Error prone
      Critical

      This is a unicode non-breaking space. Delete and retype it.

      1019

      Error prone
      Critical

      Expected this to be an argument to the unary condition.

      Learn more

      1020

      Error prone
      Critical

      You need a space before the ]].

      1035

      Error prone
      Critical

      You are missing a required space after the !.

      1036

      Error prone
      Critical

      (' is invalid here. Did you forget to escape it?

      1046

      Error prone
      Critical

      Couldn't find 'fi' for this 'if'.

      1047

      Error prone
      Critical

      Expected 'fi' matching previously mentioned 'if'.

      1048

      Error prone
      Critical

      Can't have empty else clauses (use 'true' as a no-op).

      1049

      Error prone
      Critical

      Did you forget the 'then' for this 'if'?

      1050

      Error prone
      Critical

      Expected 'then'.

      1054

      Error prone
      Critical

      You need a space after the '{'.

      1055

      Error prone
      Critical

      You need at least one command here. Use 'true;' as a no-op.

      1056

      Error prone
      Critical

      Expected a '}'. If you have one

      1058

      Error prone
      Critical

      Expected 'do'.

      1061

      Error prone
      Critical

      Couldn't find 'done' for this 'do'.

      1062

      Error prone
      Critical

      Expected 'done' matching previously mentioned 'do'.

      1064

      Error prone
      Critical

      Expected a { to open the function definition.

      1065

      Error prone
      Critical

      Trying to declare parameters? Don't. Use () and refer to params as $1

      1066

      Error prone
      Critical

      Don't use $ on the left side of assignments.

      1068

      Code style
      Minor

      Don't put spaces around the = in assignments (or quote to make it literal).

      1070

      Error prone
      Critical

      Parsing stopped here. Mismatched keywords or invalid parentheses?

      1071

      Error prone
      Critical

      ShellCheck only supports sh/bash/dash/ksh scripts. Sorry!

      1072

      Error prone
      Critical

      Expected 'then'. Fix any mentioned problems and try again.

      1073

      Error prone
      Critical

      Couldn't parse this escaped char. Fix to allow more checks.

      1075

      Error prone
      Critical

      Use 'elif' instead of 'else if' (or put 'if' on new line if nesting).

      1078

      Error prone
      High

      Did you forget to close this double quoted string?

      1079

      Error prone
      Medium

      This is actually an end quote

      1080

      Error prone
      Critical

      You need \\ before line feeds to break lines in [ ].

      1082

      Error prone
      Critical

      This file has a UTF-8 BOM. Remove it with: LC\_CTYPE=C sed '1s/^...//' < yourscript .

      1083

      Code style
      Minor

      This } is literal. Check expression (missing ;/\\n?) or quote it.

      1084

      Error prone
      Critical

      Use #! and not !# for shebang

      1086

      Error prone
      Critical

      Don't use $ on the iterator name in for loops.

      1087

      Code style
      Minor

      Use braces when expanding arrays

      1088

      Error prone
      Critical

      Parsing stopped here. Invalid use of parentheses?

      1089

      Error prone
      Critical

      Parsing stopped here. Is this keyword correctly matched up?

      1090

      Code style
      Minor

      Can't follow non-constant source. Use a directive to specify location.

      1091

      Error prone
      Medium

      Not following: /etc/os-release was not specified as input (see shellcheck -x).

      1095

      Error prone
      Critical

      You need a space or linefeed between the function name and body.

      1097

      Code style
      Minor

      Unexpected ==. For assignment

      1099

      Best practice
      Critical

      You need a space before the #.

      1101

      Error prone
      Critical

      Delete trailing spaces after \\ to break line (or use quotes for literal space).

      1102

      Error prone
      High

      Shells disambiguate $(( differently or not at all. For $(command substition)

      1104

      Error prone
      Critical

      Use #! and not ! for shebang

      1105

      Error prone
      High

      Shells disambiguate (( differently or not at all. For subshell

      1110

      Error prone
      High

      This is a unicode quote. Delete and retype it (or quote to make literal).

      1111

      Error prone
      High

      This is a unicode quote. Delete and retype it (or ignore/singlequote for literal).

      1113

      Error prone
      Critical

      Use #! for the shebang

      1114

      Code style
      Minor

      Remove leading spaces before the shebang.

      1115

      Error prone
      Critical

      Remove spaces between # and ! in the shebang.

      1116

      Error prone
      Critical

      Missing $ on a $((..)) expression? (or use ( ( for arrays).

      1117

      Code style
      Minor

      Backslash is literal in \\’". Prefer explicit escaping: "\\\\’"."

      1119

      Error prone
      Critical

      Add a linefeed between end token and terminating ')'.

      1126

      Error prone
      Critical

      Place shellcheck directives before commands

      1127

      Error prone
      Critical

      Was this intended as a comment? Use # in sh.

      1128

      Error prone
      Critical

      The shebang must be on the first line. Delete blanks and move comments.

      2000

      Best practice
      Minor

      See if you can use ${#variable} instead.

      2001

      Code style
      Minor

      See if you can use ${variable//search/replace} instead.

      2002

      Code style
      Minor

      Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.

      2003

      Best practice
      Minor

      expr is antiquated. Consider rewriting this using $((..))

      2004

      Code style
      Minor

      $/${} is unnecessary on arithmetic variables.

      2005

      Code style
      Minor

      Useless echo? Instead of 'echo $(cmd)'

      2006

      Best practice
      Minor

      Use $(...) notation instead of legacy backticked `...`.

      2007

      Code style
      Minor

      Use $((..)) instead of deprecated $[..]

      2009

      Error prone
      Medium

      Consider using pgrep instead of grepping ps output.

      2010

      Error prone
      High

      Don't use ls | grep. Use a glob or a for loop with a condition to allow non-alphanumeric filenames.

      2011

      Error prone
      High

      Use 'find .. -print0 | xargs -0 ..' or 'find .. -exec .. +' to allow non-alphanumeric filenames.

      2012

      Code style
      Minor

      Use find instead of ls to better handle non-alphanumeric filenames.

      2013

      Code style
      Minor

      To read lines rather than words

      2014

      Error prone
      Medium

      This will expand once before find runs

      2015

      Error prone
      Medium

      Note that A && B || C is not if-then-else. C may run when A is true.

      2016

      Code style
      Minor

      Expressions don't expand in single quotes

      2017

      Error prone
      Medium

      Increase precision by replacing a/b*c with a*c/b.

      2018

      Error prone
      Medium

      Use '[:lower:]' to support accents and foreign alphabets.

      2019

      Error prone
      Medium

      Use '[:upper:]' to support accents and foreign alphabets.

      2020

      Error prone
      Medium

      tr replaces sets of chars

      2021

      Error prone
      Medium

      Don't use [] around classes in tr

      2022

      Error prone
      Medium

      Note that unlike globs

      2023

      Error prone
      Medium

      The shell may override 'time' as seen in man time(1). Use 'command time ..' for that one.

      2024

      Error prone
      High

      sudo doesn't affect redirects. Use sudo cat file | ..

      2026

      Error prone
      Medium

      This word is outside of quotes. Did you intend to 'nest ''single quotes'"' instead'? "

      2027

      Error prone
      High

      The surrounding quotes actually unquote this. Remove or escape them.

      2028

      Error prone
      Medium

      echo won't expand escape sequences. Consider printf.

      2029

      Error prone
      Medium

      Expansion on the client side

      2030

      Error prone
      Medium

      Modification of RSYSLOG\_VERSION is local (to subshell caused by pipeline).

      2031

      Error prone
      Medium

      RSYSLOG\_VERSION was modified in a subshell. That change might be lost.

      2032

      Error prone
      Medium

      Use own script or sh -c '..' to run this from sudo.

      2033

      Error prone
      High

      Shell functions can't be passed to external commands.

      2034

      Code style
      Minor

      START\_OF\_ROOT\_PARTITION appears unused. Verify use (or export if used externally).

      2035

      Code style
      Minor

      Use ./*glob* or -- *glob* so names with dashes won't become options.

      2036

      Error prone
      High

      If you wanted to assign the output of the pipeline

      2038

      Code style
      Minor

      Use -print0/-0 or -exec + to allow for non-alphanumeric filenames.

      2039

      Code style
      Minor

      Undefined keyword for POSIX sh

      2043

      Code style
      Minor

      This loop will only ever run once for a constant value. Did you perhaps mean to loop over dir/*

      2044

      Code style
      Minor

      For loops over find output are fragile. Use find -exec or a while read loop.

      2045

      Code style
      Minor

      Iterating over ls output is fragile. Use globs.

      2046

      Safety
      High

      Quote this to prevent word splitting.

      2048

      Code style
      Minor

      Use $@" (with quotes) to prevent whitespace problems."

      2049

      Error prone
      High

      "=~ is for regex, but this looks like a glob. Use = instead."

      2050

      Error prone
      High

      This expression is constant. Did you forget the $ on a variable?

      2053

      Code style
      Minor

      Quote the right-hand side of != in [[ ]] to prevent glob matching.

      2059

      Code style
      Minor

      Don't use variables in the printf format string. Use printf ..\%s.." "$foo"."

      2060

      Error prone
      High

      Quote parameters to tr to prevent glob expansion.

      2061

      Code style
      Minor

      Quote the parameter to -iname so the shell won't interpret it.

      2062

      Error prone
      High

      Quote the grep pattern so the shell won't interpret it.

      2063

      Error prone
      High

      Grep uses regex

      2064

      Code style
      Minor

      Use single quotes

      2066

      Error prone
      Critical

      Since you double quoted this

      2067

      Error prone
      Critical

      Missing ';' or + terminating -exec. You can't use |/||/&&

      2068

      Code style
      Minor

      Double quote array expansions to avoid re-splitting elements.

      2069

      Error prone
      High

      To redirect stdout+stderr

      2070

      Error prone
      Critical

      -n doesn't work with unquoted arguments. Quote or use [[ ]].

      2071

      Code style
      Minor

      > is for string comparisons. Use -gt instead.

      2072

      Error prone
      Critical

      Decimals are not supported. Either use integers only

      2076

      Error prone
      Critical

      Don't quote rhs of =~

      2077

      Error prone
      Critical

      You need spaces around the comparison operator.

      2078

      Error prone
      Critical

      This expression is constant. Did you forget a $ somewhere?

      2081

      Error prone
      Critical

      [ .. ] can't match globs. Use [[ .. ]] or case statement.

      2082

      Error prone
      Critical

      To expand via indirection

      2086

      Safety
      High

      Double quote to prevent globbing and word splitting.

      2087

      Error prone
      High

      Quote 'VS\_CMDS' to make here document expansions happen on the server side rather than on the client.

      2088

      Error prone
      High

      Tilde does not expand in quotes. Use $HOME.

      2089

      Code style
      Minor

      Quotes/backslashes will be treated literally. Use an array.

      2090

      Code style
      Minor

      Quotes/backslashes in this variable will not be respected.

      2091

      Code style
      Minor

      Remove surrounding $() to avoid executing output.

      2092

      Error prone
      High

      Remove backticks to avoid executing output.

      2093

      Error prone
      High

      Remove exec " if script should continue after this command."

      2094

      Code style
      Minor

      Make sure not to read and write the same file in the same pipeline.

      2096

      Error prone
      Critical

      On most OS, shebangs can only specify a single parameter

      2097

      Error prone
      High

      This assignment is only seen by the forked process.

      2098

      Error prone
      High

      This expansion will not see the mentioned assignment.

      2100

      Error prone
      High

      Use $((..)) for arithmetics

      2102

      Error prone
      Medium

      Ranges can only match single chars (mentioned due to duplicates).

      2103

      Code style
      Minor

      Use a ( subshell ) to avoid having to cd back.

      2104

      Error prone
      Critical

      In functions, use return instead of break

      2105

      Error prone
      Critical

      continue is only valid in loops.

      2112

      Code style
      Minor

      function' keyword is non-standard. Delete it.

      2113

      Error prone
      High

      function' keyword is non-standard. Use 'foo()' instead of 'function foo'.

      2115

      Error prone
      High

      Use ${var:?}" to ensure this never expands to /usr ."

      2116

      Code style
      Minor

      Useless echo? Instead of 'cmd $(echo foo)'

      2119

      Code style
      Minor

      Use start\_mysql $@" if function's $1 should mean script's $1."

      2120

      Code style
      Minor

      A function references arguments but no argument is passed

      2121

      Code style
      Minor

      To assign a variable, do not use set

      2124

      Error prone
      High

      Assigning an array to a string! Assign as array

      2125

      Error prone
      High

      Brace expansions and globs are literal in assignments. Quote it or use an array.

      2126

      Error prone
      Minor

      Consider using grep -c instead of grep|wc -l.

      2128

      Code style
      Minor

      Expanding an array without an index only gives the first element.

      2129

      Code style
      Minor

      Consider using { cmd1; cmd2; } >> file instead of individual redirects.

      2139

      Error prone
      High

      This expands when defined

      2140

      Code style
      Minor

      Word is of the form A"B"C" (B indicated). Did you mean "ABC" or "A\\"B\\"C"?"

      2142

      Error prone
      Critical

      Aliases can't use positional parameters. Use a function.

      2143

      Error prone
      Minor

      Use egrep -q instead of comparing output with [ -n .. ].

      2144

      Error prone
      Critical

      -e doesn't work with globs. Use a for loop.

      2145

      Code style
      Minor

      Argument mixes string and array. Use * or separate argument.

      2146

      Error prone
      High

      This action ignores everything before the -o. Use \\( \\) to group.

      2148

      Code style
      Minor

      Tips depend on target shell and yours is unknown. Add a shebang.

      2152

      Error prone
      Critical

      Can only return 0-255. Other data should be written to stdout.

      2153

      Code style
      Minor

      Possible misspelling: FGREP may not be assigned

      2154

      Code style
      Minor

      xtra is referenced but not assigned.

      2155

      Code style
      Minor

      Declare and assign separately to avoid masking return values.

      2156

      Error prone
      High

      Injecting filenames is fragile and insecure. Use parameters.

      2157

      Error prone
      Critical

      Argument to -z is always false due to literal strings.

      2160

      Error prone
      Minor

      Instead of '[ true ]', just use 'true'

      2161

      Error prone
      Minor

      Instead of '[ 1 ]', just use '1'

      2162

      Code style
      Minor

      read without -r will mangle backslashes.

      2163

      Code style
      Minor

      This does not export 'atom\_env\_pair'. Remove $/${} for that

      2164

      Code style
      Minor

      Use 'cd ... || exit' or 'cd ... || return' in case cd fails.

      2165

      Error prone
      High

      This nested loop overrides the index variable of its parent.

      2166

      Error prone
      Medium

      Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.

      2167

      Error prone
      High

      This parent loop has its index variable overridden.

      2168

      Error prone
      Critical

      local' is only valid in functions.

      2169

      Error prone
      High

      Not supported in dash

      2171

      Error prone
      High

      Found trailing ] outside test. Missing [?

      2172

      Error prone
      High

      Trapping signals by number is not well defined. Prefer signal names.

      2173

      Error prone
      Critical

      SIGKILL/SIGSTOP can not be trapped.

      2174

      Error prone
      High

      When used with -p

      2175

      Error prone
      Minor

      Quote this invalid brace expansion since it should be passed literally to eval.

      2176

      Error prone
      High

      time' is undefined for pipelines. time single stage or bash -c instead.

      2178

      Error prone
      High

      Variable was used as an array but is now assigned a string.

      2179

      Error prone
      High

      Use array+=(item") to append items to an array."

      2181

      Code style
      Minor

      Check exit code directly with e.g. 'if mycmd;'

      2183

      Error prone
      High

      This format string has 1 variables

      2184

      Error prone
      High

      Quote arguments to unset so they're not glob expanded.

      2185

      Code style
      Minor

      Some finds don't have a default path. Specify '.' explicitly.

      2186

      Code style
      Minor

      tempfile is deprecated. Use mktemp instead.

      2187

      Error prone
      High

      Ash scripts will be checked as Dash. Add '# shellcheck shell=dash' to silence.

      2188

      Error prone
      High

      This redirection doesn't have a command. Move to its command (or use 'true' as no-op).

      2190

      Error prone
      High

      Elements in associative arrays need index

      2191

      Code style
      Minor

      The = here is literal. To assign by index

      2193

      Error prone
      High

      The arguments to this comparison can never be equal. Make sure your syntax is correct.

      2194

      Error prone
      High

      This word is constant. Did you forget the $ on a variable?

      2195

      Error prone
      High

      This pattern will never match the case statement's word. Double check them.

      2196

      Best practice
      Minor

      egrep is non-standard and deprecated. Use grep -E instead.

      2197

      Error prone
      Medium

      fgrep is non-standard and deprecated. Use grep -F instead.

      2198

      Code style
      Minor

      Arrays don't work as operands in [ ]. Use a loop (or concatenate with * instead of @).

      2199

      Error prone
      Critical

      Arrays implicitly concatenate in [[ ]]. Use a loop (or explicit * instead of @).

      2203

      Error prone
      Critical

      Globs are ignored in [[ ]] except right of =/!=. Use a loop.

      2206

      Code style
      Minor

      Quote to prevent word splitting/globbing

      2207

      Code style
      Minor

      Prefer mapfile or read -a to split command output (or quote to avoid splitting).

      2209

      Code style
      Minor

      Use var=$(command) to assign output (or quote to assign string).

      2210

      Error prone
      High

      This is a file redirection. Was it supposed to be a comparison or fd operation?

      2211

      Error prone
      High

      This is a glob used as a command name. Was it supposed to be in ${..}

      2213

      Error prone
      High

      getopts specified -v

      2214

      Error prone
      High

      This case is not specified by getopts.

      2215

      Error prone
      High

      This flag is used as a command name. Bad line break or missing [ .. ]?

      2216

      Error prone
      High

      Piping to 'rm', a command that doesn't read stdin. Wrong command or missing xargs?

      2217

      Error prone
      High

      Redirecting to 'true'

      2219

      Code style
      Minor

      Instead of 'let expr'

      2220

      Error prone
      High

      Invalid flags are not handled. Add a *) case.

      2221

      Error prone
      High

      This pattern always overrides a later one.

      2222

      Error prone
      High

      This pattern never matches because of a previous pattern.

      2223

      Code style
      Minor

      This default assignment may cause DoS due to globbing. Quote it.

      2225

      Error prone
      Critical

      This cp has no destination. Check the arguments.

      2226

      Error prone
      High

      This ln has no destination. Check the arguments

      2230

      Code style
      Minor

      which is a non-standard tool. Use builtin 'command -v' instead.

      2231

      Code style
      Minor

      Quote expansions in this for loop glob to prevent wordsplitting

      2232

      Error prone
      High

      Can't use sudo with builtins like cd. Did you want sudo sh -c .. instead?

      2233

      Error prone
      Minor

      Remove superfluous (..) around condition.

      2234

      Error prone
      Minor

      Remove superfluous (..) around test command.

      2235

      Error prone
      Minor

      Use { ..; } instead of (..) to avoid subshell overhead.

      2236

      Error prone
      Minor

      Use -n instead of ! -z.

      2237

      Error prone
      Minor

      Use [ -n .. ] instead of ! [ -z .. ].

      2242

      Error prone
      Critical

      Can only exit with status 0-255. Other data should be written to stdout/stderr.

      2239

      Best practice
      High

      Ensure the shebang uses an absolute path to the interpreter

      2254

      Best practice
      Medium

      Quote expansions in case patterns to match literally rather than as a glob

      2057

      Error prone
      High

      Detect unknown binary operator

      1133

      Code style
      Medium

      Unexpected start of line. If breaking lines, |/||/&& should be at the end of the previous one.

      1112

      Error prone
      Medium

      This is a unicode quote. Delete and retype it (or ignore/doublequote for literal).

      2041

      Best practice
      High

      To run as a command, use $(..) instead of '..'

      2218

      Error prone
      Medium

      This function is only defined later. Move the definition up.

      2238

      Best practice
      Medium

      Redirecting to/from command name instead of file. Did you want pipes/xargs (or quote to ignore)?

      2229

      Error prone
      Medium

      This does not read foo. Remove $/${} for that, or use ${var?} to quiet

      2065

      Error prone
      Medium

      This is interpreted as a shell file redirection, not a comparison

      2246

      Error prone
      Critical

      This shebang specifies a directory. Ensure the interpreter is a file

      1039

      Code style
      Minor

      Remove indentation before end token

      1108

      Code style
      High

      You need a space before and after the =

      2107

      Best practice
      High

      Instead of [ a && b ], use [ a ] && [ b ]