echo is fine when its argument is not a variable.

hvdijk · on Oct 29, 2022

The script does echo variables:

    echo "banned command $cmd: $output"

This is non-portable if there is any possibility that these variables contain backslashes.

nequo · on Oct 29, 2022

TIL:

  dash$ x="foo\nasd"
  dash$ echo "$x"
  foo
  asd
  dash$ printf "%s\n" "$x"
  foo\nasd
  dash$

  zsh% x="foo\nasd"
  zsh% echo "$x"
  foo
  asd
  zsh% printf "%s\n" "$x"
  foo\nasd
  zsh%

  bash$ x="foo\nasd"
  bash$ echo "$x"
  foo\nasd
  bash$ printf "%s\n" "$x"
  foo\nasd
  bash$

remram · on Oct 30, 2022

Wow, TIL indeed. That's conformant to the Single UNIX Specification as well: https://pubs.opengroup.org/onlinepubs/007908799/xcu/echo.htm...

norvvryo · on Oct 29, 2022

Enlightening

From POSIX:

>echo - write arguments to standard output

>If the first operand is -n, or if any of the operands contain a <backslash> character, the results are implementation-defined.

fragmede · on Oct 29, 2022

    bash$ echo -e $x
    foo
    asd
    bash$

TechBro8615 · on Oct 29, 2022

The script is for static analysis, so it only needs to run once against each code change, and in theory it shouldn't need to be portable code, unless the code under test is the static analysis code itself.

In other words, they control where this script runs and there is no need to run it on more than one platform, so it's okay for it to be non-portable.

hvdijk · on Oct 30, 2022

That's fine if the script only runs on shells that behave the same way, but the script runs under bats, which runs on bash and appears to not change its xpg_echo shell option. This shell option controls echo's behaviour on bash and has a compile-time-configurable default; even scripts that are only meant to run on bash cannot assume either behaviour for echo, as different vendors use different defaults for the option.