Q
Detector Library
Shell detectors (16/16)
Avoid LS-GrepSudo Redirect MisuseIncorrectly used escape sequencesExpr ModernizationUnquoted Special ParametersSingle-Iteration LoopPrefer Find Over LSAvoid Complex Logical ExpressionsUnquoted Array ExpansionPS Grep AlternativeUnquoted Find PatternsUnnecessary Variable ExpansionUse of if and thenRead Lines with While LoopIncorrect Quoting in Trap CommandsCommand Substitution Syntax
Unquoted Find Patterns Medium
Unquoted pattern arguments in 'find' commands can be unexpectedly expanded by the shell, leading to incorrect file matching. To prevent this, enclose the pattern arguments in single quotes when using them with find options like '-name'.
Detector ID
shell/unquoted-find-patterns@v1.0
Category
Common Weakness Enumeration (CWE) 
-
Tags
-
Noncompliant example
1
2# Noncompliant: Unquoted parameter can lead to unexpected behavior if files matching the pattern exist in the current directory.
3find . -name *.logCompliant example
1
2# Compliant: Quoted parameter ensures the pattern is passed to `find` as intended.
3find . -name '*.log'