suggest replacing system(qq(foo "$xxx")) with system('foo', $xxx)

2 files changed, 10 insertions, 0 deletions

diff --git a/perl_checker.src/parser_helper.ml b/perl_checker.src/parser_helper.ml
index 1ebaa13..ca28aa8 100644
--- a/perl_checker.src/parser_helper.ml
+++ b/perl_checker.src/parser_helper.ml
@@ -864,6 +864,14 @@ let call_raw force_non_builtin_func (e, para) =
 	  | [ List [ Deref(I_array, _) ] ] -> ()
 	  | _ -> warn_rule (f ^ " is expecting an array and nothing else"))
 
+      | "system" ->
+	  (match un_parenthesize_full_l para with
+	  | [ String(l, _) ] -> 
+	      if List.exists (fun (s, _) -> String.contains s '\'' || String.contains s '"') l && 
+		not (List.exists (fun (s, _) -> List.exists (String.contains s) [ '<' ; '>' ; '&' ; ';']) l) then
+		warn_rule "instead of quoting parameters you should give a list of arguments"
+	  | _ -> ())
+
       | _ -> ()
       );
 
diff --git a/perl_checker.src/test/various_errors.t b/perl_checker.src/test/various_errors.t
index 0ad2154..535034b 100644
--- a/perl_checker.src/test/various_errors.t
+++ b/perl_checker.src/test/various_errors.t
@@ -22,6 +22,8 @@ join(@l)                                 first argument of join() must be a scal
 
 join(',', 'foo')                         join('...', $foo) is the same as $foo
 
+system(qq(foo "$xxx"))                   instead of quoting parameters you should give a list of arguments
+
 my (@l2, $xxx) = @l;                     @l2 takes all the arguments, $xxx is undef in any case
 
 $bad                                     undeclared variable $bad