You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
2.2 KiB
Bash
87 lines
2.2 KiB
Bash
#!/usr/bin/env bash
|
|
# vim:ts=4:sts=4:sw=4:et
|
|
#
|
|
# Author: Hari Sekhon
|
|
# Date: 2017-10-06 13:17:14 +0200 (Fri, 06 Oct 2017)
|
|
#
|
|
# https://github.com/HariSekhon/DevOps-Bash-tools
|
|
#
|
|
# License: see accompanying Hari Sekhon LICENSE file
|
|
#
|
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
|
#
|
|
# https://www.linkedin.com/in/HariSekhon
|
|
#
|
|
|
|
set -euo pipefail
|
|
[ -n "${DEBUG:-}" ] && set -x
|
|
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# shellcheck source=lib/utils.sh disable=SC1091
|
|
. "$srcdir/lib/utils.sh"
|
|
|
|
# NFS issues sometimes cause scripts to rewritten from vim without executable bit set, which then gets committed to git by accident
|
|
|
|
section "Finding Non Executable Scripts"
|
|
|
|
# These shouldn't be executable even if they have #! lines for syntax reasons
|
|
exceptions='
|
|
\.bash\.d
|
|
/lib/
|
|
/\..+
|
|
env$
|
|
\.env
|
|
\.envrc
|
|
shrc$
|
|
\..*login$
|
|
\..*logout$
|
|
\.bak
|
|
\.pm$
|
|
'
|
|
exceptions_regex=""
|
|
for exception in $exceptions; do
|
|
exceptions_regex="$exceptions_regex|$exception"
|
|
done
|
|
exceptions_regex="(${exceptions_regex#|})"
|
|
|
|
filter_is_git_committed(){
|
|
while read -r filename; do
|
|
pushd "$(dirname "$filename")" &>/dev/null
|
|
set +o pipefail
|
|
git status --porcelain "$filename" | grep -q '^??' || echo "$filename"
|
|
set -o pipefail
|
|
popd &>/dev/null
|
|
done
|
|
}
|
|
|
|
# only if at start of file, not part why through like %pre / %post sections of anaconda-ks.cfg kickstart file
|
|
filter_is_shebang(){
|
|
while read -r filename; do
|
|
if [ "$(head -c 2 "$filename")" = '#!' ]; then
|
|
echo "$filename"
|
|
fi
|
|
done
|
|
}
|
|
|
|
set +o pipefail
|
|
# -executable switch not available on Mac
|
|
# trying to build up successive -name options doesn't work and ruins the logic of find, simplify to grep
|
|
non_executable_scripts="$(
|
|
eval find "${1:-$PWD}" -maxdepth 2 -type f -not -perm -u+x |
|
|
xargs grep -l '^#!' |
|
|
grep -Ev "$exceptions_regex" |
|
|
filter_is_shebang |
|
|
filter_is_git_committed |
|
|
tee /dev/stderr
|
|
)"
|
|
set -o pipefail
|
|
|
|
echo
|
|
if [ -z "$non_executable_scripts" ]; then
|
|
echo "OK: no non-executable scripts detected"
|
|
exit 0
|
|
else
|
|
echo 'FAILED: non-executable scripts detected!'
|
|
exit 1
|
|
fi
|