Pattern: String expanded on Bash client side
Issue: -
Bash expands all arguments that are not escaped/single-quoted.
Example of incorrect code:
ssh host "echo $HOSTNAME"This will print out the client's hostname, not the server's hostname.
Example of correct code:
ssh host "echo \$HOSTNAME"or
ssh host 'echo $HOSTNAME'If you do want your string expanded on the client side, you can safely ignore this message.
Keep in mind that the expanded string will be evaluated again on the server side, so for arbitrary variables and command output, you may need to add a layer of escaping with e.g. printf %q.