CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
      • Curl
      • Lang
        • Best practice
        • Correctness
        • Security
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Lang

Correctness

unquoted-variable-expansion-in-command

Variable expansions must be double-quoted so as to prevent being split into multiple pieces according to whitespace or whichever separator is specified by the IFS variable. If you really wish to split the variable’s contents, you may use a variable that starts with an underscore e.g. Xinsteadof_X instead of X​insteadofX, and semgrep will ignore it. If what you need is an array, consider using a proper bash array.

unquoted-command-substitution-in-command

The result of command substitution $(…) or ..., if unquoted, is split on whitespace or other separators specified by the IFS variable. You should surround it with double quotes to avoid splitting the result.
Best practiceSecurity
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.