From 53b3c36939fbc6e81138fab2814991978dbe8373 Mon Sep 17 00:00:00 2001
From: Guillem Jover <gjover@sipwise.com>
Date: Wed, 8 Nov 2017 17:45:44 +0100
Subject: [PATCH] TT#24097 Fix shell quoting

- Add missing quotes.
- Switch some problematic usages to use bash arrays.
- Override shellcheck errors (these might need fixing in the future).

Change-Id: Id451ff9f4c5d5ef9b3826544908d64e9c08c5797
---
 debian/ngcp-rtpengine-daemon.init           |  2 ++
 debian/ngcp-rtpengine-recording-daemon.init |  5 +--
 el/rtpengine.init                           | 36 +++++++++++----------
 tests/simulator-tcp.sh                      |  2 +-
 utils/build_deps.sh                         |  8 ++---
 utils/patch-kernel                          |  2 +-
 6 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/debian/ngcp-rtpengine-daemon.init b/debian/ngcp-rtpengine-daemon.init
index 330de4a9c..5bab13150 100755
--- a/debian/ngcp-rtpengine-daemon.init
+++ b/debian/ngcp-rtpengine-daemon.init
@@ -170,6 +170,7 @@ case "$1" in
 	log_daemon_msg "Starting $DESC: $NAME"
 	if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
 		if [ "$MANAGE_IPTABLES" = "yes" ]; then
+			# shellcheck disable=SC2086
 			modprobe xt_RTPENGINE $MODPROBE_OPTIONS
 
 			iptables -N rtpengine 2> /dev/null
@@ -188,6 +189,7 @@ case "$1" in
 		fi
 	fi
 	set -e
+	# shellcheck disable=SC2086
 	start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
 		--exec "$DAEMON" $START_OPTIONS -- $OPTIONS || log_progress_msg " already running"
 	log_end_msg $?
diff --git a/debian/ngcp-rtpengine-recording-daemon.init b/debian/ngcp-rtpengine-recording-daemon.init
index 6dc08318e..92e948ffc 100755
--- a/debian/ngcp-rtpengine-recording-daemon.init
+++ b/debian/ngcp-rtpengine-recording-daemon.init
@@ -96,13 +96,14 @@ case "$1" in
 	log_daemon_msg "Starting $DESC: $NAME"
 
 	if [ "$MUST_NFS" = yes ]; then
-		if ! grep -E -q '^[^ :]+:[^ :]+ '"$NFS_LOCAL_MOUNT"' nfs.? ' /proc/mounts; then
+		if ! grep -E -q "^[^ :]+:[^ :]+ $NFS_LOCAL_MOUNT nfs.? " /proc/mounts; then
 			log_progress_msg "Mounting NFS share"
 			test -d "$NFS_LOCAL_MOUNT" || mkdir -p "$NFS_LOCAL_MOUNT"
-			mount -t nfs -o "$NFS_OPTIONS" "$NFS_HOST":"$NFS_REMOTE_PATH" "$NFS_LOCAL_MOUNT"
+			mount -t nfs -o "$NFS_OPTIONS" "$NFS_HOST:$NFS_REMOTE_PATH" "$NFS_LOCAL_MOUNT"
 		fi
 	fi
 
+	# shellcheck disable=SC2086
 	start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
 		--exec "$DAEMON" $START_OPTIONS -- $OPTIONS || log_progress_msg " already running"
 	log_end_msg $?
diff --git a/el/rtpengine.init b/el/rtpengine.init
index 43a10d2d6..f9c95867b 100644
--- a/el/rtpengine.init
+++ b/el/rtpengine.init
@@ -179,11 +179,11 @@ start() {
 		then
 			if [[ -n "$RE_GROUP" ]]
 			then
-				proc_gid=$(grep ^$RE_GROUP: /etc/group | cut -f3 -d:)
+				proc_gid="$(grep "^$RE_GROUP:" /etc/group | cut -f3 -d:)"
 			else
-				proc_gid=$(id $RE_USER -g)
+				proc_gid="$(id "$RE_USER" -g)"
 			fi
-			modprobe xt_RTPENGINE proc_uid=$(id $RE_USER -u) proc_gid=$proc_gid
+			modprobe xt_RTPENGINE proc_uid="$(id "$RE_USER" -u)" proc_gid="$proc_gid"
 		else
 			modprobe xt_RTPENGINE
 		fi
@@ -202,15 +202,15 @@ start() {
 				
 			firewall-cmd --direct --add-chain ipv4 filter rtpengine
 			firewall-cmd --direct --add-rule ipv4 filter INPUT_prefilter 0 -j rtpengine
-			firewall-cmd --direct --add-rule ipv4 filter rtpengine 0 -p udp -j RTPENGINE --id $TABLE
-			firewall-cmd --direct --add-rule ipv6 filter rtpengine 0 -p udp -j RTPENGINE --id $TABLE
+			firewall-cmd --direct --add-rule ipv4 filter rtpengine 0 -p udp -j RTPENGINE --id "$TABLE"
+			firewall-cmd --direct --add-rule ipv6 filter rtpengine 0 -p udp -j RTPENGINE --id "$TABLE"
   			firewall-cmd --reload
 		else
 			iptables -N rtpengine
 			# We insert the rtpengine rule at the top of the input chain
 			iptables -t filter -I INPUT -j rtpengine
-			iptables -I rtpengine -p udp -j RTPENGINE --id $TABLE
-			ip6tables -I rtpengine -p udp -j RTPENGINE --id $TABLE
+			iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+			ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
 		fi
 
 		cat <<EOF > "$cachefile"
@@ -220,19 +220,21 @@ EOF
         echo -n $"Starting $prog: "
 	if [[ -n "$RE_USER" ]]
 	then
-		daemon --user $RE_USER --pidfile=${pidfile} $rtpengine $OPTS
+		# shellcheck disable=SC2086
+		daemon --user "$RE_USER" --pidfile="${pidfile}" "$rtpengine" $OPTS
 	else
-		daemon --pidfile=${pidfile} $rtpengine $OPTS
+		# shellcheck disable=SC2086
+		daemon --pidfile="${pidfile}" "$rtpengine" $OPTS
 	fi
         RETVAL=$?
         echo
-        [ $RETVAL = 0 ] && touch ${lockfile}
+        [ $RETVAL = 0 ] && touch "${lockfile}"
         return $RETVAL
 }
 
 stop() {
 	echo -n $"Stopping $prog: "
-	killproc -p ${pidfile} $rtpengine
+	killproc -p "${pidfile}" "$rtpengine"
 	RETVAL=$?
 	echo
 	if [ -f "$cachefile" ]
@@ -249,16 +251,16 @@ stop() {
 			firewall-cmd --direct --remove-chain ipv4 filter rtpengine
 			firewall-cmd --reload
 		else
-			iptables -D rtpengine -p udp -j RTPENGINE --id $CUR_TABLE
-			ip6tables -D rtpengine -p udp -j RTPENGINE --id $CUR_TABLE
+			iptables -D rtpengine -p udp -j RTPENGINE --id "$CUR_TABLE"
+			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$CUR_TABLE"
 			iptables -t filter -D INPUT -j rtpengine
 			iptables -X rtpengine
 		fi
 		rmmod xt_RTPENGINE
-		rm -f $cachefile	
+		rm -f "$cachefile"
 	fi
  
-	[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
+	[ $RETVAL = 0 ] && rm -f "${lockfile}" "${pidfile}"
 }
 
 # See how we were called.
@@ -270,7 +272,7 @@ case "$1" in
 	stop
 	;;
   status)
-        status -p ${pidfile} $rtpengine
+        status -p "${pidfile}" "$rtpengine"
 	RETVAL=$?
 	;;
   restart)
@@ -278,7 +280,7 @@ case "$1" in
 	start
 	;;
   condrestart|try-restart)
-	if status -p ${pidfile} $rtpengine >&/dev/null; then
+	if status -p "${pidfile}" "$rtpengine" >&/dev/null; then
 		stop
 		start
 	fi
diff --git a/tests/simulator-tcp.sh b/tests/simulator-tcp.sh
index 9ab3a02c6..45a0a78ea 100755
--- a/tests/simulator-tcp.sh
+++ b/tests/simulator-tcp.sh
@@ -36,7 +36,7 @@ for (( i = 0 ; i < 1000 ; i++ )); do
 	dst_path=${dst_rel/ //}
 	ports="$ports $src_path $dst_path"
 	for port in $ports; do
-		echo foobar > /dev/udp/$port
+		echo foobar > "/dev/udp/$port"
 	done
 
 	ids="$ids $callid"
diff --git a/utils/build_deps.sh b/utils/build_deps.sh
index 5b299d2e2..ec4016bea 100755
--- a/utils/build_deps.sh
+++ b/utils/build_deps.sh
@@ -11,12 +11,12 @@ if ! [ -f "${CONTROL_FILE}" ]; then
 	exit 1
 fi
 
-BUILD_DEPS=$(/usr/bin/gdebi --quiet --non-interactive \
+BUILD_DEPS=($(/usr/bin/gdebi --quiet --non-interactive \
 	--option=APT::Install-Recommends=false \
-	--apt-line ${CONTROL_FILE})
-if [ -z "${BUILD_DEPS}" ]; then
+	--apt-line "${CONTROL_FILE}"))
+if [ ${#BUILD_DEPS[@]} -eq 0 ]; then
 	echo "Error: no build deps packages resolved"
 	exit 2
 fi
 
-apt-get install -y $BUILD_DEPS
+apt-get install -y "${BUILD_DEPS[@]}"
diff --git a/utils/patch-kernel b/utils/patch-kernel
index b9acad660..429a93b6f 100755
--- a/utils/patch-kernel
+++ b/utils/patch-kernel
@@ -34,7 +34,7 @@ if ! grep -q CONFIG_NETFILTER_XT_TARGET_RTPENGINE "$KERN"/net/netfilter/Makefile
 	(
 		echo
 		echo "EXTRA_CFLAGS += -DRTPENGINE_VERSION=\"\\\"$4\\\"\""
-		echo 'obj-$(CONFIG_NETFILTER_XT_TARGET_RTPENGINE) += xt_RTPENGINE.o'
+		echo "obj-\$(CONFIG_NETFILTER_XT_TARGET_RTPENGINE) += xt_RTPENGINE.o"
 	) >> "$KERN"/net/netfilter/Makefile
 fi