Robbed Of My Glob
Published
Bash is full of footguns. I hit another. 🦶🔫
Let me set the stage: for my portfolio-style website, paulisaweso.me, I have it virtually self-hosted on a DigitalOcean instance. It’s a pretty simple setup with NGINX serving the static files and Let’s Encrypt handling the certificates to enable HTTPS. It’s been on my list to revisit how I host it—Caddy might make sense or maybe I’ll move it entirely to Netlify.
At any rate, I was idly doing some search engine queries to see what my site looked like to search engines. It’s static with pretty minimal content so it’s easy enough to verify by hand. It’s also the “entrypoint” to my online presence—there’s a non-zero amount of traffic that comes from that domain to this blog. To my dismay, I noticed a file that shouldn’t be indexed: an old resume from a different folder structure. Even more worrisome was it was still live so somehow my deployment script wasn’t working as expected.
The last logical step to my deploy.sh
script is a rm
and cp
sequence. The rm
looked like:
rm -rf "$www_dir/*"
Immediately, I decided to run shellcheck
. That led me to SC2115:
- rm -rf "$STEAMROOT/"*
+ rm -rf "${STEAMROOT:?}/"*
OK, that makes sense, don’t want to run
rm -rf /*
.— me
And then it hit me: the *
glob wasn’t being expanded because it’s in double quotes! The corrected line looks like:
rm -rf "${www_dir:?}"/*
Extra Bonus™: that initial (bad) line of code had been like that since 2016. 🙃
I love hearing from readers so please feel free to reach out.
Reply via email • Subscribe via RSS or email
Last modified #bash