Vivarium · Layer 2 · Docker (catalogue)

`find … | xargs cmd` is unsafe for whitespace in filenames

xargs splits its stdin on whitespace by default. The pipeline find . -name '*.txt' | xargs grep -l 'secret' silently misses every file whose path contains a space, a tab, or a newline, because xargs hands each whitespace-separated token to grep as a distinct argument. The fix — find … -print0 | xargs -0 … — uses NUL bytes as separators, which can never appear in a filename.

CI verdict snapshot

Loading verdict snapshot…

Reproduce yourself

docker run --rm ghcr.io/aletheia-works/vivarium-find-xargs-whitespace:latest

First-pull cost ~10 MB (alpine:3.19 + GNU findutils). Run takes well under a second. See the recipe directory for the Dockerfile and repro.sh.

CI snapshot output

(loading…)