fix: DTOSS 12663 Remediate Sonarqube warnings script files (#1886)

* updated script files

* corrected sonarqube issue

* fixed sonarqube issues

Author: HarmeetRandhawa-NHS

application/CohortManager/Set-up/scripts/get_local_settings.sh

@@ -35,7 +35,7 @@ process_files() {
         # Read the content of the found local.settings.json file and echo it into the target file
         cat "$file" >> $OUTPUT_SCRIPT
         # Check if this is the last file and add EOF accordingly
-        if [ $index -lt $file_count ]; then
+        if [[ $index -lt $file_count ]]; then
             echo -e "\nEOF" >> $OUTPUT_SCRIPT
         fi
     done

scripts/azure/GetImageTagsByManifest.sh

@@ -55,28 +55,28 @@ while [[ "$#" -gt 0 ]]; do
     shift
 done
 
-if [ -z "${containerRegistry}" ]; then
+if [[ -z "${containerRegistry}" ]]; then
   echo "Please provide a container registry argument"
   exit 1
 fi
 
 # stop processing if no image name is provided
-if [ -z "${functionAppName}" ]; then
+if [[ -z "${functionAppName}" ]]; then
   echo "Please provide an image name as an argument"
   exit 1
 fi
 
-if [ -z "${subscriptionId}" ]; then
+if [[ -z "${subscriptionId}" ]]; then
   echo "Please provide a Subscription ID argument"
   exit 1
 fi
 
-if [ -z "${resourceGroup}" ]; then
+if [[ -z "${resourceGroup}" ]]; then
   echo "Please provide a resource group argument"
   exit 1
 fi
 
-if [ verbose == true ]; then
+if [[ verbose == true ]]; then
   echo "function app name: $functionAppName"
   echo "subscription Id: $subscriptionId"
   echo "resourceGroup: $resourceGroup"
@@ -88,13 +88,13 @@ fi
 digest=$(az acr repository show --name $containerRegistry --image $functionAppName:$tag --query 'digest' --output tsv 2> /dev/null)
 
 # stop processing if the image does not exist
-if [ -z "$digest" ]; then
+if [[ -z "$digest" ]]; then
   echo "Image $image not found in $containerRegistry"
   exit 1
 fi
 
 # echo the digest
-if [ verbose == true ]; then
+if [[ verbose == true ]]; then
   echo $digest
 fi
 

scripts/deployment/get-docker-names.sh

@@ -54,7 +54,7 @@ IFS=$', \n'
 
 echo "Adding Docker compose file includes..."
 files_to_process=(${COMPOSE_FILES_CSV})
-while [ ${#files_to_process[@]} -gt 0 ]; do
+while [[ ${#files_to_process[@]} -gt 0 ]]; do
     compose_file="${files_to_process[0]}"
     files_to_process=("${files_to_process[@]:1}")  # Remove the first file from the list
     includes=($(yq -r '.include[]' "${compose_file}"))
@@ -121,7 +121,7 @@ for compose_file in ${COMPOSE_FILES_CSV}; do
     echo
 done
 
-if [ ${#non_matched_changes[@]} -ne 0 ]; then
+if [[ ${#non_matched_changes[@]} -ne 0 ]]; then
     # Remove duplicates (non-matched items across several compose files)
     mapfile -t unique_changes < <(printf "%s\n" "${non_matched_changes[@]}" | sort -u)
 

scripts/docker/dgoss.sh

@@ -24,7 +24,7 @@ error() {
 cleanup() {
     set +e
     { kill "$log_pid" && wait "$log_pid"; } 2> /dev/null
-    if [ -n "$CONTAINER_LOG_OUTPUT" ]; then
+    if [[ -n "$CONTAINER_LOG_OUTPUT" ]]; then
         cp "$tmp_dir/docker_output.log" "$CONTAINER_LOG_OUTPUT"
     fi
     rm -rf "$tmp_dir"
@@ -47,7 +47,7 @@ run(){
     case "$GOSS_FILES_STRATEGY" in
       mount)
         info "Starting $CONTAINER_RUNTIME container"
-        if [ "$CONTAINER_RUNTIME" == "podman" -a $# == 2 ]; then
+        if [[ "$CONTAINER_RUNTIME" == "podman" -a $# == 2 ]]; then
             id=$($CONTAINER_RUNTIME run -d -v "$tmp_dir:/goss:z" "${@:2}" sleep infinity)
         else
             id=$($CONTAINER_RUNTIME run -d -v "$tmp_dir:/goss:z" "${@:2}")
@@ -113,7 +113,7 @@ case "$1" in
         fi
         [[ $GOSS_SLEEP ]] && { info "Sleeping for $GOSS_SLEEP"; sleep "$GOSS_SLEEP"; }
         info "Container health"
-        if [ "true" != "$($CONTAINER_RUNTIME inspect -f '{{.State.Running}}' "$id")" ]; then
+        if [[ "true" != "$($CONTAINER_RUNTIME inspect -f '{{.State.Running}}' "$id")" ]]; then
             $CONTAINER_RUNTIME logs "$id" >&2
             error "the container failed to start"
         fi

scripts/docker/docker.lib.sh

@@ -127,7 +127,7 @@ function version-create-effective-file() {
   local version_file="$dir/VERSION"
   local build_datetime=${BUILD_DATETIME:-$(date -u +'%Y-%m-%dT%H:%M:%S%z')}
 
-  if [ -f "$version_file" ]; then
+  if [[ -f "$version_file" ]]; then
     # shellcheck disable=SC2002
     cat "$version_file" | \
       sed "s/\(\${yyyy}\|\$yyyy\)/$(date --date="${build_datetime}" -u +"%Y")/g" | \
@@ -167,9 +167,9 @@ function docker-get-image-version-and-pull() {
   # match it by name and version regex, if given.
   local versions_file="${TOOL_VERSIONS:=$(git rev-parse --show-toplevel)/.tool-versions}"
   local version="latest"
-  if [ -f "$versions_file" ]; then
+  if [[ -f "$versions_file" ]]; then
     line=$(grep "docker/${name} " "$versions_file" | sed "s/^#\s*//; s/\s*#.*$//" | grep "${match_version:-".*"}")
-    [ -n "$line" ] && version=$(echo "$line" | awk '{print $2}')
+    [[ -n "$line" ]] && version=$(echo "$line" | awk '{print $2}')
   fi
 
   # Split the image version into two, tag name and digest sha256.
@@ -178,7 +178,7 @@ function docker-get-image-version-and-pull() {
 
   # Check if the image exists locally already
   if ! docker images | awk '{ print $1 ":" $2 }' | grep -q "^${name}:${tag}$"; then
-    if [ "$digest" != "latest" ]; then
+    if [[ "$digest" != "latest" ]]; then
       # Pull image by the digest sha256 and tag it
       docker pull \
         --platform linux/amd64 \
@@ -222,19 +222,19 @@ function _replace-image-latest-by-specific-version() {
   local dockerfile="${dir}/Dockerfile.effective"
   local build_datetime=${BUILD_DATETIME:-$(date -u +'%Y-%m-%dT%H:%M:%S%z')}
 
-  if [ -f "$versions_file" ]; then
+  if [[ -f "$versions_file" ]]; then
     # First, list the entries specific for Docker to take precedence, then the rest but exclude comments
     content=$(grep " docker/" "$versions_file"; grep -v " docker/" "$versions_file" ||: | grep -v "^#")
     echo "$content" | while IFS= read -r line; do
-      [ -z "$line" ] && continue
+      [[ -z "$line" ]] && continue
       line=$(echo "$line" | sed "s/^#\s*//; s/\s*#.*$//" | sed "s;docker/;;")
       name=$(echo "$line" | awk '{print $1}')
       version=$(echo "$line" | awk '{print $2}')
       sed -i "s;\(FROM .*\)${name}:latest;\1${name}:${version};g" "$dockerfile"
     done
   fi
 
-  if [ -f "$dockerfile" ]; then
+  if [[ -f "$dockerfile" ]]; then
     # shellcheck disable=SC2002
     cat "$dockerfile" | \
       sed "s/\(\${yyyy}\|\$yyyy\)/$(date --date="${build_datetime}" -u +"%Y")/g" | \
@@ -292,9 +292,9 @@ function _get-git-branch-name() {
 
   local branch_name=$(git rev-parse --abbrev-ref HEAD)
 
-  if [ -n "${GITHUB_HEAD_REF:-}" ]; then
+  if [[ -n "${GITHUB_HEAD_REF:-}" ]]; then
     branch_name=$GITHUB_HEAD_REF
-  elif [ -n "${GITHUB_REF:-}" ]; then
+  elif [[ -n "${GITHUB_REF:-}" ]]; then
     # shellcheck disable=SC2001
     branch_name=$(echo "$GITHUB_REF" | sed "s#refs/heads/##")
   fi

scripts/docker/tests/docker.test.sh

@@ -44,7 +44,7 @@ function main() {
   done
   echo "Total: ${#tests[@]}, Passed: $(( ${#tests[@]} - status )), Failed: $status"
   test-docker-suite-teardown
-  [ $status -gt 0 ] && return 1 || return 0
+  [[ $status -gt 0 ]] && return 1 || return 0
 }
 
 # ==============================================================================

scripts/githooks/check-markdown-format.sh

@@ -49,9 +49,13 @@ function main() {
     "branch")
       files="$( (git diff --diff-filter=ACMRT --name-only "${BRANCH_NAME:-origin/main}" "*.md"; git diff --name-only "*.md") | sort | uniq )"
       ;;
+    *)
+      echo "Unexpected value for 'check' variable: $check"
+      exit 1 # exit code for incorrectly formatted file
+      ;;
   esac
 
-  if [ -n "$files" ]; then
+  if [[ -n "$files" ]]; then
     if command -v markdownlint > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
       files="$files" run-markdownlint-natively
     else

scripts/githooks/scan-secrets.sh

@@ -60,9 +60,13 @@ function get-cmd-to-run() {
     "staged-changes")
       cmd="protect --source $dir --verbose --staged"
       ;;
+    *)
+    echo "Unexpected value for 'check' variable: $check"
+    exit 126 # Unknown flag exit code
+      ;;
   esac
   # Include base line file if it exists
-  if [ -f "$dir/scripts/config/.gitleaks-baseline.json" ]; then
+  if [[ -f "$dir/scripts/config/.gitleaks-baseline.json" ]]; then
     cmd="$cmd --baseline-path $dir/scripts/config/.gitleaks-baseline.json"
   fi
   # Include the config file

scripts/podman/amd64-build-from-compose.sh

@@ -4,17 +4,17 @@ set -euo pipefail
 # Validate required tools
 check_tools() {
   local missing_tools=()
-  
+
   if ! command -v podman &> /dev/null; then
     missing_tools+=("podman")
   fi
-  
+
   if ! command -v yq &> /dev/null; then
     echo "Warning: yq not found, falling back to basic parsing"
     return 0
   fi
-  
-  if [ ${#missing_tools[@]} -ne 0 ]; then
+
+  if [[ ${#missing_tools[@]} -ne 0 ]]; then
     echo "Error: Missing required tools: ${missing_tools[*]}" >&2
     echo "Please install the missing tools and try again." >&2
     exit 1
@@ -24,7 +24,7 @@ check_tools() {
 # Parse compose files using yq or fallback
 parse_services() {
   local compose_file="$1"
-  
+
   if command -v yq &> /dev/null; then
     # Use yq for robust YAML parsing
     yq eval '.services | to_entries | .[] | select(.value.build) | [.key, .value.image // ("cohort-manager-" + .key), .value.build.context, .value.build.dockerfile] | @tsv' "$compose_file" 2>/dev/null || echo ""
@@ -41,7 +41,7 @@ parse_services() {
         gsub(/:$/, "", $1)
         service = $1
       }
-      /^    image:/ { 
+      /^    image:/ {
         gsub(/^    image:[ ]*/, "")
         gsub(/^[ " ]+|[ " ]+$/, "")
         explicit_img = $0
@@ -70,7 +70,7 @@ parse_services() {
 }
 
 # Validate arguments
-if [ $# -eq 0 ]; then
+if [[ $# -eq 0 ]]; then
   echo "Usage: $0 <compose-file1> [compose-file2] ..." >&2
   exit 1
 fi
@@ -91,20 +91,20 @@ for compose_file in "$@"; do
     echo "Warning: $compose_file not found, skipping" >&2
     continue
   fi
-  
+
   echo "Processing $compose_file..."
-  
+
   parse_services "$compose_file" | while IFS=$'\t' read -r service image context dockerfile; do
     if [[ -z "$service" || -z "$context" || -z "$dockerfile" ]]; then
       continue
     fi
-    
+
     dockerfile_path="$context/$dockerfile"
     if [[ ! -f "$dockerfile_path" ]]; then
       echo "Warning: Dockerfile not found at $dockerfile_path, skipping $service" >&2
       continue
     fi
-    
+
     # Check if Dockerfile uses Azure Functions base
     if grep -q "FROM.*mcr\.microsoft\.com/azure-functions/dotnet-isolated" "$dockerfile_path"; then
       echo "Building $image as amd64 (uses Azure Functions base)"
@@ -120,12 +120,12 @@ for compose_file in "$@"; do
       fi
     fi
   done
-  
+
   # Check if the while loop failed (due to pipe)
-  if [ ${PIPESTATUS[1]} -ne 0 ]; then
+  if [[ ${PIPESTATUS[1]} -ne 0 ]]; then
     echo "Error: Build failed for $compose_file" >&2
     exit 1
   fi
 done
 
-echo "Build complete!"
+echo "Build complete!"

scripts/reports/create-sbom-report.sh

@@ -48,7 +48,7 @@ function create-report() {
 function run-syft-natively() {
 
 
-if [ -z "$CHECK_DOCKER_IMAGE" ]; then
+if [[ -z "$CHECK_DOCKER_IMAGE" ]]; then
     syft scan docker:$CHECK_DOCKER_IMAGE \
       --config "$PWD/scripts/config/syft.yaml" \
       --output spdx-json="$PWD/$SBOM_REPOSITORY_REPORT.tmp.json"
@@ -68,7 +68,7 @@ function run-syft-in-docker() {
   # shellcheck disable=SC2155
   local image=$(name=ghcr.io/anchore/syft docker-get-image-version-and-pull)
 
-  if [ -z "$CHECK_DOCKER_IMAGE" ]; then
+  if [[ -z "$CHECK_DOCKER_IMAGE" ]]; then
     docker run --rm --platform linux/amd64 \
       --volume "$PWD":/workdir \
       --volume /var/run/docker.sock:/var/run/docker.sock  \