Treat bare ')' as syntax error regardless of ParseBacktick

mattn · mattn · commit e73986e335d2 · 2026-04-14T01:26:03.000+09:00
The merged security fix (#60) treated bare ')' as a literal when ParseBacktick=false, but as an error when ParseBacktick=true. Unify the behavior: bare ')' is always a syntax error, consistent with how bare '(' is already handled.
diff --git a/shellwords.go b/shellwords.go
@@ -230,17 +230,15 @@ loop:
 				}
 
 				// Backtick parsing disabled:
-				// preserve literal text for $(...) constructs instead of
-				// silently dropping the closing ')'.
-				if dollarQuote {
-					buf += string(r)
-					backtick = ""
-					dollarQuote = false
-					got = argSingle
-					continue
+				// A bare ')' is a syntax error, consistent with '(' handling.
+				// Only close an already-open $(...) region.
+				if !dollarQuote {
+					return nil, errors.New("invalid command line string")
 				}
 
 				buf += string(r)
+				backtick = ""
+				dollarQuote = false
 				got = argSingle
 				continue
 			}
diff --git a/shellwords_security_test.go b/shellwords_security_test.go
@@ -27,21 +27,11 @@ func TestBareClosingParen_NoExecution_ReturnsError(t *testing.T) {
 	}
 }
 
-// Default behavior → ‘)’ is a literal; it does not break parsing
-func TestBareClosingParen_DefaultParsingLiteral(t *testing.T) {
-	out, err := Parse(")a b)c d")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	want := []string{")a", "b)c", "d"}
-	if len(out) != len(want) {
-		t.Fatalf("unexpected token count: got %d, want %d, out=%#v", len(out), len(want), out)
-	}
-	for i := range want {
-		if out[i] != want[i] {
-			t.Fatalf("unexpected token at %d: got %q, want %q, out=%#v", i, out[i], want[i], out)
-		}
+// Default behavior → bare ‘)’ is a syntax error, consistent with ‘(‘ handling
+func TestBareClosingParen_DefaultParsingError(t *testing.T) {
+	_, err := Parse(")a b)c d")
+	if err == nil {
+		t.Fatal("expected error for unmatched ‘)’, got nil")
 	}
 }
 
