From 20262e809578e292512e12bd535a40f17b5657e0 Mon Sep 17 00:00:00 2001
From: myoshizumi <myoshizumi@alumni.berklee.edu>
Date: Wed, 11 Feb 2026 16:42:44 +0900
Subject: [PATCH] Refactor SRI script to use local variables and safe trap
 expansion

---
 calc_sri_fix.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/calc_sri_fix.sh b/calc_sri_fix.sh
index e5e2cbd0..8b6d6f9b 100755
--- a/calc_sri_fix.sh
+++ b/calc_sri_fix.sh
@@ -3,9 +3,10 @@
 set -euo pipefail
 
 calculate_sri() {
-    url="$1"
+    local url="$1"
+    local temp_file
     temp_file=$(mktemp)
-    trap 'rm -f "$temp_file"' RETURN
+    trap "rm -f \"$temp_file\"" RETURN
 
     # curl options: -f (fail on HTTP error), -S (show error), -s (silent equivalent), -L (follow redirects)
     if ! curl -fS -sL "$url" -o "$temp_file"; then
@@ -19,6 +20,7 @@ calculate_sri() {
         return 1
     fi
 
+    local hash
     hash=$(openssl dgst -sha384 -binary < "$temp_file" | openssl base64 -A)
     echo "$url sha384-$hash"
     rm -f "$temp_file"