Skip to content

Fix SRI calculation validation in calc_sri_fix.sh #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
myoshi2891 merged 2 commits into from
Feb 11, 2026
Merged

Fix SRI calculation validation in calc_sri_fix.sh #268

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
20262e8
Refactor SRI script to use local variables and safe trap expansion
myoshi2891 Feb 11, 2026
50bc729
Merge branch 'dev-from-macmini' of github.com:myoshi2891/AlgorithmStu…
myoshi2891 Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions calc_sri_fix.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@ set -euo pipefail

# calculate_sri downloads the given URL, computes the SHA-384 SRI hash of its content (base64) and echoes a line "<url> sha384-<base64_hash>".
calculate_sri() {
url="$1"
local url="$1"
local temp_file
temp_file=$(mktemp)
trap 'rm -f "$temp_file"' RETURN
trap "rm -f \"$temp_file\"" RETURN

@coderabbitai coderabbitai Bot Feb 11, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

trap でダブルクォートを使用すると、$temp_file がトラップ定義時に展開されます。

ShellCheck SC2064 の指摘通り、ダブルクォートを使うと $temp_file はトラップ設定時に即座に展開されます。この場合、直前の mktemp の結果をキャプチャするため意図通りに動作しますが、シングルクォートを使用するのがより慣用的で安全です。

🔧 修正案 
-    trap "rm -f \"$temp_file\"" RETURN
+    trap 'rm -f "$temp_file"' RETURN
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
trap "rm -f \"$temp_file\"" RETURN
trap 'rm -f "$temp_file"' RETURN
🧰 Tools
🪛 Shellcheck (0.11.0)

[warning] 10-10: Use single quotes, otherwise this expands now rather than when signalled.

(SC2064)

🤖 Prompt for AI Agents 
In `@calc_sri_fix.sh` at line 10, trap の定義でダブルクォートを使うと設定時に $temp_file
が展開されてしまうので、trap "rm -f \"$temp_file\"" RETURN を単一引用符を使って trap 'rm -f
"$temp_file"' RETURN のように修正し、トラップ実行時に変数が展開されるようにしてください(参照: 変数名 temp_file、コマンド
mktemp、トラップ設定箇所の trap ... RETURN)。


# curl options: -f (fail on HTTP error), -S (show error), -s (silent equivalent), -L (follow redirects)
if ! curl -fS -sL "$url" -o "$temp_file"; then
Expand All @@ -20,6 +21,7 @@ calculate_sri() {
return 1
fi

local hash
hash=$(openssl dgst -sha384 -binary < "$temp_file" | openssl base64 -A)
echo "$url sha384-$hash"
rm -f "$temp_file"

@coderabbitai coderabbitai Bot Feb 11, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

rm -ftrap ... RETURN と重複しています。

Line 10 の trap ... RETURN がファンクション終了時に自動的にファイルを削除するため、この手動削除は不要です。削除するか、逆にトラップに依存せず手動管理に統一するか、どちらかに寄せてください。

♻️ トラップに任せる場合の修正案 
     echo "$url sha384-$hash"
-    rm -f "$temp_file"
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
rm -f "$temp_file"
echo "$url sha384-$hash"
}
🤖 Prompt for AI Agents 
In `@calc_sri_fix.sh` at line 27, 関数の一時ファイル削除が二重になっているため、rm -f "$temp_file"
を削除してトラップ(trap ... RETURN)に一任するか、逆にトラップを削除して手動管理に統一してください; 推奨は既に設定されている trap ...
RETURN に任せることで、該当箇所は temp_file 変数を参照している rm の行を削除し、trap
が正しく一時ファイルを削除することを確認してください。

Expand Down