Semgrep checks and shellcheck braces checks

installer/wickStrictModeFail.sh

@@ -14,9 +14,9 @@ wickStrictModeFail() (
   set +x
   local argsList argsLeft i nextArg
 
-  echo -e "Error detected - status code $ORANGE$1$NC"
-  echo -e "Command:  $ORANGE$BASH_COMMAND$NC"
-  echo -e "Location:  $ORANGE${BASH_SOURCE[1]:-unknown}$NC, line $ORANGE${BASH_LINENO[0]:-unknown}$NC"
+  echo -e "Error detected - status code ${ORANGE}${1}${NC}"
+  echo -e "Command:  ${ORANGE}${BASH_COMMAND}${NC}"
+  echo -e "Location:  ${ORANGE}${BASH_SOURCE[1]:-unknown}${NC}, line ${ORANGE}${BASH_LINENO[0]:-unknown}${NC}"
 
   if [[ ${#PIPESTATUS[@]} -gt 1 ]]; then
       echo "Pipe status: " "${PIPESTATUS[@]}"
@@ -25,20 +25,20 @@ wickStrictModeFail() (
   i=$#
   nextArg=$#
 
-  if [[ $i -lt ${#BASH_LINENO[@]} ]]; then
+  if [[ ${i} -lt ${#BASH_LINENO[@]} ]]; then
     echo "Stack Trace:"
   else
     echo "Stack trace is unavailable"
   fi
 
-  while [[ $i -lt ${#BASH_LINENO[@]} ]]; do
+  while [[ ${i} -lt ${#BASH_LINENO[@]} ]]; do
     argsList=()
 
-    if [[ ${#BASH_ARGC[@]} -gt $i ]] && [[ ${#BASH_ARGV[@]} -ge $(( nextArg + BASH_ARGC[i] )) ]]; then
+    if [[ ${#BASH_ARGC[@]} -gt ${i} ]] && [[ ${#BASH_ARGV[@]} -ge $(( nextArg + BASH_ARGC[i] )) ]]; then
       for (( argsLeft = BASH_ARGC[i]; argsLeft; --argsLeft )); do
         # Note: this reverses the order on purpose
         # shellcheck disable=SC2004
-        argsList[$argsLeft]=${BASH_ARGV[nextArg]}
+        argsList[${argsLeft}]=${BASH_ARGV[nextArg]}
         (( nextArg ++ ))
       done
 
@@ -55,7 +55,7 @@ wickStrictModeFail() (
       argsList=""
     fi
 
-    echo "    [$i] ${FUNCNAME[i]:+${FUNCNAME[i]}(): }${BASH_SOURCE[i]}, line ${BASH_LINENO[i - 1]} -> ${FUNCNAME[i]:-${BASH_SOURCE[i]##*/}}$argsList"
+    echo "    [${i}] ${FUNCNAME[i]:+${FUNCNAME[i]}"():" }${BASH_SOURCE[i]}, line ${BASH_LINENO[i - 1]} -> ${FUNCNAME[i]:-${BASH_SOURCE[i]##*/}}${argsList}"
     (( i ++ ))
   done
   echo -e "\n${BLUE}${BOLD}Important: Consider filling out a bug report at https://github.com/e-m-b-a/emba/issues${NC}\n"

modules/L10_system_emulation/run_service.sh

@@ -27,7 +27,7 @@ if ("${FIRMAE_ETC}"); then
       BINARY_NAME=$("${BUSYBOX}" basename "${BINARY_NAME}")
       if ( ! ("${BUSYBOX}" ps | "${BUSYBOX}" grep -v grep | "${BUSYBOX}" grep -sqi "${BINARY_NAME}") ); then
         "${BUSYBOX}" echo "[*] Starting $BINARY_NAME service ..."
-        ${BINARY} &
+        "${BINARY}" &
         "${BUSYBOX}" sleep 5
         "${BUSYBOX}" echo "[*] Netstat output ..."
         "${BUSYBOX}" netstat -antu

modules/Q02_openai_question.sh

@@ -15,7 +15,7 @@
 # Description: Openai questioning module for container #2
 # Note:        Important requirement for Q-modules is the self termination when a certain phase ends
 
-Q02_openai_question() { 
+Q02_openai_question() {
   if [[ "${GPT_OPTION}" -gt 0 ]] && [[ -n "${OPENAI_API_KEY}" ]]; then
     module_log_init "${FUNCNAME[0]}"
     # Prints title to CLI and into log
@@ -51,7 +51,7 @@ ask_chatgpt() {
   local GPT_FILE_DIR_="${LOG_PATH_MODULE}""/gpt_files"
   local GPT_PRIO_=3
   # default vars
-  local GPT_QUESTION_="" 
+  local GPT_QUESTION_=""
   local CHATGPT_CODE_=""
   local GPT_RESPONSE_=""
   local GPT_RESPONSE_CLEANED_=""
@@ -89,7 +89,7 @@ ask_chatgpt() {
     GPT_TOKENS_="${GPT_TOKENS_//cost\=/}"
     GPT_RESPONSE_="$(echo "${ELEM}" | cut -d\; -f7)"
     GPT_INPUT_FILE_="$(basename "${SCRIPT_PATH_TMP_}")"
-    
+
     # in case we have nothing we are going to move on
     [[ -z "${SCRIPT_PATH_TMP_}" ]] && continue
     print_output "[*] Identification of ${ORANGE}${SCRIPT_PATH_TMP_} / ${GPT_INPUT_FILE_}${NC} inside ${ORANGE}${LOG_DIR}/firmware${NC}" "no_log"
@@ -160,7 +160,8 @@ ask_chatgpt() {
                 local CNT=0
                 while [[ "${CNT}" -lt 1000 ]]; do
                   CNT=$((CNT+1))
-                  (( "${CNT}" % 100 == 0 )) && print_output "[*] Rate limit handling ... sleep mode - ${CNT}" "no_log"
+                  temp="$(( "${CNT}" % 100 ))"
+                  (( "${temp}" == 0 )) && print_output "[*] Rate limit handling ... sleep mode - ${CNT}" "no_log"
                   if grep -q "Testing phase ended" "${LOG_DIR}"/"${MAIN_LOG_FILE}"; then
                     break 2
                   fi

modules/S110_yara_check.sh

@@ -43,7 +43,8 @@ S110_yara_check()
     ulimit -Sv unlimited
 
     while read -r YARA_OUT_LINE; do
-      if [[ "$YARA_OUT_LINE" == *" [] [author="* ]]; then
+      author_string=" [] [author="
+      if [[ "${YARA_OUT_LINE}" == *"${author_string}"* ]]; then
         YRULE=$(echo "$YARA_OUT_LINE" | awk '{print $1}')
         MATCH_FILE=$(echo "$YARA_OUT_LINE" | grep "\ \[\]\ \[author=\"" | rev | awk '{print $1}' | rev)
         MATCH_FILE_NAME=$(basename "$MATCH_FILE")

modules/S22_php_check.sh

@@ -239,7 +239,7 @@ s22_check_php_ini(){
   for PHP_FILE in "${PHP_INI_FILE[@]}" ;  do
     # print_output "[*] iniscan check of ""$(print_path "$PHP_FILE")"
     mapfile -t INISCAN_RESULT < <( "$PHP_INISCAN_PATH" scan --path="$PHP_FILE" || true)
-    for LINE in "${INISCAN_RESULT[@]}" ; do  
+    for LINE in "${INISCAN_RESULT[@]}" ; do
       local LIMIT_CHECK
       IFS='|' read -ra LINE_ARR <<< "$LINE"
       # TODO: STRICT mode not working here:
@@ -266,7 +266,7 @@ s22_check_php_ini(){
         elif ( echo "$LINE" | grep -q "passing" ) ; then
           IFS=' ' read -ra LINE_ARR <<< "$LINE"
           # semgrep does not like the following line of code:
-          LINE_ARR[0]=$(( LINE_ARR[0]-PHP_INI_LIMIT_EXCEEDED ))
+          LINE_ARR[0]=$(( "${LINE_ARR[0]}" - "${PHP_INI_LIMIT_EXCEEDED}" ))
         fi
       fi
     done