SC2068 should warn on unquoted :+ parameter expansions

[dimo414]

For bugs

• Rule Id (if any, e.g. SC1000): SC2068
• My shellcheck version (shellcheck --version or "online"):
• The rule's wiki page does not already cover this (e.g. https://shellcheck.net/wiki/SC2086)
• I tried on shellcheck.net and verified that this is still a problem on the latest commit

Here's a snippet or screenshot that shows the problem:

#!/bin/bash

bar=
foo --bang=$bar
foo ${bar:+--bang=$bar}
foo ${bar:+"--bang=$bar"}
foo "${bar:+--bang=$bar}"

Here's what shellcheck currently says:

Line 4:
foo --bang=$bar
           ^-- SC2086: Double quote to prevent globbing and word splitting.

Here's what I wanted or expected to see:

Line 5 should similarly trigger, as it is also subject to word splitting. By contrast line 6 (correctly) does not trigger because the inner expansion is properly quoted. This has the effect of only passing an argument to foo if $bar is set, and otherwise no arguments are passed.

As @eatnumber1 notes below, line 7 is also safe because the entire expansion is quoted, but will result in an empty-string argument being passed to foo, which isn't necessarily desirable.

[eatnumber1]

Worth noting that ShellCheck does the right thing (no warnings) if the entire expansion is quoted. E.g. the following produce no warnings and each printf correctly prints foo bar with no line breaks.

foo="baz foobaz"
printf '%s\n' "${foo:+foo bar}"
printf '%s\n' "${foo:+"foo bar"}"