Addressed lintian/shellcheck warnings

CHANGELOG.md

@@ -213,6 +213,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Include unknown preferences when uploading or syncing configs [#1005](https://github.com/greenbone/gvmd/pull/1005)
 - Set the default OSPD unix socket path to /var/run/ospd/ospd.sock [#1238](https://github.com/greenbone/gvmd/pull/1238)
 - The default OSPD unix path is now configurable [#1244](https://github.com/greenbone/gvmd/pull/1244)
+- Made all shellscripts POSIX compliant [#1471](https://github.com/greenbone/gvmd/pull/1471)
 
 ### Fixed
 - Add NULL check in nvts_feed_version_epoch [#768](https://github.com/greenbone/gvmd/pull/768)

src/alert_methods/SCP/alert

@@ -26,15 +26,15 @@ PRIVATE_KEY_FILE=$5
 PASSWORD_FILE=$6
 REPORT_FILE=$7
 
-KNOWN_HOSTS_FILE=`mktemp` || exit 1
-echo $KNOWN_HOSTS > $KNOWN_HOSTS_FILE
+KNOWN_HOSTS_FILE=$(mktemp) || exit 1
+echo "$KNOWN_HOSTS" > "$KNOWN_HOSTS_FILE"
 
-ERROR_FILE=`mktemp` || exit 1
+ERROR_FILE=$(mktemp) || exit 1
 
 log_error() {
   # remove \r used in line feed by scp or sshpass (\r\n)
   # which can make journalctl interpret the output as blob data
-  MESSAGE=`echo "$1" | tr -d '\r'`
+  MESSAGE=$(echo "$1" | tr -d '\r')
   logger "SCP alert: $MESSAGE"
   echo "$MESSAGE" >&2
 }
@@ -51,18 +51,18 @@ then
 fi
 
 # Escape destination because it is also expanded on the remote end.
-DEST_ESC=`shell_esc "$DEST"`
+DEST_ESC=$(shell_esc "$DEST")
 
 if [ -z "$PRIVATE_KEY_FILE" ]
 then
-  timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
+  timeout "$TIMEOUT" sshpass -f "${PASSWORD_FILE}" scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>"$ERROR_FILE"
 else
-  timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
+  timeout "$TIMEOUT" sshpass -f "${PASSWORD_FILE}" -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>"$ERROR_FILE"
 fi
 
 EXIT_CODE=$?
 
-ERROR_SHORT=`head -n 3 $ERROR_FILE`
+ERROR_SHORT=$(head -n 3 "$ERROR_FILE")
 
 if [ $EXIT_CODE -eq 1 ]
 then
@@ -93,8 +93,8 @@ then
   log_error "sshpass failed with exit code ${EXIT_CODE}: $ERROR_SHORT"
 fi
 
-rm $KNOWN_HOSTS_FILE
-rm $PASSWORD_FILE
-rm $ERROR_FILE
+rm "$KNOWN_HOSTS_FILE"
+rm "$PASSWORD_FILE"
+rm "$ERROR_FILE"
 
 exit $EXIT_CODE

src/alert_methods/SNMP/alert

@@ -22,12 +22,12 @@ COMMUNITY=$1
 AGENT=$2  # Host.
 MESSAGE=$3
 
-OUTPUT=$(snmptrap -v 2c -c $COMMUNITY $AGENT '' .1.3.6.1.6.3 0 s "$MESSAGE" 2>&1)
+OUTPUT=$(snmptrap -v 2c -c "$COMMUNITY" "$AGENT" '' .1.3.6.1.6.3 0 s "$MESSAGE" 2>&1)
 
 EXIT_CODE=$?
 
 if [ "0" -ne "$EXIT_CODE" ]
 then
-  echo "snmptrap failed with code $EXIT_CODE:\n$OUTPUT" >&2
+  printf 'snmptrap failed with code %s:\n%s\n' "$EXIT_CODE" "$OUTPUT">&2
   exit $EXIT_CODE
 fi

src/alert_methods/Send/alert

@@ -18,6 +18,6 @@
 
 # Escalator method script: Send.
 
-cat $3 | socat -t 0 - TCP:$1:$2
+socat -t 0 - TCP:"$1":"$2" < "$3"
 EXIT_CODE=$?
 exit $EXIT_CODE

src/alert_methods/Sourcefire/alert

@@ -18,6 +18,6 @@
 
 # Escalator method script: Sourcefire connector.
 
-greenbone_sourcefire_connector -server=$1 -port=$2 -pkcs12=$3 -password="$5" $4
+greenbone_sourcefire_connector -server="$1" -port="$2" -pkcs12="$3" -password="$5" "$4"
 EXIT_CODE=$?
 exit $EXIT_CODE

src/alert_methods/TippingPoint/alert

@@ -32,7 +32,7 @@ urlencode () {
 }
 
 # Create temp file for converted report
-REPORT_DATE=$(xmlstarlet sel -t -v "report/timestamp" < $REPORT_PATH)
+REPORT_DATE=$(xmlstarlet sel -t -v "report/timestamp" < "$REPORT_PATH")
 EXIT_CODE=$?
 if [ 0 -ne $EXIT_CODE ]
 then
@@ -41,7 +41,7 @@ fi
 
 REPORT_DATE=$(date -d "$REPORT_DATE" +%Y%m%d%H%M%S)
 
-CONVERTED_PATH=$(mktemp "$(dirname ${REPORT_PATH})/report-${REPORT_DATE}-XXXXXX.csv")
+CONVERTED_PATH=$(mktemp "$(dirname "${REPORT_PATH}")/report-${REPORT_DATE}-XXXXXX.csv")
 EXIT_CODE=$?
 if [ 0 -ne $EXIT_CODE ]
 then
@@ -58,15 +58,15 @@ then
 fi
 
 # Get and reformat scan run times
-START_TIME=$(xmlstarlet sel -t -v "report/scan_start" < $REPORT_PATH)
+START_TIME=$(xmlstarlet sel -t -v "report/scan_start" < "$REPORT_PATH")
 EXIT_CODE=$?
 if [ 0 -ne $EXIT_CODE ]
 then
   exit $EXIT_CODE
 fi
 START_TIME=$(TZ=UTC date -d "$START_TIME" +%Y-%m-%dT%H:%M:%S.000Z)
 
-END_TIME=$(xmlstarlet sel -t -v "report/scan_end" < $REPORT_PATH)
+END_TIME=$(xmlstarlet sel -t -v "report/scan_end" < "$REPORT_PATH")
 EXIT_CODE=$?
 if [ 0 -ne $EXIT_CODE ]
 then
@@ -81,7 +81,7 @@ PRODUCT=$(urlencode "Greenbone Vulnerability Manager")
 FORMAT_VERSION=$(urlencode "1.0.0")
 CN_REPLACEMENT="Tippingpoint"
 
-if [ "1" = $CERT_WORKAROUND ]
+if [ "1" = "$CERT_WORKAROUND" ]
 then
   HTTP_CODE=$(curl -s -w ' - Status code %{http_code}' -F "file=@$CONVERTED_PATH" --netrc-file "$AUTH_PATH" "https://$CN_REPLACEMENT/vulnscanner/import?vendor=$VENDOR&product=$PRODUCT&version=$FORMAT_VERSION&runtime=$RUNTIME" --cacert "$CERT_PATH" --resolve "$CN_REPLACEMENT:443:$SMS_ADDRESS")
   CURL_EXIT="$?"

src/alert_methods/vFire/alert

@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 ALERT_CONFIG="$1"
-CONNECTOR=`which greenbone_vfire_connector`
+CONNECTOR=$(which greenbone_vfire_connector)
 
 if [ -z "$ALERT_CONFIG" ]
 then

src/alert_methods/verinice/alert

@@ -18,6 +18,6 @@
 
 # Escalator method script: verinice connector.
 
-greenbone_verinice_connector $1 $2 $3 $4
+greenbone_verinice_connector "$1" "$2" "$3" "$4"
 EXIT_CODE=$?
 exit $EXIT_CODE

src/schema_formats/HTML/generate

@@ -21,4 +21,4 @@
 # This schema generator creates a single HTML file from the XML schema using
 # an XSL transformation via the tool xsltproc.
 
-xsltproc ./HTML.xsl $1
+xsltproc ./HTML.xsl "$1"

src/schema_formats/RNC/generate

@@ -21,4 +21,4 @@
 # This schema generator creates a single RNC file from the XML schema using
 # an XSL transformation via the tool xsltproc.
 
-xsltproc ./RNC.xsl $1
+xsltproc ./RNC.xsl "$1"

src/schema_formats/XML-brief/generate

@@ -21,4 +21,4 @@
 # This schema generator creates a brief XML description of the protocol.
 # Basically just the command list.
 
-xsltproc ./GMP.xsl $1
+xsltproc ./GMP.xsl "$1"

src/schema_formats/XML/generate

@@ -21,5 +21,5 @@
 # This schema generator is the most trivial one as it simply passes on the
 # GMP XML schema as is.
 
-cat $1
+cat "$1"
 exit 0

tools/create-gvm-migrate-config

@@ -67,7 +67,7 @@ cat > gvm-migrate-config << 'OUTER'
 
 # Make a temp dir.
 
-TMP=`mktemp -d` || exit 1
+TMP=$(mktemp -d) || exit 1
 
 # Output a temporary XSL file to do the config conversion.
 

tools/greenbone-feed-sync.in

@@ -126,7 +126,7 @@ else
 
 fi
 
-RSYNC=`command -v rsync`
+RSYNC=$(command -v rsync)
 
 # Current supported feed types (for --type parameter)
 FEED_TYPES_SUPPORTED="CERT, SCAP or GVMD_DATA"
@@ -250,7 +250,7 @@ init_feed_type () {
 write_feed_xml () {
   if [ -r $TIMESTAMP ]
   then
-    FEED_VERSION=`cat $TIMESTAMP`
+    FEED_VERSION=$(cat $TIMESTAMP)
   else
     FEED_VERSION=0
   fi
@@ -271,7 +271,7 @@ write_feed_xml () {
 }
 
 create_tmp_key () {
-  KEYTEMPDIR=`mktemp -d`
+  KEYTEMPDIR=$(mktemp -d)
   cp "$ACCESSKEY" "$KEYTEMPDIR"
   TMPACCESSKEY="$KEYTEMPDIR/gsf-access-key"
   chmod 400 "$TMPACCESSKEY"
@@ -325,7 +325,7 @@ get_value ()
 is_feed_current () {
   if [ -r $TIMESTAMP ]
   then
-    FEED_VERSION=`cat $TIMESTAMP`
+    FEED_VERSION=$(cat $TIMESTAMP)
   fi
 
   if [ -z "$FEED_VERSION" ]
@@ -335,12 +335,12 @@ is_feed_current () {
     return $FEED_CURRENT
   fi
 
-  FEED_INFO_TEMP_DIR=`mktemp -d`
+  FEED_INFO_TEMP_DIR=$(mktemp -d)
 
   if [ -e $ACCESSKEY ]
   then
     read feeduser < $ACCESSKEY
-    custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1`
+    custid_at_host=$(head -1 $ACCESSKEY | cut -d : -f 1)
 
     if [ -z "$feeduser" ] || [ -z "$custid_at_host" ]
     then
@@ -390,7 +390,7 @@ is_feed_current () {
     fi
   fi
 
-  FEED_VERSION_SERVER=`cat "$FEED_INFO_TEMP_DIR/timestamp"`
+  FEED_VERSION_SERVER=$(cat "$FEED_INFO_TEMP_DIR/timestamp")
 
   if [ -z "$FEED_VERSION_SERVER" ]
   then
@@ -470,7 +470,7 @@ sync_feed_data(){
 
     mkdir -p "$FEED_DIR"
     read feeduser < $ACCESSKEY
-    custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1`
+    custid_at_host=$(head -1 $ACCESSKEY | cut -d : -f 1)
 
     if [ -z "$feeduser" ] || [ -z "$custid_at_host" ]
     then

tools/gvm-export-config

@@ -45,15 +45,15 @@ sql () {
 echo "<config id=\"${UUID}\">"
 
 echo -n "  <name>"
-echo -n `sql "SELECT name FROM configs WHERE uuid = '$UUID'"`
+echo -n $(sql "SELECT name FROM configs WHERE uuid = '$UUID'")
 echo "</name>"
 
 echo -n "  <comment>"
-echo -n `sql "SELECT comment FROM configs WHERE uuid = '$UUID'"`
+echo -n $(sql "SELECT comment FROM configs WHERE uuid = '$UUID'")
 echo "</comment>"
 
 echo -n "  <type>"
-echo -n `sql "SELECT type FROM configs WHERE uuid = '$UUID'"`
+echo -n $(sql "SELECT type FROM configs WHERE uuid = '$UUID'")
 echo "</type>"
 
 echo "  <usage_type>scan</usage_type>"
@@ -68,7 +68,7 @@ echo "  </preferences>"
 
 echo "  <nvt_selectors>"
 
-SELECTOR=`sql "SELECT nvt_selector FROM configs WHERE uuid='${UUID}';"`
+SELECTOR=$(sql "SELECT nvt_selector FROM configs WHERE uuid='${UUID}';")
 if [ "$SELECTOR" = "54b45713-d4f4-4435-b20d-304c175ed8c5" ]; then
   echo "    <all_selector/>"
 else

tools/gvm-lsc-deb-creator

@@ -92,19 +92,19 @@ CONTROL_DIR="${PACKAGE_BASE_DIR}/DEBIAN"
 #
 # Test dependencies
 #
-if [ -z "$(which dpkg)" ]
+if [ -z "$(command -v dpkg)" ]
 then
   echo "dpkg not found" >&2
   exit 1
 fi
 
-if [ -z "$(which fakeroot)" ]
+if [ -z "$(command -v fakeroot)" ]
 then
   echo "fakeroot not found" >&2
   exit 1
 fi
 
-if [ -z "$(which md5sum)" ]
+if [ -z "$(command -v md5sum)" ]
 then
   echo "md5sum not found" >&2
   exit 1
@@ -134,7 +134,7 @@ cp "${PUBKEY_FILE}" "${AUTH_KEYS_FILE}"
 mkdir -p "${DOC_DATA_DIR}"
 
 # Create Changelog
-cd "${DOC_DATA_DIR}"
+cd "${DOC_DATA_DIR}" || echo "'cd' somehow failed to access changelog dir."
 CHANGELOG_FILE="${DOC_DATA_DIR}/changelog.Debian"
 {
   echo "${PACKAGE_NAME} (${PACKAGE_VERSION}) experimental; urgency=low"
@@ -160,7 +160,7 @@ COPYRIGHT_FILE="${DOC_DATA_DIR}/copyright"
 } > "${COPYRIGHT_FILE}"
 
 # Create data archive
-cd "${DATA_DIR}"
+cd "${DATA_DIR}" || echo "'cd' somehow failed to access data dir."
 tar -C "${DATA_DIR}" -acf "../data.tar.xz" "${HOME_SUBDIR}" "${DOC_SUBDIR}"
 
 
@@ -226,7 +226,7 @@ chmod "0755" "${POSTRM_FILE}"
 
 # Calculate md5 checksums
 MD5SUMS_FILE="${CONTROL_DIR}/md5sums"
-cd "${DATA_DIR}"
+cd "${DATA_DIR}" || echo "'cd' somehow failed to access data dir."
 {
   md5sum "${HOME_SUBDIR}/.ssh/authorized_keys"
   md5sum "${DOC_SUBDIR}/changelog.Debian.gz"
@@ -238,5 +238,5 @@ cd "${DATA_DIR}"
 #
 
 # Combine into .deb file
-cd "${TEMP_DIR}"
+cd "${TEMP_DIR}" || echo "'cd' somehow failed ti access temporary dir."
 fakeroot -- dpkg --build "${PACKAGE_NAME_VERSION}" "${OUTPUT_PATH}"

tools/gvm-lsc-rpm-creator

@@ -78,13 +78,13 @@ SPEC_DIR="${TEMP_DIR}"
 #
 # Test dependencies
 #
-if [ -z "$(which fakeroot)" ]
+if [ -z "$(command -v fakeroot)" ]
 then
   echo "fakeroot not found" >&2
   exit 1
 fi
 
-if [ -z "$(which rpmbuild)" ]
+if [ -z "$(command -v rpmbuild)" ]
 then
   echo "rpmbuild not found" >&2
   exit 1
@@ -173,7 +173,7 @@ SPEC_FILE="${SPEC_DIR}/${PACKAGE_NAME_VERSION}.spec"
 #
 
 # Build package
-cd "$TEMP_DIR"
+cd "$TEMP_DIR" || echo "'cd' somehow failed to access temporary dir."
 fakeroot -- rpmbuild --bb "${SPEC_FILE}" --buildroot "${BUILD_ROOT_DIR}"
 
 # Move package to new destination