Robbed Of My Glob
Published February 4, 2021
Bash is full of footguns. I hit another. đŠ¶đ«
Let me set the stage: for my portfolio-style website, paulisaweso.me, I have it virtually self-hosted on a DigitalOcean instance. Itâs a pretty simple setup with NGINX serving the static files and Letâs Encrypt handling the certificates to enable HTTPS. Itâs been on my list to revist how I host itâCaddy might make sense or maybe Iâll move it entirely to Netlify.
At any rate, I was idly doing some search engine queries to see what my site looked like to search engines. Itâs static with pretty minimal content so itâs easy enough to verify by hand. Itâs also the âentrypointâ to my online presenceâthereâs a non-zero amount of traffic that comes from that domain to this blog. To my dismay, I noticed a file that shouldnât be indexed: an old resume from a different folder structure. Even more worrisome was it was still live so somehow my deployment script wasnât working as expected.
The last logical step to my deploy.sh script is a rm and cp sequence. The rm looked like:
rm -rf "$www_dir/*"Immediately, I decided to run shellcheck. That led me to SC2115:
- rm -rf "$STEAMROOT/"*
+ rm -rf "${STEAMROOT:?}/"*OK, that makes sense, donât want to run
rm -rf /*.â me
And then it hit me: the * glob wasnât being expanded because itâs in double quotes! The corrected line looks like:
rm -rf "${www_dir:?}"/*Extra Bonusâą: that initial (bad) line of code had been like that since 2016. đ
Last modified February 4, 2021 #bash