Fix URL sample limit logic in historical attack analyzer
Bug Found During Logic Review: The URL sample storage was supposed to keep max 3 URLs per IP, but was actually storing 4 URLs. Root Cause (lines 254-263): The logic counted delimiters AFTER checking the limit: url_count = delimiters in string # 0 for first URL, 1 for second, 2 for third if url_count < 3: add URL # Allows 0,1,2 → stores 3 URLs ✅ But on 4th URL: url_count = 2 (two delimiters) if 2 < 3: add URL # TRUE! Stores 4th URL ❌ The check needs to count EXISTING URLs, not delimiters. Fix Applied: Count URLs correctly by adding 1 to delimiter count: url_count = (delimiters + 1) # Actual URL count if url_count < 3: add URL # Only adds if <3 URLs exist Testing: Before: 5 URLs attempted → stored 4 URLs ❌ After: 5 URLs attempted → stored 3 URLs ✅ /test1.php||/test2.php||/test3.php URLs 4 and 5 correctly skipped QA Check Results: ✅ No CRITICAL issues ✅ No syntax errors ✅ All logic tests pass - 3 minor issues (duplicate function, no parameter validation) These are acceptable for a tool script
This commit is contained in:
cschantz
@@ -253,11 +253,14 @@ uri="${temp#*||}"
|
||||
|
||||
# Store sample URL (keep first 3)
|
||||
current_urls="${IP_SAMPLE_URLS[$ip]}"
|
||||
url_count=$(echo "$current_urls" | grep -o "||" | wc -l)
|
||||
if [ "$url_count" -lt 3 ]; then
|
||||
if [ -z "$current_urls" ]; then
|
||||
IP_SAMPLE_URLS["$ip"]="${uri:0:100}"
|
||||
else
|
||||
if [ -z "$current_urls" ]; then
|
||||
# First URL
|
||||
IP_SAMPLE_URLS["$ip"]="${uri:0:100}"
|
||||
else
|
||||
# Count existing URLs by counting delimiters + 1
|
||||
url_count=$(echo "$current_urls" | grep -o "||" | wc -l)
|
||||
url_count=$((url_count + 1))
|
||||
if [ "$url_count" -lt 3 ]; then
|
||||
IP_SAMPLE_URLS["$ip"]="$current_urls||${uri:0:100}"
|
||||
fi
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user