METRICS: Using configs from the Registry (like --config=p/ci) reports pseudonymous rule metrics to semgrep.dev.
To disable Registry rule metrics, use "--metrics=off".
Using configs only from local files (like --config=xyz.yml) does not enable metrics.
More information: https://semgrep.dev/docs/metrics
┌─────────────┐
│ Scan Status │
└─────────────┘
Scanning 2048 files tracked by git with 7 Code rules:
Scanning 37 files with 7 bash rules.
┌───────────────────┐
│ 267 Code Findings │
└───────────────────┘
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/bin/ipcalc.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
3┆ awk -f - $* <<EOF
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/config/uci.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
40┆ DATA="$(/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} ${LOAD_STATE:+-P /var/state} -S -n export
"$PACKAGE" 2>/dev/null)"
⋮┆----------------------------------------
45┆ ${CONFIG_SECTION:+config_cb}
⋮┆----------------------------------------
51┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} -q show "$PACKAGE" > /dev/null && return 0
⋮┆----------------------------------------
52┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} import "$PACKAGE"
⋮┆----------------------------------------
53┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} commit "$PACKAGE"
⋮┆----------------------------------------
61┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} -P /var/state revert
"$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}"
⋮┆----------------------------------------
71┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} -P /var/state set
"$PACKAGE.$CONFIG${OPTION:+.$OPTION}=$VALUE"
⋮┆----------------------------------------
85┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} set "$PACKAGE.$CONFIG.$OPTION=$VALUE"
⋮┆----------------------------------------
99┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} ${STATE:+-P $STATE} -q get
"$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}"
⋮┆----------------------------------------
113┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} set "$PACKAGE.$CONFIG=$TYPE"
⋮┆----------------------------------------
124┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} rename
"$PACKAGE.$CONFIG${VALUE:+.$OPTION}=${VALUE:-$OPTION}"
⋮┆----------------------------------------
132┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} del "$PACKAGE.$CONFIG${OPTION:+.$OPTION}"
⋮┆----------------------------------------
137┆ /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} commit $PACKAGE
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/leds.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
23┆ led_set_attr $1 "trigger" "timer"
⋮┆----------------------------------------
24┆ led_set_attr $1 "delay_on" "$2"
⋮┆----------------------------------------
25┆ led_set_attr $1 "delay_off" "$3"
⋮┆----------------------------------------
29┆ led_set_attr $1 "trigger" "none"
⋮┆----------------------------------------
30┆ led_set_attr $1 "brightness" 255
⋮┆----------------------------------------
34┆ led_set_attr $1 "trigger" "none"
⋮┆----------------------------------------
35┆ led_set_attr $1 "brightness" 0
⋮┆----------------------------------------
39┆ led_timer $status_led "$1" "$2"
⋮┆----------------------------------------
40┆ [ -n "$status_led2" ] && led_timer $status_led2 "$1" "$2"
⋮┆----------------------------------------
44┆ led_set_attr $status_led "trigger" "heartbeat"
⋮┆----------------------------------------
48┆ led_on $status_led
⋮┆----------------------------------------
49┆ [ -n "$status_led2" ] && led_on $status_led2
⋮┆----------------------------------------
53┆ led_off $status_led
⋮┆----------------------------------------
54┆ [ -n "$status_led2" ] && led_off $status_led2
⋮┆----------------------------------------
58┆ led_timer $status_led 1000 1000
⋮┆----------------------------------------
62┆ led_timer $status_led 100 100
⋮┆----------------------------------------
66┆ led_timer $status_led 100 100
⋮┆----------------------------------------
70┆ led_timer $status_led 50 50
⋮┆----------------------------------------
74┆ led_timer $status_led 200 200
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/network.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
18┆ __tmp="$(jsonfilter ${4:+-F "$4"} ${5:+-l "$5"} -s "${__NETWORK_CACHE:-{}}" -e
"$1=@.interface${2:+[@.interface='$2']}$3")"
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/preinit.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
62┆ $func "$1" "$2"
⋮┆----------------------------------------
68┆ /bin/mount -o noatime,move /proc $1/proc && \
⋮┆----------------------------------------
69┆ pivot_root $1 $1$2 && {
⋮┆----------------------------------------
70┆ /bin/mount -o noatime,move $2/dev /dev
⋮┆----------------------------------------
71┆ /bin/mount -o noatime,move $2/tmp /tmp
⋮┆----------------------------------------
72┆ /bin/mount -o noatime,move $2/sys /sys 2>&-
⋮┆----------------------------------------
73┆ /bin/mount -o noatime,move $2/overlay /overlay 2>&-
⋮┆----------------------------------------
79┆ /bin/mount -o noatime,lowerdir=/,upperdir=$1,workdir=$2 -t overlay "overlayfs:$1" /mnt
⋮┆----------------------------------------
80┆ pivot /mnt $3
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/procd.sh
external.semgrep-rules.bash.lang.correctness.unquoted-command-substitution-in-command
The result of command substitution $(...) or `...`, if unquoted, is split on whitespace or
other separators specified by the IFS variable. You should surround it with double quotes to
avoid splitting the result.
250┆ json_add_int "$type" $(kill -l "$1")
⋮┆----------------------------------------
485┆ [ "$_error" = "0" ] || `/sbin/validate_data "$_package" "$_type" "$_name" "$@" 1> /dev/null`
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
43┆ local service_name="$(basename ${basescript:-$initscript})"
⋮┆----------------------------------------
60┆ json_set_namespace $old_cb
⋮┆----------------------------------------
100┆ _procd_ubus_call ${1:-set}
⋮┆----------------------------------------
290┆ local name=$(basename ${script:-$initscript})
⋮┆----------------------------------------
293┆ _procd_add_interface_trigger "interface.*" $1 /etc/init.d/$name reload
⋮┆----------------------------------------
339┆ local name=$(basename ${script:-$initscript})
⋮┆----------------------------------------
344┆ _procd_add_config_trigger "config.change" "$file" /etc/init.d/$name reload
⋮┆----------------------------------------
351┆ $@
⋮┆----------------------------------------
387┆ _procd_add_array_data ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/service.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
74┆ $ssd${1:+ -- "$@"}
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/system.sh
external.semgrep-rules.bash.lang.correctness.unquoted-command-substitution-in-command
The result of command substitution $(...) or `...`, if unquoted, is split on whitespace or
other separators specified by the IFS variable. You should surround it with double quotes to
avoid splitting the result.
96┆ echo $((0x$size))
⋮┆----------------------------------------
108┆ nic=$(printf "%06x" $((0x${nic//:/} + $val & 0xffffff)) | sed
's/^\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)/\1:\2:\3/')
⋮┆----------------------------------------
115┆ printf "%02x:%s" $((0x${mac%%:*} | 0x02)) ${mac#*:}
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
12┆ hexdump -v -n 6 -s $offset -e '5/1 "%02x:" 1/1 "%02x"' $path 2>/dev/null
⋮┆----------------------------------------
79┆ local ubidev=$(nand_find_ubi $CI_UBIPART)
⋮┆----------------------------------------
80┆ local part=$(nand_find_volume $ubidev $1)
⋮┆----------------------------------------
87┆ hexdump -v -n 6 -s $offset -e '5/1 "%02x:" 1/1 "%02x"' /dev/$part 2>/dev/null
⋮┆----------------------------------------
96┆ echo $((0x$size))
⋮┆----------------------------------------
108┆ nic=$(printf "%06x" $((0x${nic//:/} + $val & 0xffffff)) | sed
's/^\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)/\1:\2:\3/')
⋮┆----------------------------------------
109┆ echo $oui:$nic
⋮┆----------------------------------------
115┆ printf "%02x:%s" $((0x${mac%%:*} | 0x02)) ${mac#*:}
⋮┆----------------------------------------
115┆ printf "%02x:%s" $((0x${mac%%:*} | 0x02)) ${mac#*:}
⋮┆----------------------------------------
121┆ echo -ne \\x${mac//:/\\x}
⋮┆----------------------------------------
128┆ mac=$(echo -n $mac | tr -d \")
⋮┆----------------------------------------
154┆ printf "%02x:%02x:%02x:%02x:%02x:%02x" 0x${canon// / 0x} 2>/dev/null
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions/uci-defaults.
sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
404┆ _ucidef_set_led_timer $1 $2 $3 "oneshot" $4 $5
⋮┆----------------------------------------
475┆ _ucidef_set_led_timer $1 $2 $3 "timer" $4 $5
⋮┆----------------------------------------
582┆ [ -f ${CFG} ] && json_load "$(cat ${CFG})"
⋮┆----------------------------------------
597┆ mv /tmp/.board.json ${CFG}
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/functions.sh
external.semgrep-rules.bash.lang.best-practice.iteration-over-ls-output
Iterating over ls output is fragile. Use globs, e.g. 'dir/*' instead of '$(ls dir)'.
263┆ for file in $(ls $1/*.sh 2>/dev/null); do
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.best-practice.useless-cat
Useless call to 'cat' in a pipeline. Use '<' and '>' for any command to read from a file or
write to a file.
304┆ gids=$(cat ${IPKG_INSTROOT}/etc/group | cut -d: -f3)
⋮┆----------------------------------------
332┆ uids=$(cat ${IPKG_INSTROOT}/etc/passwd | cut -d: -f3)
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
8┆ ${DEBUG:-:} "$@"
⋮┆----------------------------------------
57┆ export ${NO_EXPORT:+-n} CONFIG_NUM_SECTIONS=$(($CONFIG_NUM_SECTIONS + 1))
⋮┆----------------------------------------
80┆ len=$(($len + 1))
⋮┆----------------------------------------
96┆ *) eval export ${NO_EXPORT:+-n} -- "${1}=\${CONFIG_${2}_${3}:-\${4}}";
⋮┆----------------------------------------
149┆ c="$(($c + 1))"
⋮┆----------------------------------------
155┆ local pkgname="$(basename ${1%.*})"
⋮┆----------------------------------------
166┆ ${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" disable
⋮┆----------------------------------------
175┆ return $ret
⋮┆----------------------------------------
180┆ local rusers="$(sed -ne 's/^Require-User: *//p' $root/usr/lib/opkg/info/${pkgname}.control 2>/dev/null)"
⋮┆----------------------------------------
188┆ set -- $tuple; uname="$1"; gname="$2"
⋮┆----------------------------------------
190┆ set -- $uname; uname="$1"; uid="$2"
⋮┆----------------------------------------
191┆ set -- $gname; gname="$1"; gid="$2"
⋮┆----------------------------------------
215┆ local pkgname="$(basename ${1%.*})"
⋮┆----------------------------------------
226┆ cp -R $root/rootfs-overlay/. $root/
⋮┆----------------------------------------
227┆ rm -fR $root/rootfs-overlay/
⋮┆----------------------------------------
238┆ ( [ -f "$i" ] && cd "$(dirname $i)" && . "$i" ) && rm -f "$i"
⋮┆----------------------------------------
248┆ ${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" enable
⋮┆----------------------------------------
257┆ return $ret
⋮┆----------------------------------------
263┆ for file in $(ls $1/*.sh 2>/dev/null); do
⋮┆----------------------------------------
264┆ . $file
⋮┆----------------------------------------
272┆ echo ${INDEX}
⋮┆----------------------------------------
294┆ grep -qs "^${1}:" ${IPKG_INSTROOT}/etc/group
⋮┆----------------------------------------
299┆ gid=$(grep -s "^${1}:" ${IPKG_INSTROOT}/etc/group | cut -d: -f3)
⋮┆----------------------------------------
301┆ echo $gid
⋮┆----------------------------------------
304┆ gids=$(cat ${IPKG_INSTROOT}/etc/group | cut -d: -f3)
⋮┆----------------------------------------
309┆ group_add $1 $gid
⋮┆----------------------------------------
310┆ echo $gid
⋮┆----------------------------------------
315┆ grp=$(grep -s "^${1}:" ${IPKG_INSTROOT}/etc/group)
⋮┆----------------------------------------
319┆ sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
⋮┆----------------------------------------
332┆ uids=$(cat ${IPKG_INSTROOT}/etc/passwd | cut -d: -f3)
⋮┆----------------------------------------
347┆ grep -qs "^${1}:" ${IPKG_INSTROOT}/etc/passwd
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.security.ifs-tampering
The special variable IFS affects how splitting takes place when expanding unquoted
variables. Don't set it globally. Prefer a dedicated utility such as 'cut' or 'awk' if you
need to split input data. If you must use 'read', set IFS locally using e.g. 'IFS="," read
-a my_array'.
187┆ IFS=":"
⋮┆----------------------------------------
189┆ IFS="="
⋮┆----------------------------------------
192┆ IFS="$oIFS"
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/hostapd.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
5┆ local val="$(($2 / 1000))"
⋮┆----------------------------------------
7┆ append $var "$val" ","
⋮┆----------------------------------------
8┆ [ $sub -gt 0 ] && append $var "."
⋮┆----------------------------------------
13┆ local val="$(($2 / 100))"
⋮┆----------------------------------------
14┆ append $var "$val" " "
⋮┆----------------------------------------
26┆ zidx=$(($idx - 1))
⋮┆----------------------------------------
29┆ append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T"
⋮┆----------------------------------------
34┆ append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T"
⋮┆----------------------------------------
40┆ local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')"
⋮┆----------------------------------------
630┆ ($log_80211 << 0) | \
⋮┆----------------------------------------
631┆ ($log_8021x << 1) | \
⋮┆----------------------------------------
632┆ ($log_radius << 2) | \
⋮┆----------------------------------------
633┆ ($log_wpa << 3) | \
⋮┆----------------------------------------
634┆ ($log_driver << 4) | \
⋮┆----------------------------------------
635┆ ($log_iapp << 5) | \
⋮┆----------------------------------------
636┆ ($log_mlme << 6) \
⋮┆----------------------------------------
708┆ $ap_scan
⋮┆----------------------------------------
709┆ $country_str
⋮┆----------------------------------------
927┆ /usr/sbin/wpa_supplicant -B -s \
928┆ ${network_bridge:+-b
$network_bridge} \
929┆ -P
"/var/run/wpa_supplicant-${ifname}.pid" \
930┆ -D
${_w_driver:-wext} \
931┆ -i
"$ifname" \
932┆ -c
"$_config" \
933┆ -C
"$_rpath" \
934┆
"$@"
⋮┆----------------------------------------
941┆ return $ret
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/netifd-proto.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
5┆ . $NETIFD_MAIN_DIR/utils.sh
⋮┆----------------------------------------
265┆ ubus $options call network.interface notify_proto "$(json_dump)"
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/netifd-wireless.
sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
4┆ . $NETIFD_MAIN_DIR/utils.sh
⋮┆----------------------------------------
99┆ json_set_namespace $old_cb
⋮┆----------------------------------------
124┆ ubus $options call network.wireless notify "$(json_dump)"
⋮┆----------------------------------------
142┆ _wdev_notify_init $CMD_SET_DATA "$name"
⋮┆----------------------------------------
149┆ _wdev_notify_init $CMD_UP
⋮┆----------------------------------------
154┆ _wdev_notify_init $CMD_SET_DATA
⋮┆----------------------------------------
160┆ _wdev_notify_init $CMD_PROCESS_ADD
⋮┆----------------------------------------
166┆ exe2="$(readlink -f /proc/$1/exe)"
⋮┆----------------------------------------
172┆ _wdev_notify_init $CMD_PROCESS_KILL_ALL
⋮┆----------------------------------------
178┆ _wdev_notify_init $CMD_SET_RETRY
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/proto/dhcp.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
64┆ proto_run_command "$config" udhcpc \
65┆ -p
/var/run/udhcpc-$iface.pid \
66┆ -s
/lib/netifd/dhcp.script \
67┆ -f -t 0 -i
"$iface" \
68┆ ${ipaddr:+-r
$ipaddr} \
69┆ ${hostname:+-x
"hostname:$hostname"} \
70┆ ${vendorid:+-V
"$vendorid"} \
71┆ $clientid $defaultreqopts $broadcast $release
$dhcpopts
⋮┆----------------------------------------
78┆ [ -n "$sigusr1" ] && proto_kill_command "$interface" $sigusr1
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/proto/dhcpv6.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
119┆ proto_run_command "$config" odhcp6c \
120┆ -s
/lib/netifd/dhcpv6.script \
121┆ $opts
$iface
⋮┆----------------------------------------
128┆ [ -n "$sigusr1" ] && proto_kill_command "$interface" $sigusr1
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/proto/ppp.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
137┆ proto_run_command "$config" /usr/sbin/pppd \
138┆ nodetach ipparam
"$config" \
139┆ ifname
"$pppname" \
140┆
${localip:+$localip:} \
141┆ ${lcp_failure:+lcp-echo-interval $lcp_interval lcp-echo-failure $lcp_failure
$lcp_adaptive} \
142┆
${ipv6:++ipv6} \
143┆ ${autoipv6:+set
AUTOIPV6=1} \
144┆ ${ip6table:+set
IP6TABLE=$ip6table} \
145┆ ${peerdns:+set
PEERDNS=$peerdns} \
146┆
nodefaultroute \
[hid 12 additional lines, adjust with --max-lines-per-finding]
163┆ local errorstring=$(ppp_exitcode_tostring $ERROR)
⋮┆----------------------------------------
221┆ /sbin/insmod $module 2>&- >&-
⋮┆----------------------------------------
231┆ ppp_generic_setup "$config" \
232┆ plugin
rp-pppoe.so \
233┆ ${ac:+rp_pppoe_ac
"$ac"} \
234┆ ${service:+rp_pppoe_service
"$service"} \
235┆ ${host_uniq:+host-uniq
"$host_uniq"} \
236┆
"nic-$iface"
⋮┆----------------------------------------
259┆ /sbin/insmod $module 2>&- >&-
⋮┆----------------------------------------
269┆ ppp_generic_setup "$config" \
270┆ plugin
pppoatm.so \
271┆
${atmdev:+$atmdev.}${vpi:-8}.${vci:-35} \
272┆
${encaps}
⋮┆----------------------------------------
296┆ ( proto_add_host_dependency "$config" "$ip" $interface )
⋮┆----------------------------------------
310┆ /sbin/insmod $module 2>&- >&-
⋮┆----------------------------------------
315┆ ppp_generic_setup "$config" \
316┆ plugin
pptp.so \
317┆ pptp_server
$server \
318┆ file
/etc/ppp/options.pptp
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/utils.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
13┆ case "$(type $1 2>/dev/null)" in
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/netifd/wireless/mac8021
1.sh
external.semgrep-rules.bash.lang.best-practice.iteration-over-ls-output
Iterating over ls output is fragile. Use globs, e.g. 'dir/*' instead of '$(ls dir)'.
400┆ for phy in $(ls /sys/class/ieee80211 2>/dev/null); do
⋮┆----------------------------------------
407┆ for phy in $(ls /sys/class/ieee80211 2>/dev/null); do
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-command-substitution-in-command
The result of command substitution $(...) or `...`, if unquoted, is split on whitespace or
other separators specified by the IFS variable. You should surround it with double quotes to
avoid splitting the result.
347┆ head -n $(($macidx + 1)) /sys/class/ieee80211/${phy}/addresses | tail -n1
⋮┆----------------------------------------
386┆ printf "%s:%s:%s:%s:%s:%02x" $1 $2 $3 $4 $5 $(( 0x$6 ^ $id ))
⋮┆----------------------------------------
391┆ printf "%s:%s:%s:%s:%02x:%02x" \
392┆ $1 $2 $3
$4 \
393┆ $(( (0x$5 + $off2) % 0x100
)) \
394┆ $(( (0x$6 + $id) % 0x100
))
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
18┆ command iw $@ || logger -t mac80211 "Failed command: iw $@"
⋮┆----------------------------------------
67┆ config_add_int $MP_CONFIG_INT
⋮┆----------------------------------------
68┆ config_add_boolean $MP_CONFIG_BOOL
⋮┆----------------------------------------
69┆ config_add_string $MP_CONFIG_STRING
⋮┆----------------------------------------
80┆ set -- $capab
⋮┆----------------------------------------
109┆ case "$(( ($channel / 4) % 2 ))" in
⋮┆----------------------------------------
151┆ ht_cap_mask="$(($ht_cap_mask | $cap))"
⋮┆----------------------------------------
151┆ ht_cap_mask="$(($ht_cap_mask | $cap))"
⋮┆----------------------------------------
156┆ ht_cap_mask="$(( ($ht_cap_mask & ~(0x300)) | ($cap_rx_stbc << 8) ))"
⋮┆----------------------------------------
156┆ ht_cap_mask="$(( ($ht_cap_mask & ~(0x300)) | ($cap_rx_stbc << 8) ))"
⋮┆----------------------------------------
158┆ mac80211_add_capabilities ht_capab_flags $ht_cap_mask \
159┆
LDPC:0x1::$ldpc \
160┆
GF:0x10::$greenfield \
161┆
SHORT-GI-20:0x20::$short_gi_20 \
162┆
SHORT-GI-40:0x40::$short_gi_40 \
163┆
TX-STBC:0x80::$tx_stbc \
164┆
RX-STBC1:0x300:0x100:1 \
165┆
RX-STBC12:0x300:0x200:1 \
166┆
RX-STBC123:0x300:0x300:1 \
167┆
MAX-AMSDU-7935:0x800::$max_amsdu \
[hid 1 additional lines, adjust with --max-lines-per-finding]
180┆ case "$(( ($channel / 4) % 2 ))" in
⋮┆----------------------------------------
181┆ 1) idx=$(($channel + 2));
⋮┆----------------------------------------
182┆ 0) idx=$(($channel - 2));
⋮┆----------------------------------------
189┆ case "$(( ($channel / 4) % 4 ))" in
⋮┆----------------------------------------
190┆ 1) idx=$(($channel + 6));
⋮┆----------------------------------------
191┆ 2) idx=$(($channel + 2));
⋮┆----------------------------------------
192┆ 3) idx=$(($channel - 2));
⋮┆----------------------------------------
193┆ 0) idx=$(($channel - 6));
⋮┆----------------------------------------
233┆ vht_cap="$(($vht_cap | $cap))"
⋮┆----------------------------------------
233┆ vht_cap="$(($vht_cap | $cap))"
⋮┆----------------------------------------
238┆ vht_cap="$(( ($vht_cap & ~(0x700)) | ($cap_rx_stbc << 8) ))"
⋮┆----------------------------------------
238┆ vht_cap="$(( ($vht_cap & ~(0x700)) | ($cap_rx_stbc << 8) ))"
⋮┆----------------------------------------
240┆ mac80211_add_capabilities vht_capab $vht_cap \
241┆
RXLDPC:0x10::$rxldpc \
242┆
SHORT-GI-80:0x20::$short_gi_80 \
243┆
SHORT-GI-160:0x40::$short_gi_160 \
244┆
TX-STBC-2BY1:0x80::$tx_stbc_2by1 \
245┆
SU-BEAMFORMER:0x800::$su_beamformer \
246┆
SU-BEAMFORMEE:0x1000::$su_beamformee \
247┆
MU-BEAMFORMER:0x80000::$mu_beamformer \
248┆
MU-BEAMFORMEE:0x100000::$mu_beamformee \
249┆
VHT-TXOP-PS:0x200000::$vht_txop_ps \
[hid 7 additional lines, adjust with --max-lines-per-finding]
308┆ ${channel:+channel=$channel}
⋮┆----------------------------------------
309┆ ${channel_list:+chanlist=$channel_list}
⋮┆----------------------------------------
310┆ ${noscan:+noscan=$noscan}
⋮┆----------------------------------------
311┆ $base_cfg
⋮┆----------------------------------------
345┆ local idx="$(($2 + 1))"
⋮┆----------------------------------------
347┆ head -n $(($macidx + 1)) /sys/class/ieee80211/${phy}/addresses | tail -n1
⋮┆----------------------------------------
347┆ head -n $(($macidx + 1)) /sys/class/ieee80211/${phy}/addresses | tail -n1
⋮┆----------------------------------------
354┆ local ref="$(cat /sys/class/ieee80211/${phy}/macaddress)"
⋮┆----------------------------------------
355┆ local mask="$(cat /sys/class/ieee80211/${phy}/address_mask)"
⋮┆----------------------------------------
369┆ local oIFS="$IFS"; IFS=":"; set -- $mask; IFS="$oIFS"
⋮┆----------------------------------------
374┆ local oIFS="$IFS"; IFS=":"; set -- $ref; IFS="$oIFS"
⋮┆----------------------------------------
376┆ macidx=$(($id + 1))
⋮┆----------------------------------------
381┆ printf "%02x:%s:%s:%s:%s:%s" $b1 $2 $3 $4 $5 $6
⋮┆----------------------------------------
386┆ printf "%s:%s:%s:%s:%s:%02x" $1 $2 $3 $4 $5 $(( 0x$6 ^ $id ))
⋮┆----------------------------------------
386┆ printf "%s:%s:%s:%s:%s:%02x" $1 $2 $3 $4 $5 $(( 0x$6 ^ $id ))
⋮┆----------------------------------------
390┆ off2=$(( (0x$6 + $id) / 0x100 ))
⋮┆----------------------------------------
391┆ printf "%s:%s:%s:%s:%02x:%02x" \
392┆ $1 $2 $3
$4 \
393┆ $(( (0x$5 + $off2) % 0x100
)) \
394┆ $(( (0x$6 + $id) % 0x100
))
⋮┆----------------------------------------
393┆ $(( (0x$5 + $off2) % 0x100 )) \
⋮┆----------------------------------------
394┆ $(( (0x$6 + $id) % 0x100 ))
⋮┆----------------------------------------
401┆ case "$(readlink -f /sys/class/ieee80211/$phy/device)" in
⋮┆----------------------------------------
425┆ iw phy "$phy" interface add "$ifname" type "$type" $wdsflag
⋮┆----------------------------------------
432┆ iw phy "$phy" interface add "$ifname" type "$type" $wdsflag
⋮┆----------------------------------------
443┆ return $rc
⋮┆----------------------------------------
452┆ if_idx=$((${if_idx:-0} + 1))
⋮┆----------------------------------------
460┆ macaddr="$(mac80211_generate_mac $phy)"
⋮┆----------------------------------------
461┆ macidx="$(($macidx + 1))"
⋮┆----------------------------------------
498┆ staidx="$(($staidx + 1))"
⋮┆----------------------------------------
508┆ [ "$auto_channel" -gt 0 ] || iw dev "$ifname" set channel "$channel" $htmode
⋮┆----------------------------------------
530┆ wpa_supplicant_run "$ifname" ${hostapd_ctrl:+-H $hostapd_ctrl}
⋮┆----------------------------------------
545┆ case "$(( ($channel / 4) % 2 ))" in
⋮┆----------------------------------------
590┆ ikey="$(($idx - 1)):$(prepare_key_wep "$ikey")"
⋮┆----------------------------------------
610┆ iw dev "$ifname" ibss join "$ssid" $freq $ibss_htmode fixed-freq $bssid \
611┆ beacon-interval
$beacon_int \
612┆ ${brstr:+basic-rates
$brstr} \
613┆ ${mcval:+mcast-rate
$mcval} \
614┆ ${keyspec:+keys
$keyspec}
⋮┆----------------------------------------
629┆ case "$(( ($channel / 4) % 2 ))" in
⋮┆----------------------------------------
657┆ iw dev "$ifname" mesh join "$ssid" freq $freq $mesh_htmode \
658┆ ${mcval:+mcast-rate
$mcval} \
659┆ beacon-interval
$beacon_int
⋮┆----------------------------------------
789┆ iw phy "$phy" set antenna $txantenna $rxantenna >/dev/null 2>&1
⋮┆----------------------------------------
790┆ iw phy "$phy" set antenna_gain $antenna_gain
⋮┆----------------------------------------
807┆ /usr/sbin/hostapd -s -P /var/run/wifi-$phy.pid -B "$hostapd_conf_file"
⋮┆----------------------------------------
809┆ wireless_add_process "$(cat /var/run/wifi-$phy.pid)" "/usr/sbin/hostapd" 1
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.security.ifs-tampering
The special variable IFS affects how splitting takes place when expanding unquoted
variables. Don't set it globally. Prefer a dedicated utility such as 'cut' or 'awk' if you
need to split input data. If you must use 'read', set IFS locally using e.g. 'IFS="," read
-a my_array'.
78┆ IFS=:
⋮┆----------------------------------------
86┆ IFS="$oifs"
⋮┆----------------------------------------
369┆ local oIFS="$IFS"; IFS=":"; set -- $mask; IFS="$oIFS"
⋮┆----------------------------------------
369┆ local oIFS="$IFS"; IFS=":"; set -- $mask; IFS="$oIFS"
⋮┆----------------------------------------
374┆ local oIFS="$IFS"; IFS=":"; set -- $ref; IFS="$oIFS"
⋮┆----------------------------------------
374┆ local oIFS="$IFS"; IFS=":"; set -- $ref; IFS="$oIFS"
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/network/config.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
12┆ json_load "$(ifstatus $interface)"
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/upgrade/common.sh
external.semgrep-rules.bash.lang.best-practice.useless-cat
Useless call to 'cat' in a pipeline. Use '<' and '>' for any command to read from a file or
write to a file.
92┆ cat "$from" 2>/dev/null | $cmd
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-command-substitution-in-command
The result of command substitution $(...) or `...`, if unquoted, is split on whitespace or
other separators specified by the IFS variable. You should surround it with double quotes to
avoid splitting the result.
124┆ set -- $(dd if=$disk bs=1 skip=440 count=4 2>/dev/null | hexdump -v -e '4/1 "%02x "')
⋮┆----------------------------------------
191┆ set -- $(hexdump -v -n 12 -s "$((0x1B2 + $part * 16))" -e '3/4 "0x%08X "' "$disk")
⋮┆----------------------------------------
193┆ local type="$(( $(hex_le32_to_cpu $1) % 256))"
⋮┆----------------------------------------
194┆ local lba="$(( $(hex_le32_to_cpu $2) ))"
⋮┆----------------------------------------
195┆ local num="$(( $(hex_le32_to_cpu $3) ))"
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
5┆ [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
⋮┆----------------------------------------
6┆ libs() { ldd $* 2>/dev/null | sed -r 's/(.* => )?(.*) .*/\2/'; }
⋮┆----------------------------------------
34┆ [ -x "$src" ] && files="$src $(libs $src)"
⋮┆----------------------------------------
35┆ install_file $files
⋮┆----------------------------------------
92┆ cat "$from" 2>/dev/null | $cmd
⋮┆----------------------------------------
124┆ set -- $(dd if=$disk bs=1 skip=440 count=4 2>/dev/null | hexdump -v -e '4/1 "%02x "')
⋮┆----------------------------------------
191┆ set -- $(hexdump -v -n 12 -s "$((0x1B2 + $part * 16))" -e '3/4 "0x%08X "' "$disk")
⋮┆----------------------------------------
193┆ local type="$(( $(hex_le32_to_cpu $1) % 256))"
⋮┆----------------------------------------
194┆ local lba="$(( $(hex_le32_to_cpu $2) ))"
⋮┆----------------------------------------
195┆ local num="$(( $(hex_le32_to_cpu $3) ))"
⋮┆----------------------------------------
199┆ printf "%2d %5d %7d\n" $part $lba $num >> "/tmp/partmap.$filename"
⋮┆----------------------------------------
226┆ get_image "$1" "$2" | mtd $MTD_ARGS $MTD_CONFIG_ARGS -j "$CONF_TAR" write - "${PART_NAME:-image}"
⋮┆----------------------------------------
228┆ get_image "$1" "$2" | mtd $MTD_ARGS write - "${PART_NAME:-image}"
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/upgrade/ubnt.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
13┆ local current_kernel_index=$(hexdump -s $UBNT_ERX_KERNEL_INDEX_OFFSET -n 1 -e '/1 "%X "' ${factory_mtd})
⋮┆----------------------------------------
36┆ if ! (echo -e $new_kernel_index | dd of=${factory_mtd} bs=1 count=1 seek=$UBNT_ERX_KERNEL_INDEX_OFFSET);
then
⋮┆----------------------------------------
36┆ if ! (echo -e $new_kernel_index | dd of=${factory_mtd} bs=1 count=1 seek=$UBNT_ERX_KERNEL_INDEX_OFFSET);
then
⋮┆----------------------------------------
49┆ local kernel_part="$(ubnt_get_target_kernel ${factory_mtd})"
⋮┆----------------------------------------
71┆ local troot_ubivol="$( nand_find_volume $ubidev troot )"
⋮┆----------------------------------------
72┆ [ -n "$troot_ubivol" ] && ubirmvol /dev/$ubidev -N troot || true
⋮┆----------------------------------------
75┆ ubnt_update_target_kernel ${factory_mtd} ${kernel_part} || exit 1
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/wifi/mac80211.sh
external.semgrep-rules.bash.lang.best-practice.iteration-over-ls-output
Iterating over ls output is fragile. Use globs, e.g. 'dir/*' instead of '$(ls dir)'.
12┆ for phy in $(ls /sys/class/ieee80211 2>/dev/null); do
⋮┆----------------------------------------
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
13┆ case "$(readlink -f /sys/class/ieee80211/$phy/device)" in
⋮┆----------------------------------------
46┆ config_set "$device" macaddr "$(cat /sys/class/ieee80211/${phy}/macaddress)"
⋮┆----------------------------------------
67┆ devidx=$(($devidx + 1))
⋮┆----------------------------------------
95┆ path="$(readlink -f /sys/class/ieee80211/${dev}/device)"
⋮┆----------------------------------------
106┆ dev_id="set wireless.radio${devidx}.macaddr=$(cat /sys/class/ieee80211/${dev}/macaddress)"
⋮┆----------------------------------------
127┆ devidx=$(($devidx + 1))
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/sbin/led.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
10┆ config_get name $1 name
⋮┆----------------------------------------
11┆ config_get sysfs $1 sysfs
/logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/usr/share/libubox/jshn.sh
external.semgrep-rules.bash.lang.correctness.unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces
according to whitespace or whichever separator is specified by the IFS variable. If you
really wish to split the variable's contents, you may use a variable that starts with an
underscore e.g. $_X instead of $X, and semgrep will ignore it. If what you need is an array,
consider using a proper bash array.
188┆ jshn "$@" ${JSON_PREFIX:+-p "$JSON_PREFIX"} -w
┌──────────────┐
│ Scan Summary │
└──────────────┘
Some files were skipped or only partially analyzed.
Partially scanned: 3 files only partially analyzed due to parsing or internal Semgrep errors
Ran 7 rules on 37 files: 267 findings.
