...
- Use a "lint" finding program. For example,
- shell: use "shellcheck", which can be installed using "
apt install -y shellcheck" - python: there are a number lint-finding programs, such as "pylint" and "flakes8".
- shell: use "shellcheck", which can be installed using "
- Beware of the shell CDPATH variable and relative paths in cd commands.
- If your shell script uses a relative path in its cd commands, such as "
cd somewhere" or "cd somewhere/else", the location it winds up can be hijacked by the invoker setting the CDPATH variable name. - Either set the CDPATH explicitly at the beginning of your shell script,
- CDPATH=
- or use "
./" explicitly at the beginning of the path you cd to, as in "cd ./somewhere" or "cd ./somewhere/else".
- If your shell script uses a relative path in its cd commands, such as "
Code quality evaluation
the use of code quality tool help the developer to fix vulnerabilities early.
...