Lang
Correctness
unquoted-variable-expansion-in-command
unquoted-variable-expansion-in-command
Variable expansions must be double-quoted so as to prevent being split into multiple pieces according to whitespace or whichever separator is specified by the IFS variable. If you really wish to split the variable’s contents, you may use a variable that starts with an underscore e.g. X, and semgrep will ignore it. If what you need is an array, consider using a proper bash array.
unquoted-command-substitution-in-command
unquoted-command-substitution-in-command
The result of command substitution $(…) or ...
, if unquoted, is split on whitespace or other separators specified by the IFS variable. You should surround it with double quotes to avoid splitting the result.