Sonarqube fixes for Docker.

pkg/docker/entrypoint.sh

@@ -1,8 +1,8 @@
 #!/bin/sh
 
 # Fixup the passwd file, in case we're on OpenShift
-if ! whoami &> /dev/null; then
-  if [ $(id -u) -ne 5050 ]; then
+if ! whoami > /dev/null 2>&1; then
+  if [ "$(id -u)" -ne 5050 ]; then
     if [ -w /etc/passwd ]; then
       echo "${USER_NAME:-pgadminr}:x:$(id -u):0:${USER_NAME:-pgadminr} user:${HOME}:/sbin/nologin" >> /etc/passwd
     fi
@@ -13,7 +13,7 @@ fi
 # provided by the user through the PGADMIN_CONFIG_* environment variables.
 # Only update the file on first launch. The empty file is created during the
 # container build so it can have the required ownership.
-if [ `wc -m /pgadmin4/config_distro.py | awk '{ print $1 }'` = "0" ]; then
+if [ "$(wc -m /pgadmin4/config_distro.py | awk '{ print $1 }')" = "0" ]; then
     cat << EOF > /pgadmin4/config_distro.py
 CA_FILE = '/etc/ssl/certs/ca-certificates.crt'
 LOG_FILE = '/dev/null'
@@ -31,37 +31,40 @@ EOF
     # This is a bit kludgy, but necessary as the container uses BusyBox/ash as
     # it's shell and not bash which would allow a much cleaner implementation
     for var in $(env | grep PGADMIN_CONFIG_ | cut -d "=" -f 1); do
+        # shellcheck disable=SC2086
+        # shellcheck disable=SC2046
         echo ${var#PGADMIN_CONFIG_} = $(eval "echo \$$var") >> /pgadmin4/config_distro.py
     done
 fi
 
 if [ ! -f /var/lib/pgadmin/pgadmin4.db ]; then
-    if ([ -z "${PGADMIN_DEFAULT_EMAIL}" ]) || ( [ -z "${PGADMIN_DEFAULT_PASSWORD}" ] && [ ! -n "${PGADMIN_DEFAULT_PASSWORD_FILE}" ] ); then
+    if [ -z "${PGADMIN_DEFAULT_EMAIL}" ] || { [ -z "${PGADMIN_DEFAULT_PASSWORD}" ] && [ -z "${PGADMIN_DEFAULT_PASSWORD_FILE}" ]; }; then
         echo 'You need to define the PGADMIN_DEFAULT_EMAIL and PGADMIN_DEFAULT_PASSWORD or PGADMIN_DEFAULT_PASSWORD_FILE environment variables.'
         exit 1
     fi
 
-    echo ${PGADMIN_DEFAULT_EMAIL} | grep -E "^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$" > /dev/null
-    if [ $? -ne 0 ]; then
+    if ! echo "${PGADMIN_DEFAULT_EMAIL}" | grep -E "^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$" > /dev/null; then
         echo "'${PGADMIN_DEFAULT_EMAIL}' does not appear to be a valid email address. Please reset the PGADMIN_DEFAULT_EMAIL environment variable and try again."
         exit 1
     fi
 
     # Read secret contents
     if [ -n "${PGADMIN_DEFAULT_PASSWORD_FILE}" ]; then
-        export PGADMIN_DEFAULT_PASSWORD=$(cat ${PGADMIN_DEFAULT_PASSWORD_FILE})
+        PGADMIN_DEFAULT_PASSWORD=$(cat "${PGADMIN_DEFAULT_PASSWORD_FILE}")
+        export PGADMIN_DEFAULT_PASSWORD
     fi
 
     # Set the default username and password in a
     # backwards compatible way
-    export PGADMIN_SETUP_EMAIL=${PGADMIN_DEFAULT_EMAIL}
-    export PGADMIN_SETUP_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
+    export PGADMIN_SETUP_EMAIL="${PGADMIN_DEFAULT_EMAIL}"
+    export PGADMIN_SETUP_PASSWORD="${PGADMIN_DEFAULT_PASSWORD}"
 
     # Initialize DB before starting Gunicorn
     # Importing pgadmin4 (from this script) is enough
     /venv/bin/python3 run_pgadmin.py
 
-    export PGADMIN_SERVER_JSON_FILE=${PGADMIN_SERVER_JSON_FILE:-/pgadmin4/servers.json}
+    export PGADMIN_SERVER_JSON_FILE="${PGADMIN_SERVER_JSON_FILE:-/pgadmin4/servers.json}"
+
     # Pre-load any required servers
     if [ -f "${PGADMIN_SERVER_JSON_FILE}" ]; then
         # When running in Desktop mode, no user is created
@@ -69,13 +72,13 @@ if [ ! -f /var/lib/pgadmin/pgadmin4.db ]; then
         if [ "${PGADMIN_CONFIG_SERVER_MODE}" = "False" ]; then
             /venv/bin/python3 /pgadmin4/setup.py --load-servers "${PGADMIN_SERVER_JSON_FILE}"
         else
-            /venv/bin/python3 /pgadmin4/setup.py --load-servers "${PGADMIN_SERVER_JSON_FILE}" --user ${PGADMIN_DEFAULT_EMAIL}
+            /venv/bin/python3 /pgadmin4/setup.py --load-servers "${PGADMIN_SERVER_JSON_FILE}" --user "${PGADMIN_DEFAULT_EMAIL}"
         fi
     fi
 fi
 
 # Start Postfix to handle password resets etc.
-if [ -z ${PGADMIN_DISABLE_POSTFIX} ]; then
+if [ -z "${PGADMIN_DISABLE_POSTFIX}" ]; then
     sudo /usr/sbin/postfix start
 fi
 
@@ -86,8 +89,8 @@ TIMEOUT=$(cd /pgadmin4 && /venv/bin/python3 -c 'import config; print(config.SESS
 # NOTE: currently pgadmin can run only with 1 worker due to sessions implementation
 # Using --threads to have multi-threaded single-process worker
 
-if [ ! -z ${PGADMIN_ENABLE_TLS} ]; then
-    exec /venv/bin/gunicorn --timeout ${TIMEOUT} --bind ${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-443} -w 1 --threads ${GUNICORN_THREADS:-25} --access-logfile ${GUNICORN_ACCESS_LOGFILE:--} --keyfile /certs/server.key --certfile /certs/server.cert -c gunicorn_config.py run_pgadmin:app
+if [ -n "${PGADMIN_ENABLE_TLS}" ]; then
+    exec /venv/bin/gunicorn --timeout "${TIMEOUT}" --bind "${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-443}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" --keyfile /certs/server.key --certfile /certs/server.cert -c gunicorn_config.py run_pgadmin:app
 else
-    exec /venv/bin/gunicorn --timeout ${TIMEOUT} --bind ${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-80} -w 1 --threads ${GUNICORN_THREADS:-25} --access-logfile ${GUNICORN_ACCESS_LOGFILE:--} -c gunicorn_config.py run_pgadmin:app
+    exec /venv/bin/gunicorn --timeout "${TIMEOUT}" --bind "${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-80}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" -c gunicorn_config.py run_pgadmin:app
 fi