bash.lang.best-practice.iteration-over-ls-output.iteration-over-ls-output

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

Iterating over ls output is fragile. Use globs, e.g. 'dir/*' instead of '$(ls dir)'.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: iteration-over-ls-output
    patterns:
      - pattern: |
          for $VAR in $LIST; do
            ...
          done
      - pattern: |
          $(ls ...)
    message: Iterating over ls output is fragile. Use globs, e.g. 'dir/*' instead of
      '$(ls dir)'.
    metadata:
      references:
        - https://github.com/koalaman/shellcheck/wiki/SC2045
      category: best-practice
      technology:
        - bash
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    severity: WARNING
    languages:
      - bash

Examples

iteration-over-ls-output.bash

# ok:iteration-over-ls-output
for file in dir/*; do
  echo "Found a file: $file"
done

# ruleid:iteration-over-ls-output
for file in $(ls dir); do echo "Found a file: $file"; done

# ruleid:iteration-over-ls-output
for file in $(ls dir)
do
  echo "Found a file: $file"
done

Short Link: https://sg.run/AXoB