feat(SC2016,SC2033,SC2067,SC2150,SC2156): check find -ok/-okdir

e-kwsm · e-kwsm · commit 6db7f1e1d4e6 · 2025-11-27T12:58:57.000+09:00
fix #3332
diff --git a/src/ShellCheck/Analytics.hs b/src/ShellCheck/Analytics.hs
@@ -768,7 +768,9 @@ checkFindExec _ cmd@(T_SimpleCommand _ _ t@(h:r)) | cmd `isCommand` "find" = do
         when v (mapM_ warnFor $ fromWord w)
         case getLiteralString w of
             Just "-exec" -> broken r True
-            Just "-execdir" -> broken r True
+            Just "-execdir" -> broken r True -- n.b. -execdir ;/+ is not defined in POSIX
+            Just "-ok" -> broken r True      -- n.b. -ok + is not defined in POSIX
+            Just "-okdir" -> broken r True   -- n.b. -okdir ;/+ is not defined in POSIX
             Just "+" -> broken r False
             Just ";" -> broken r False
             _ -> broken r v
@@ -1142,7 +1144,7 @@ checkSingleQuotedVariables params t@(T_SingleQuoted id s) =
 
     getFindCommand (T_SimpleCommand _ _ words) =
         let list = map getLiteralString words
-            cmd  = dropWhile (\x -> x /= Just "-exec" && x /= Just "-execdir") list
+            cmd  = dropWhile (\x -> x `notElem` map Just ["-exec", "-execdir", "-ok", "-okdir"]) list
         in
           case cmd of
             (flag:cmd:rest) -> fromMaybe "find" cmd
@@ -2387,7 +2389,7 @@ checkFunctionsUsedExternally params t =
             _ -> []
       where
         firstNonFlag = take 1 $ dropFlags argAndString
-        findExecFlags = ["-exec", "-execdir", "-ok"]
+        findExecFlags = ["-exec", "-execdir", "-ok", "-okdir"]
         dropFlags = dropWhile (\x -> "-" `isPrefixOf` fst x)
 
     functionsAndAliases = Map.union (functions t) (aliases t)
diff --git a/src/ShellCheck/Checks/Commands.hs b/src/ShellCheck/Checks/Commands.hs
@@ -470,9 +470,9 @@ checkFindExecWithSingleArgument = CommandCheck (Basename "find") (f . arguments)
         termS <- getLiteralString term
         let cmdS = getLiteralStringDef " " arg
 
-        guard $ execS `elem` ["-exec", "-execdir"] && termS `elem` [";", "+"]
+        guard $ execS `elem` ["-exec", "-execdir", "-ok", "-okdir"] && termS `elem` [";", "+"]
         guard $ cmdS `matches` commandRegex
-        return $ warn (getId exec) 2150 "-exec does not invoke a shell. Rewrite or use -exec sh -c .. ."
+        return $ warn (getId exec) 2150 (execS ++ " does not invoke a shell. Rewrite or use " ++ execS ++ " sh -c .. .")
     check _ = Nothing
     commandRegex = mkRegex "[ |;]"
 
@@ -505,7 +505,7 @@ checkUnusedEchoEscapes = CommandCheck (Basename "echo") f
 
 prop_checkInjectableFindSh1 = verify checkInjectableFindSh "find . -exec sh -c 'echo {}' \\;"
 prop_checkInjectableFindSh2 = verify checkInjectableFindSh "find . -execdir bash -c 'rm \"{}\"' ';'"
-prop_checkInjectableFindSh3 = verifyNot checkInjectableFindSh "find . -exec sh -c 'rm \"$@\"' _ {} \\;"
+prop_checkInjectableFindSh3 = verifyNot checkInjectableFindSh "find . -ok sh -c 'rm \"$@\"' _ {} \\;"
 checkInjectableFindSh = CommandCheck (Basename "find") (check . arguments)
   where
     check args = do
@@ -519,7 +519,7 @@ checkInjectableFindSh = CommandCheck (Basename "find") (check . arguments)
         match (p:tests) args
 
     pattern = [
-        (`elem` ["-exec", "-execdir"]),
+        (`elem` ["-exec", "-execdir", "-ok", "-okdir"]),
         (`elem` ["sh", "bash", "dash", "ksh"]),
         (== "-c")
         ]
