Finding #4: printf and quoting correctness
Evidence:
- SC2059 "printf with variable as format" in
document-creation-helper.sh (multiple lines) and in tests
- SC2086 "Double quote to prevent globbing and word splitting" in
wp-helper.sh:303 and localdev-helper.sh:1055
Risk:
Potential security issues with variable expansion; unexpected behavior with filenames containing spaces or special characters.
Recommended Action:
Replace patterns:
# Instead of: printf "$format" "$value"
printf '%s' "$value"
# Instead of: somecmd $UNQUOTED
somecmd "$UNQUOTED"
Source: #2386
Finding #4: printf and quoting correctness
Evidence:
document-creation-helper.sh(multiple lines) and in testswp-helper.sh:303andlocaldev-helper.sh:1055Risk:
Potential security issues with variable expansion; unexpected behavior with filenames containing spaces or special characters.
Recommended Action:
Replace patterns:
Source: #2386