Harden shell parameter substitution

schlessera · schlessera · commit 276daa415a34 · 2021-07-20T08:58:53.000+02:00
diff --git a/bin/install-package-tests b/bin/install-package-tests
@@ -11,74 +11,74 @@
 HOST=localhost
 PORT=""
 HOST_STRING=''
-if [ -n "$WP_CLI_TEST_DBHOST" ]; then
+if [ -n "${WP_CLI_TEST_DBHOST}" ]; then
 	case ${WP_CLI_TEST_DBHOST##*[]]} in
 		(*:*) HOST=${WP_CLI_TEST_DBHOST%:*} PORT=${WP_CLI_TEST_DBHOST##*:};;
-		(*)   HOST=$WP_CLI_TEST_DBHOST;;
+		(*)   HOST=${WP_CLI_TEST_DBHOST};;
 	esac
-  HOST_STRING="-h$HOST"
-  if [ -n "$PORT" ]; then
-  	HOST_STRING="$HOST_STRING -P$PORT --protocol=tcp"
+  HOST_STRING="-h${HOST}"
+  if [ -n "${PORT}" ]; then
+  	HOST_STRING="${HOST_STRING} -P${PORT} --protocol=tcp"
 	fi
 fi
 
 USER=root
-if [ -n "$WP_CLI_TEST_DBROOTUSER" ]; then
-  USER="$WP_CLI_TEST_DBROOTUSER"
+if [ -n "${WP_CLI_TEST_DBROOTUSER}" ]; then
+  USER="${WP_CLI_TEST_DBROOTUSER}"
 fi
 
 PASSWORD_STRING=""
-if [ -n "$WP_CLI_TEST_DBROOTPASS" ]; then
-  PASSWORD_STRING="-p$WP_CLI_TEST_DBROOTPASS"
+if [ -n "${WP_CLI_TEST_DBROOTPASS}" ]; then
+  PASSWORD_STRING="-p${WP_CLI_TEST_DBROOTPASS}"
 fi
 
 TEST_DB=wp_cli_test
-if [ -n "$WP_CLI_TEST_DBNAME" ]; then
-  TEST_DB="$WP_CLI_TEST_DBNAME"
+if [ -n "${WP_CLI_TEST_DBNAME}" ]; then
+  TEST_DB="${WP_CLI_TEST_DBNAME}"
 fi
 
 TEST_USER=wp_cli_test
-if [ -n "$WP_CLI_TEST_DBUSER" ]; then
-  TEST_USER="$WP_CLI_TEST_DBUSER"
+if [ -n "${WP_CLI_TEST_DBUSER}" ]; then
+  TEST_USER="${WP_CLI_TEST_DBUSER}"
 fi
 
 TEST_PASSWORD=password1
-if [ -n "$WP_CLI_TEST_DBPASS" ]; then
-  TEST_PASSWORD="$WP_CLI_TEST_DBPASS"
+if [ -n "${WP_CLI_TEST_DBPASS}" ]; then
+  TEST_PASSWORD="${WP_CLI_TEST_DBPASS}"
 fi
 
 # Prepare the database for running the tests with a MySQL version 8.0 or higher.
 install_mysql_db_8_0_plus() {
 	set -ex
-	mysql -e "CREATE DATABASE IF NOT EXISTS \`$TEST_DB\`;" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
-	mysql -e "CREATE USER IF NOT EXISTS \`$TEST_DB\`@'%' IDENTIFIED WITH mysql_native_password BY '$TEST_PASSWORD'" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
-	mysql -e "GRANT ALL PRIVILEGES ON \`$TEST_DB\`.* TO '$TEST_USER'@'%'" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
-	mysql -e "GRANT ALL PRIVILEGES ON \`$TEST_DB_scaffold\`.* TO '$TEST_USER'@'%'" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
+	mysql -e "CREATE DATABASE IF NOT EXISTS \`${TEST_DB}\`;" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
+	mysql -e "CREATE USER IF NOT EXISTS \`${TEST_DB}\`@'%' IDENTIFIED WITH mysql_native_password BY '${TEST_PASSWORD}'" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
+	mysql -e "GRANT ALL PRIVILEGES ON \`${TEST_DB}\`.* TO '${TEST_USER}'@'%'" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
+	mysql -e "GRANT ALL PRIVILEGES ON \`${TEST_DB}_scaffold\`.* TO '${TEST_USER}'@'%'" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
 }
 
 # Prepare the database for running the tests with a MySQL version lower than 8.0.
 install_mysql_db_lower_than_8_0() {
 	set -ex
-	mysql -e "CREATE DATABASE IF NOT EXISTS \`$TEST_DB\`;" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
-	mysql -e "GRANT ALL ON \`$TEST_DB\`.* TO '$TEST_USER'@'%' IDENTIFIED BY '$TEST_PASSWORD'" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
-	mysql -e "GRANT ALL ON \`$TEST_DB_scaffold\`.* TO '$TEST_USER'@'%' IDENTIFIED BY '$TEST_PASSWORD'" $HOST_STRING -u"$USER" "$PASSWORD_STRING"
+	mysql -e "CREATE DATABASE IF NOT EXISTS \`${TEST_DB}\`;" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
+	mysql -e "GRANT ALL ON \`${TEST_DB}\`.* TO '${TEST_USER}'@'%' IDENTIFIED BY '${TEST_PASSWORD}'" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
+	mysql -e "GRANT ALL ON \`${TEST_DB}_scaffold\`.* TO '${TEST_USER}'@'%' IDENTIFIED BY '${TEST_PASSWORD}'" ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}"
 }
 
-VERSION_STRING=$(mysql -e "SELECT VERSION()" --skip-column-names $HOST_STRING -u"$USER" "$PASSWORD_STRING")
-VERSION=$(echo "$VERSION_STRING" | grep -o '^[^-]*')
-MAJOR=$(echo "$VERSION" | cut -d. -f1)
-MINOR=$(echo "$VERSION" | cut -d. -f2)
+VERSION_STRING=$(mysql -e "SELECT VERSION()" --skip-column-names ${HOST_STRING} -u"${USER}" "${PASSWORD_STRING}")
+VERSION=$(echo "${VERSION_STRING}" | grep -o '^[^-]*')
+MAJOR=$(echo "${VERSION}" | cut -d. -f1)
+MINOR=$(echo "${VERSION}" | cut -d. -f2)
 TYPE="MySQL"
-case "$VERSION_STRING" in
+case "${VERSION_STRING}" in
 	*"MariaDB"*)
 		TYPE="MariaDB"
 		;;
 esac
 
-echo "Detected $TYPE at version $MAJOR.$MINOR"
+echo "Detected ${TYPE} at version ${MAJOR}.${MINOR}"
 
 
-if [ "$TYPE" != "MariaDB" ] && [ "$MAJOR" -ge 8 ]; then
+if [ "${TYPE}" != "MariaDB" ] && [ "${MAJOR}" -ge 8 ]; then
 	install_mysql_db_8_0_plus
 else
 	install_mysql_db_lower_than_8_0
