From: Denis Ovsienko <denis@ovsienko.info>
Date: Sun, 21 Mar 2021 13:33:36 +0000 (+0000)
Subject: Coverity: Use an executable POSIX shell script.
X-Git-Tag: tcpdump-4.99.1~42
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/64f49a2e2d3b31bcaa562bc5e4d96943ab931c72

Coverity: Use an executable POSIX shell script.

Address all shellcheck warnings.

(cherry picked from commit 8281c4ae6e7e01524d20dd69b2275d0ed7949216)
---

diff --git a/.cirrus.yml b/.cirrus.yml
index 949c4716..79ca2b33 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -92,4 +92,4 @@ coverity_task:
     - apt-get -qy install libssl-dev libsmi2-dev libcap-ng-dev libpcap-dev
     - apt-get -qy install git curl wget ruby rubygems ruby-json # for the coverity script
     - apt list --installed 'lib*-dev'
-    - /bin/bash .travis-coverity-scan-build.sh # Not executable, depends on bashisms.
+    - ./.travis-coverity-scan-build.sh
diff --git a/.travis-coverity-scan-build.sh b/.travis-coverity-scan-build.sh
old mode 100644
new mode 100755
index aba75cd0..7ea1dac9
--- a/.travis-coverity-scan-build.sh
+++ b/.travis-coverity-scan-build.sh
@@ -3,14 +3,14 @@
 set -e
 
 # Environment check
-echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
+printf "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m\n"
 [ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
 #[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
 [ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
 [ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
 [ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
 
-PLATFORM=`uname`
+PLATFORM=$(uname)
 TOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz
 TOOL_URL=https://scan.coverity.com/download/cxx/${PLATFORM}
 TOOL_BASE=/tmp/coverity-scan-analysis
@@ -19,98 +19,98 @@ SCAN_URL="https://scan.coverity.com"
 
 # Verify Coverity Scan run condition
 COVERITY_SCAN_RUN_CONDITION=${coverity_scan_run_condition:-true}
-echo -ne "\033[33;1mTesting '${COVERITY_SCAN_RUN_CONDITION}' condition... "
-if eval [ $COVERITY_SCAN_RUN_CONDITION ]; then
-  echo -e "True.\033[0m"
+printf "\033[33;1mTesting '%s' condition... " "$COVERITY_SCAN_RUN_CONDITION"
+if eval [ "$COVERITY_SCAN_RUN_CONDITION" ]; then
+  printf "True.\033[0m\n"
 else
-  echo -e "False. Exit.\033[0m"
+  printf "False. Exit.\033[0m\n"
   exit 0
 fi
 
 # Do not run on pull requests
 if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
-  echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
+  printf "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m\n"
   exit 0
 fi
 
 # Verify this branch should run
-IS_COVERITY_SCAN_BRANCH=`ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0"`
+IS_COVERITY_SCAN_BRANCH=$(ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0")
 if [ "$IS_COVERITY_SCAN_BRANCH" = "1" ]; then
-  echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
+  printf "\033[33;1mCoverity Scan configured to run on branch %s\033[0m\n" "$TRAVIS_BRANCH"
 else
-  echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
+  printf "\033[33;1mCoverity Scan NOT configured to run on branch %s\033[0m\n" "$TRAVIS_BRANCH"
   exit 1
 fi
 
 # Verify upload is permitted
-AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
+AUTH_RES=$(curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
 if [ "$AUTH_RES" = "Access denied" ]; then
-  echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
+  printf "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m\n"
   exit 1
 else
-  AUTH=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']"`
+  AUTH=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']")
   if [ "$AUTH" = "true" ]; then
-    echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
+    printf "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m\n"
   else
-    WHEN=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']"`
-    echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
+    WHEN=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']")
+    printf "\033[33;1mCoverity Scan analysis NOT authorized until %s.\033[0m\n" "$WHEN"
     exit 0
   fi
 fi
 
 if [ ! -d $TOOL_BASE ]; then
   # Download Coverity Scan Analysis Tool
-  if [ ! -e $TOOL_ARCHIVE ]; then
-    echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
-    wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
+  if [ ! -e "$TOOL_ARCHIVE" ]; then
+    printf "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m\n"
+    wget -nv -O "$TOOL_ARCHIVE" "$TOOL_URL" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
   fi
 
   # Extract Coverity Scan Analysis Tool
-  echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
+  printf "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m\n"
   mkdir -p $TOOL_BASE
-  pushd $TOOL_BASE
-  tar xzf $TOOL_ARCHIVE
-  popd
+  tar xzf "$TOOL_ARCHIVE" -C "$TOOL_BASE"
 fi
 
-TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
+TOOL_DIR=$(find $TOOL_BASE -type d -name 'cov-analysis*')
 export PATH=$TOOL_DIR/bin:$PATH
 
 # Build
-echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
+printf "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m\n"
 COV_BUILD_OPTIONS=""
 #COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
 RESULTS_DIR="cov-int"
 eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
-COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $COV_BUILD_OPTIONS $COVERITY_SCAN_BUILD_COMMAND
+# Do not quote COV_BUILD_OPTIONS so it collapses when it is empty and expands
+# when it is not.
+COVERITY_UNSUPPORTED=1 cov-build --dir "$RESULTS_DIR" $COV_BUILD_OPTIONS "$COVERITY_SCAN_BUILD_COMMAND"
 cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1
 
 # Upload results
-echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
+printf "\033[33;1mTarring Coverity Scan Analysis results...\033[0m\n"
 RESULTS_ARCHIVE=analysis-results.tgz
 tar czf $RESULTS_ARCHIVE $RESULTS_DIR
-SHA=`git rev-parse --short HEAD`
+SHA=$(git rev-parse --short HEAD)
 VERSION_SHA=$(cat VERSION)#$SHA
 
 # Verify Coverity Scan script test mode
-if [ "$coverity_scan_script_test_mode" = true ]; then
-  echo -e "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m"
+if [ "${coverity_scan_script_test_mode:-false}" = true ]; then
+  printf "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m\n"
   exit 0
 fi
 
-echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
+printf "\033[33;1mUploading Coverity Scan Analysis results...\033[0m\n"
 response=$(curl \
   --silent --write-out "\n%{http_code}\n" \
-  --form project=$COVERITY_SCAN_PROJECT_NAME \
-  --form token=$COVERITY_SCAN_TOKEN \
+  --form project="$COVERITY_SCAN_PROJECT_NAME" \
+  --form token="$COVERITY_SCAN_TOKEN" \
   --form email=blackhole@blackhole.io \
   --form file=@$RESULTS_ARCHIVE \
-  --form version=$SHA \
+  --form version="$SHA" \
   --form description="$VERSION_SHA" \
   $UPLOAD_URL)
 status_code=$(echo "$response" | sed -n '$p')
 if [ "$status_code" != "200" ] && [ "$status_code" != "201" ]; then
   TEXT=$(echo "$response" | sed '$d')
-  echo -e "\033[33;1mCoverity Scan upload failed with HTTP status code '$status_code': $TEXT.\033[0m"
+  printf "\033[33;1mCoverity Scan upload failed with HTTP status code '%s': %s.\033[0m\n" "$status_code" "$TEXT"
   exit 1
 fi