From 0c16e500f5d53eb15baad3c9a93784fcfc134f0a Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Mon, 14 Dec 2020 14:45:38 +0100
Subject: [PATCH] IMP(shellcheck): replace ls in loop by glob (SC2045)

---
 bin/hardening/5.4.4_default_umask.sh      | 18 ++++++++++--------
 bin/hardening/99.2_disable_usb_devices.sh | 10 ++++++----
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/bin/hardening/5.4.4_default_umask.sh b/bin/hardening/5.4.4_default_umask.sh
index 9f29ca0..ac775d5 100755
--- a/bin/hardening/5.4.4_default_umask.sh
+++ b/bin/hardening/5.4.4_default_umask.sh
@@ -29,12 +29,13 @@ audit() {
         if [ "$SEARCH_RES" = 1 ]; then break; fi
         if test -d "$FILE_SEARCHED"; then
             debug "$FILE_SEARCHED is a directory"
-            for file_in_dir in $(ls "$FILE_SEARCHED"); do
-                does_pattern_exist_in_file "$FILE_SEARCHED/$file_in_dir" "^$PATTERN"
+            for file_in_dir in "$FILE_SEARCHED"/*; do
+                [[ -e "$file_in_dir" ]] || break  # handle the case of no file in dir
+                does_pattern_exist_in_file "$file_in_dir" "^$PATTERN"
                 if [ "$FNRET" != 0 ]; then
-                    debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
+                    debug "$PATTERN is not present in $file_in_dir"
                 else
-                    ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
+                    ok "$PATTERN is present in $file_in_dir"
                     SEARCH_RES=1
                     break
                 fi
@@ -61,12 +62,13 @@ apply() {
         if [ "$SEARCH_RES" = 1 ]; then break; fi
         if test -d "$FILE_SEARCHED"; then
             debug "$FILE_SEARCHED is a directory"
-            for file_in_dir in $(ls "$FILE_SEARCHED"); do
-                does_pattern_exist_in_file "$FILE_SEARCHED/$file_in_dir" "^$PATTERN"
+            for file_in_dir in "$FILE_SEARCHED"/*; do
+                [[ -e "$file_in_dir" ]] || break  # handle the case of no file in dir
+                does_pattern_exist_in_file "$file_in_dir" "^$PATTERN"
                 if [ "$FNRET" != 0 ]; then
-                    debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
+                    debug "$PATTERN is not present in $file_in_dir"
                 else
-                    ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
+                    ok "$PATTERN is present in $file_in_dir"
                     SEARCH_RES=1
                     break
                 fi
diff --git a/bin/hardening/99.2_disable_usb_devices.sh b/bin/hardening/99.2_disable_usb_devices.sh
index c0ad231..24b7076 100755
--- a/bin/hardening/99.2_disable_usb_devices.sh
+++ b/bin/hardening/99.2_disable_usb_devices.sh
@@ -59,12 +59,14 @@ apply() {
         if [ "$SEARCH_RES" = 1 ]; then break; fi
         if test -d "$FILE_SEARCHED"; then
             debug "$FILE_SEARCHED is a directory"
-            for file_in_dir in $(ls $FILE_SEARCHED); do
-                does_pattern_exist_in_file "$FILE_SEARCHED/$file_in_dir" "^$PATTERN"
+            
+            for file_in_dir in "$FILE_SEARCHED"/*; do
+                [[ -e "$file_in_dir" ]] || break  # handle the case of no file in dir
+                does_pattern_exist_in_file "$file_in_dir" "^$PATTERN"
                 if [ "$FNRET" != 0 ]; then
-                    debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
+                    debug "$PATTERN is not present in $file_in_dir"
                 else
-                    ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
+                    ok "$PATTERN is present in $file_in_dir"
                     SEARCH_RES=1
                     break
                 fi