I want a rule that will check that aren't parenthesis opening characters in tests ids

[mondeja]

Rule request

Description

When you put a parenthesis opening character ( inside a test id and you execute that test via command line directly without wrapping it by single quotes it leads a subshell execution in unix-like shells.

This typically raises a syntax error and the command is not executed. But if you put a dollar sign character $ before the opening parenthesis, it always leads to a real subshell execution and replacing, which could be a serious security problem.

$ pytest test.py::my_test[foo(echo malicious)]
bash: syntax error near unexpected element '('
$ pytest test.py::my_test[foo$(echo malicious)]
=== test session starts ===
...
collected 0 items                                                                                                                  

=== no tests ran in 0.00s ===
ERROR: file or directory not found: test.py::my_test[foomalicious]

$ pytest 'test.py::my_test[foo$(echo malicious)]'
=== test session starts ===
...
collected 0 items                                                                                                                  

=== no tests ran in 0.00s ===
ERROR: file or directory not found: test.py::my_test[foo$(echo malicious)]

Rationale

Commonly, you are executing certain tests changing between them and you forget to wrap test identificators by single quotes.