Other PR's merged + code improved + flow improved

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/ci.yml

@@ -0,0 +1,61 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  build-and-test:
+    # Normally runs in less than 50 seconds, but could stall because of test
+    timeout-minutes: 3
+    runs-on: ubuntu-24.04
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: sudo apt-get update -q && sudo apt install -y dash bash ksh zsh tcsh csh rc
+
+    - name: Build and Test (with sanitize)
+      env:
+        SKIP: python2
+      run: |
+        SANITIZE="${SANITIZE} -fsanitize=address"
+        #SANITIZE="${SANITIZE} -fsanitize=thread"
+        SANITIZE="${SANITIZE} -fsanitize=leak"
+        SANITIZE="${SANITIZE} -fsanitize=undefined"
+        SANITIZE="${SANITIZE} -fsanitize=integer-divide-by-zero"
+        #      SANITIZE="${SANITIZE} -fsanitize=vla-bound"
+        SANITIZE="${SANITIZE} -fsanitize=null"
+        SANITIZE="${SANITIZE} -fsanitize=signed-integer-overflow"
+        SANITIZE="${SANITIZE} -fsanitize=bounds"
+        #SANITIZE="${SANITIZE}  -fsanitize=bounds-strict"
+        SANITIZE="${SANITIZE} -fsanitize=bool"
+        SANITIZE="${SANITIZE} -fsanitize=enum"
+        #SANITIZE="${SANITIZE} -fsanitize-recover"  # will try to continue running the program
+        #SANITIZE_LINK="-static-libasan -static -lasan -static -lubsan -ldl -lm"
+        SANITIZE_LINK="-l:libasan.a -l:libubsan.a -ldl -lm"
+        SANITIZE="${SANITIZE} -fno-sanitize=alignment"
+        ./autogen.sh
+        ./configure
+        make clean
+        make CFLAGS="${SANITIZE} -g -O2" LDFLAGS="${SANITIZE_LINK}"
+        make CC=gcc CFLAGS="${SANITIZE} -g -O2" LDFLAGS="${SANITIZE_LINK}" test
+
+    - name: Build and Test (Normal)
+      env:
+        SKIP: python2
+      run: |
+        ./autogen.sh
+        ./configure
+        make clean
+        make
+        make test
+
+    - name: Provide log as artifact
+      uses: actions/upload-artifact@v4
+      if: ${{ ! cancelled() }}
+      with:
+        name: shc.failingtests
+        path: |
+          /tmp/shc.*.tst/*
+        retention-days: 2

.github/workflows/generate.yml

@@ -0,0 +1,41 @@
+---
+name: Generate files (documentation, autotools)
+on:
+  push:
+    paths: [man.md, aclocal.m4, configure.ac]
+  workflow_dispatch:
+jobs:
+  convert_via_pandoc:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: changes
+        with:
+          filters: |
+            man:
+              - 'man.md'
+            autotools:
+              - 'aclocal.m4'
+              - 'configure.ac'
+      - uses: docker://pandoc/core:3.3
+        if: ${{ github.event_name == 'workflow_dispath' || steps.changes.outputs.man == 'true' }}
+        with:
+          args: -s man.md -t man -o shc.1
+      - uses: docker://pandoc/core:3.3
+        if: ${{ github.event_name == 'workflow_dispath' || steps.changes.outputs.man == 'true' }}
+        with:
+          args: -s man.md -t html -o man.html
+      - run: |-
+          ./autogen.sh
+          # Correct executable flag on generated files
+          chmod -x INSTALL
+        if: ${{ github.event_name == 'workflow_dispath' || steps.changes.outputs.autotools == 'true' }}
+      - name: Commit changes
+        if: ${{ github.event_name == 'workflow_dispath' || steps.changes.outputs.man == 'true' || steps.changes.outputs.autotools }}
+        run: |-
+          for r in $(git remote) ; do git remote get-url --all $r ; done
+          git config user.name github-actions
+          git config user.email [email protected]
+          git commit -a -m "ci: Github Action Generate Files"
+          git push

.github/workflows/pre-commit.yml

@@ -0,0 +1,51 @@
+---
+name: pre-commit
+on:
+  pull_request:
+  push:
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    env:
+      RAW_LOG: pre-commit.log
+      CS_XML: pre-commit.xml
+    steps:
+      - run: sudo apt-get update && sudo apt-get install cppcheck
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          cache: pip
+          python-version: "3.12.1"
+      - run: python -m pip install pre-commit
+      - uses: actions/cache/restore@v4
+        with:
+          path: ~/.cache/pre-commit/
+          key: pre-commit-4|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml')
+            }}
+      - name: Run pre-commit hooks
+        env:
+          SKIP: uncrustify
+        run: |
+          set -o pipefail
+          pre-commit gc
+          pre-commit run --show-diff-on-failure --color=always --all-files | tee ${RAW_LOG}
+      - name: Convert Raw Log to Annotations
+        uses: mdeweerd/[email protected]
+        if: ${{ failure() }}
+        with:
+          in: ${{ env.RAW_LOG }}
+      - uses: actions/cache/save@v4
+        if: ${{ ! cancelled() }}
+        with:
+          path: ~/.cache/pre-commit/
+          key: pre-commit-4|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml')
+            }}
+      - name: Provide log as artifact
+        uses: actions/upload-artifact@v4
+        if: ${{ ! cancelled() }}
+        with:
+          name: precommit-logs
+          path: |
+            ${{ env.RAW_LOG }}
+            ${{ env.CS_XML }}
+          retention-days: 2

.pre-commit-config.yaml

@@ -0,0 +1,101 @@
+---
+exclude:
+  (?x)^(
+  configure|
+  configure\..*|
+  .cache/.*|
+  .*Makefile.in|
+  .*Makefile.am|
+  autogen.sh|
+  config/install-sh|
+  config/depcomp|
+  config/compile|
+  config/missing|
+  aclocal.m4|
+  __NONE__)$
+repos:
+  - repo: https://github.com/executablebooks/mdformat
+    # Do this before other tools "fixing" the line endings
+    rev: 0.7.17
+    hooks:
+      - id: mdformat
+        name: Format Markdown
+        stages: [manual]
+        entry: mdformat  # Executable to run, with fixed options
+        language: python
+        types: [markdown]
+        args: [--wrap, '75', --number]
+        additional_dependencies:
+          - mdformat-toc
+          - mdformat-gfm
+          - mdformat-beautysh
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      # - id: no-commit-to-branch
+      #  args: [--branch, main]
+      - id: debug-statements
+      - id: end-of-file-fixer
+        exclude: ^(test/.*)$
+      - id: trailing-whitespace
+        exclude: .*\.md$
+      - id: check-json
+      - id: mixed-line-ending
+      - id: check-builtin-literals
+        args: [--ignore=dict]
+      - id: check-ast
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+      - id: check-shebang-scripts-are-executable
+        exclude: ^(test/.*)$
+      - id: check-docstring-first
+      - id: fix-byte-order-marker
+      - id: check-case-conflict
+      - id: check-toml
+  - repo: https://github.com/lovesegfault/beautysh.git
+    rev: v6.2.1
+    hooks:
+      - id: beautysh
+        exclude: (?x)^(test/test\..*|config/missing|configure|autogen.sh)$
+        additional_dependencies:
+          - setuptools
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+        args:
+          - --toml
+          - pyproject.toml
+        additional_dependencies:
+          - tomli
+  - repo: https://github.com/pocc/pre-commit-hooks
+    rev: v1.3.5
+    # Install dependencies on windows:
+    #  choco install llvm uncrustify cppcheck
+    hooks:
+      - id: uncrustify
+        args: [--replace, --no-backup, -c, uncrustify.cfg]
+      - id: cppcheck
+        args:
+          - --force
+          #- --std=c99
+          - --language=c
+          #- -IInc
+          - '--template={file}({line}): {severity} ({id}): {message}'
+          - --inline-suppr
+      - id: cpplint
+        args: ["--filter=-build/header_guard,-build/include,-build/include_subdir,-legal/copyright,-readability/casting,-readability/fn_size,-whitespace/blank_line,-whitespace/braces,-whitespace/comma,-whitespace/comments,-whitespace/line_length,-whitespace/newline,-whitespace/operators,-whitespace/parens,-whitespace/semicolon,-whitespace/tab,-whitespace/todo"]
+        additional_dependencies:
+          - cpplint>=1.6.1
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.10.0.1
+    hooks:
+      - id: shellcheck
+        exclude: (?x)^(test/test.*)$
+        # args: [-x,-e1007,-e1009,-e1072,-e1073]
+  - repo: https://github.com/pocc/pre-commit-hooks
+    rev: v1.3.5
+    hooks:
+      - id: clang-format
+        stages: [manual]
+        args: [-i]

.travis.yml

@@ -3,11 +3,9 @@ sudo: required
 language: c
 before_install:
   - sudo apt-get update -q
-  - sudo apt install dash bash ash ksh zsh tcsh csh rc
-script: 
+  - sudo apt install dash bash ksh zsh tcsh csh rc
+script:
   - ./autogen.sh
   - ./configure
   - make
   - make test
-
-

ChangeLog

@@ -1,5 +1,26 @@
 CHANGES
 
+LATEST Aug 19 2024
+
+    * Feat: Piping (`-P`, `-p`), with `$0` forging (big scripts, perl. python) @fabio-brugnara.
+    * Qual: Enhance tests (Check stderr, forging, tempdir, complex arguments), option SKIP (tests) @mdeweerd.
+    * Qual: Add Github CI flox (build, run tests with(out) sanitizer, generate files) @mdeweerd.
+    * Fix:  Fix memory leaks in generated c-code @mdeweerd.
+    * Fix:  Fix memory leaks in generation c-code @ashamedbit #165
+    * Fix:  Fix static code checks/implement recommendations (prevent leaks, overflows) @mdeweerd.
+    * Qual: Add static code checks, linting, code formatting @mdeweerd #162 #161
+    * Doc:  Improvements to the documentation @mdeweerd #163 #160
+    * Doc:  Add code block hinting for Ubuntu PPA install procedure lb803 #164
+    * Feat: Remove `ash` dependency @dviererbe #167
+    * Fix:  Fix for script filenames with spaces/special characters @ergoucao #157.
+    * Feat: Option `-2` to use mmap2 @csersoft #132
+    * Doc:  Fix automatic hyperlinks by removing `<>` @learnpassword #148
+    * Doc:  Fix typo in usage @ghost #129
+    * Fix:  Fix strip in case of cross-compilation @embexus #125
+    * Fix:  Fix NULL-ptr dereference in shhl string @RKX1209 #83
+
+    Note: @GITHUB_USERNAME #neurobin/Github Pull Request
+
 4.0.3 Tue Nov 20 08:22:20 UTC 2018
 
     * Enhance -H flag by intika <https://github.com/intika> (Hide commands arguments from ps and cmdline)
@@ -44,29 +65,29 @@ CHANGES
 
     * zsh support
     * Fix issue #13 (https://github.com/neurobin/shc/issues/13)
-    
+
 
 3.9.2	Fri Aug 21 16:12:33 BDT 2015
-	
+
 	Added BusyBox support with patch taken from:
 	https://onedrive.live.com/prev?cid=18a41d08a9f3c543&id=18A41D08A9F3C543!231&authkey=!AJQ6Iah_5D3WJ60&v=TextFileEditor
 	as suggested by https://github.com/marcoburatto
 
 3.9.1	Fri Apr 03 00:22:11 GMT 2015
-	
+
 	Renamed  option -T to -U and reversed it's logic.
 	So now, the executable prepared will execute without using sudo,
 	by default.
 
 
-3.9.0   Wed Apr 01  08:35:22 AM GMT 2015 
+3.9.0   Wed Apr 01  08:35:22 AM GMT 2015
 
     (http://github.com/neurobin)
 	Added output file option with [-o filename]
 	and fixed bug on make install (manual install failed)
 	Now you can access manual by entering command: man shc
 	in a terminal.
-        
+
 
 
 3.8.9	Wed Apr 25 09:24:25 CEST 2012
@@ -122,8 +143,8 @@ CHANGES
 	- Fixed bug: "rlax" used after encryption.
 
 	Thanks to Nalneesh Gaur <[email protected]> for:
-	- Read permision of the script.x exposes it to disassembling.
-	- Group and others read permision is now removed by default.
+	- Read permission of the script.x exposes it to disassembling.
+	- Group and others read permission is now removed by default.
 
 
 
@@ -227,16 +248,15 @@ SCO, both not used now.
 3.0b1	Wed Feb 26 14:27:22 WET 1997
 
 	The main difference with 2.4 is that in it the script was
-compressed an then shuffle around, now int 3.0 the script is encripted
-with an inline code, so not needend any external comand to work, and been
-faster at startup. Other related adventage is that the only information
-not encripted in .x.c is an stamp, expiration date and provider email
+compressed an then shuffle around, now int 3.0 the script is encrypted
+with an inline code, so not needing any external command to work, and been
+faster at startup. Other related advantage is that the only information
+not encrypted in .x.c is an stamp, expiration date and provider email
 address.
 
-	Something equivalent to cheksums have been used to enforced at
+	Something equivalent to checksums has been used to enforce at
 execution that the executing shell has not been modified from the time
-the script was compiled. If anybody tries to change the excuting shell,
+the script was compiled. If anybody tries to change the executing shell,
 .x will refuse to execute.
 
 	The generated .x.c source code is now readable.
-

INSTALL

@@ -1,8 +1,8 @@
 Installation Instructions
 *************************
 
-   Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
-Foundation, Inc.
+   Copyright (C) 1994-1996, 1999-2002, 2004-2017, 2020-2021 Free
+Software Foundation, Inc.
 
    Copying and distribution of this file, with or without modification,
 are permitted in any medium without royalty provided the copyright
@@ -225,7 +225,7 @@ order to use an ANSI C compiler:
 
 and if that doesn't work, install pre-built binaries of GCC for HP-UX.
 
-   HP-UX 'make' updates targets which have the same time stamps as their
+   HP-UX 'make' updates targets which have the same timestamps as their
 prerequisites, which makes it generally unusable when shipped generated
 files such as 'configure' are involved.  Use GNU 'make' instead.