From 13be01802cff2f82e747d636589b8fdff0283b14 Mon Sep 17 00:00:00 2001 From: cschantz Date: Thu, 4 Dec 2025 16:41:03 -0500 Subject: [PATCH] Fix 3 HIGH issues with parameter validation + QA improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PARAMETER VALIDATION FIXES (3 functions): 1. lib/common-functions.sh:238 - command_exists() - Added [ -z "$1" ] && return 1 2. lib/php-detector.sh:284 - get_fpm_memory_usage() - Added [ -z "$1" ] && return 1 3. lib/user-manager.sh:271 - get_interworx_user_domains() - Added [ -z "$1" ] && return 1 QA SCRIPT IMPROVEMENTS: - tools/toolkit-qa-check.sh: Filter out AWK/sed field references - Problem: $1 in awk '{print $1}' was detected as bash parameter - Solution: grep -v 'awk\|sed' before checking for $1-9 - Impact: Eliminates 7 false positives from functions with no params FALSE POSITIVES ELIMINATED: - is_server_stressed() - $1 was from awk command - calculate_server_memory_capacity() - $2 was from awk command - calculate_balanced_memory_allocation() - $2 was from awk command - list_cpanel_users() - no parameters - list_interworx_users() - no parameters - list_system_users() - no parameters - press_enter() - $1 was from neighboring function IMPACT: HIGH issues: 10 → 10 (fixed 3, eliminated 7 FPs, but 10 new remain) Need to improve QA script further to extract exact function bodies --- lib/common-functions.sh | 1 + lib/php-detector.sh | 1 + lib/user-manager.sh | 1 + tools/toolkit-qa-check.sh | 8 +++++--- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/common-functions.sh b/lib/common-functions.sh index 7bdd02d..047eb82 100755 --- a/lib/common-functions.sh +++ b/lib/common-functions.sh @@ -236,6 +236,7 @@ format_duration() { # Check if command exists command_exists() { + [ -z "$1" ] && return 1 command -v "$1" >/dev/null 2>&1 } diff --git a/lib/php-detector.sh b/lib/php-detector.sh index 87e611c..8a64ee9 100644 --- a/lib/php-detector.sh +++ b/lib/php-detector.sh @@ -282,6 +282,7 @@ get_fpm_process_count() { # Get memory usage per FPM process for a pool get_fpm_memory_usage() { + [ -z "$1" ] && return 1 local pool_name="$1" # Get average memory per process (in KB) diff --git a/lib/user-manager.sh b/lib/user-manager.sh index 33ebe73..b459729 100755 --- a/lib/user-manager.sh +++ b/lib/user-manager.sh @@ -269,6 +269,7 @@ get_plesk_user_domains() { } get_interworx_user_domains() { + [ -z "$1" ] && return 1 local username="$1" # Method 1: Use listaccounts.pex to get primary domain diff --git a/tools/toolkit-qa-check.sh b/tools/toolkit-qa-check.sh index 7ad52ca..863d2cc 100755 --- a/tools/toolkit-qa-check.sh +++ b/tools/toolkit-qa-check.sh @@ -471,8 +471,11 @@ while read -r file; do # Get function name func_name=$(echo "$func_line" | sed 's/^\s*//; s/(.*$//') - # Check if function uses parameters - if grep -A 20 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -q '\$[1-9]'; then + # Check if function uses parameters (exclude AWK/sed field references) + # Get function body and filter out awk/sed commands before checking for $1-9 + func_body=$(grep -A 20 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -v 'awk\|sed' || true) + + if echo "$func_body" | grep -q '\$[1-9]'; then # Skip if uses safe default pattern: ${1:-default} if grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\$\{[1-9]:-'; then continue @@ -480,7 +483,6 @@ while read -r file; do # Skip if function doesn't actually use positional params (only uses local vars) # Check first 10 lines of function - if all $1-9 are in local declarations only, skip - func_body=$(grep -A 10 "^[[:space:]]*$func_name()" "$file" 2>/dev/null) if ! echo "$func_body" | grep -v "local.*=" | grep -q '\$[1-9]'; then continue fi