@@ -470,9 +470,9 @@ checkFindExecWithSingleArgument = CommandCheck (Basename "find") (f . arguments)
470470 termS<- getLiteralString term
471471let cmdS= getLiteralStringDef" " arg
472472
473- guard$ execS`elem` [" -exec" ," -execdir" ]&& termS`elem` [" ;" ," +" ]
473+ guard$ execS`elem` [" -exec" ," -execdir" , " -ok " , " -okdir " ]&& termS`elem` [" ;" ," +" ]
474474 guard$ cmdS`matches` commandRegex
475- return $ warn (getId exec)2150 " -exec does not invoke a shell. Rewrite or use-exec sh -c .. ."
475+ return $ warn (getId exec)2150 (execS ++ " does not invoke a shell. Rewrite or use" ++ execS ++ " sh -c .. ." )
476476 check _= Nothing
477477 commandRegex= mkRegex" [ |;]"
478478
@@ -505,7 +505,7 @@ checkUnusedEchoEscapes = CommandCheck (Basename "echo") f
505505
506506prop_checkInjectableFindSh1= verify checkInjectableFindSh" find . -exec sh -c 'echo {}'\\ ;"
507507prop_checkInjectableFindSh2= verify checkInjectableFindSh" find . -execdir bash -c 'rm\" {}\" ' ';'"
508- prop_checkInjectableFindSh3= verifyNot checkInjectableFindSh" find . -exec sh -c 'rm\" $@\" ' _ {}\\ ;"
508+ prop_checkInjectableFindSh3= verifyNot checkInjectableFindSh" find . -ok sh -c 'rm\" $@\" ' _ {}\\ ;"
509509checkInjectableFindSh= CommandCheck (Basename " find" ) (check. arguments)
510510where
511511 check args= do
@@ -519,7 +519,7 @@ checkInjectableFindSh = CommandCheck (Basename "find") (check . arguments)
519519 match (p: tests) args
520520
521521pattern = [
522- (`elem` [" -exec" ," -execdir" ]),
522+ (`elem` [" -exec" ," -execdir" , " -ok " , " -okdir " ]),
523523 (`elem` [" sh" ," bash" ," dash" ," ksh" ]),
524524 (== " -c" )
525525 ]