bin/impala-config.sh contains dangerous rm -rf statements, which can delete everything it has access to

Today bin/impala-config.sh deleted my whole git clone, including unsubmitted code. The issue was reproducible, I attached logs of it.

I inspected $IMPALA_HOME, which contained the correct path twice, separated by whitespace. The

rm -rf ${IMPALA_HOME}/Testing

line of the script got expanded to

rm -rf ~/git/Impala-ASF ~/git/Impala-ASF/Testing

and happily deleted my whole workspace. Had my home directory been mentioned there, it would have been purged as well.

The reason why IMPALA_HOME contained the path twice is the following line of the script:

export IMPALA_HOME="$(dirname "$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)")"

In this line, only pwd is supposed to print the name of the directory, but if the CDPATH environmental variable is set and contains ., then the cd command also prints it. Because of my CDPATH setting, the directory name ended up being printed twice.

Solution:

• Variable substitutions should be quoted properly (preferably everywhere, but at least in rm -rf commands).
• The output of the cd command should be redirected to /dev/null