diff --git a/tools/toolkit-qa-check.sh b/tools/toolkit-qa-check.sh index 4744796..7ad52ca 100755 --- a/tools/toolkit-qa-check.sh +++ b/tools/toolkit-qa-check.sh @@ -473,11 +473,32 @@ while read -r file; do # Check if function uses parameters if grep -A 20 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -q '\$[1-9]'; then + # Skip if uses safe default pattern: ${1:-default} + if grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\$\{[1-9]:-'; then + continue + fi + + # Skip if function doesn't actually use positional params (only uses local vars) + # Check first 10 lines of function - if all $1-9 are in local declarations only, skip + func_body=$(grep -A 10 "^[[:space:]]*$func_name()" "$file" 2>/dev/null) + if ! echo "$func_body" | grep -v "local.*=" | grep -q '\$[1-9]'; then + continue + fi + + # Skip simple echo/print wrapper functions (validation not needed for display) + # If function only uses params in echo/print statements, it's safe + if echo "$func_body" | grep -E "^\s*(echo|printf|print)" | grep -q '\$[1-9]'; then + if ! echo "$func_body" | grep -v -E "^\s*(echo|printf|print|local|#)" | grep -q '\$[1-9]'; then + continue + fi + fi + # Check if it validates them (accepts both $1 and variable name patterns) # Pattern 1: [ -z "$1" ] or [ -n "$1" ] # Pattern 2: [ -z "$var_name" ] where var_name was assigned from $1 # Pattern 3: [ $# -lt 1 ] or similar - if ! grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\[\s*-[nz]\s*"\$([1-9]|[a-zA-Z_][a-zA-Z0-9_]*)"\s*\]|\[\s*\$#\s*-'; then + # Pattern 4: if [ ! -f "$1" ] - file existence checks count as validation + if ! grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\[\s*-[nzf]\s*"\$([1-9]|[a-zA-Z_][a-zA-Z0-9_]*)"\s*\]|\[\s*!\s*-[nzf]\s*|\[\s*\$#\s*-'; then echo "HIGH|$file|$line_num|Function '$func_name' uses parameters without validation" count_issue "HIGH" ((count++))