From 3698c05b8e8af5797ad35b52e527f5709a881693 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Wed, 3 Dec 2025 20:12:20 -0500
Subject: [PATCH] Fix final 10 HIGH integer comparisons in live-attack-monitor
 and ip-reputation-manager
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

FIXES:
live-attack-monitor.sh:
- Line 1805: $hits → ${hits:-0} (SSH bruteforce first hit check)
- Line 1859: $score → ${score:-0} (cap at 100)
- Line 2195: $hits → ${hits:-0} (Email bruteforce first hit check)
- Line 2239: $score → ${score:-0} (cap at 100)
- Line 2314: $hits → ${hits:-0} (FTP bruteforce first hit check)
- Line 2358: $score → ${score:-0} (cap at 100)
- Line 2435: $is_new_attack → ${is_new_attack:-0} (DB attack check)
- Line 2479: $score → ${score:-0} (cap at 100)

ip-reputation-manager.sh:
- Line 156: $hit_count → ${hit_count:-0}
- Line 158: $hit_count → ${hit_count:-0}

IMPACT:
- Prevents errors in threat scoring calculations
- Safe defaults for all attack pattern detection
- More robust live monitoring

QA STATUS AFTER THIS COMMIT:
- Security modules: ALL HIGH issues FIXED ✓
- 10 HIGH issues remain in backup/maintenance modules
- Total issues: 30 (0 CRITICAL, 10 HIGH, 9 MEDIUM, 11 LOW)
---
 modules/security/ip-reputation-manager.sh |  4 ++--
 modules/security/live-attack-monitor.sh   | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/security/ip-reputation-manager.sh b/modules/security/ip-reputation-manager.sh
index 1702c37..5eef52d 100755
--- a/modules/security/ip-reputation-manager.sh
+++ b/modules/security/ip-reputation-manager.sh
@@ -153,9 +153,9 @@ view_top_active() {
 
         # Color code by hit count
         local color="$NC"
-        if [ $hit_count -gt 10000 ]; then
+        if [ "${hit_count:-0}" -gt 10000 ]; then
             color="$RED$BOLD"
-        elif [ $hit_count -gt 1000 ]; then
+        elif [ "${hit_count:-0}" -gt 1000 ]; then
             color="$YELLOW"
         fi
 
diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh
index 5cace74..2ffa8c2 100755
--- a/modules/security/live-attack-monitor.sh
+++ b/modules/security/live-attack-monitor.sh
@@ -1802,7 +1802,7 @@ monitor_ssh_attacks() {
 
                     # Progressive scoring for bruteforce: Each attempt adds points
                     # First attempt: 10 pts, subsequent attempts: +8 pts each
-                    if [ $hits -eq 1 ]; then
+                    if [ "${hits:-0}" -eq 1 ]; then
                         score=10
                     else
                         score=$((score + 8))
@@ -1856,7 +1856,7 @@ monitor_ssh_attacks() {
                     fi
 
                     # Cap at 100
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2192,7 +2192,7 @@ monitor_email_attacks() {
                     fi
 
                     # Progressive scoring: Each email bruteforce attempt adds points
-                    if [ $hits -eq 1 ]; then
+                    if [ "${hits:-0}" -eq 1 ]; then
                         score=10
                     else
                         score=$((score + 8))
@@ -2236,7 +2236,7 @@ monitor_email_attacks() {
                         block_reasons="${block_reasons}${context_reason}"
                     fi
 
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2311,7 +2311,7 @@ monitor_ftp_attacks() {
                     fi
 
                     # Progressive scoring: Each FTP bruteforce attempt adds points
-                    if [ $hits -eq 1 ]; then
+                    if [ "${hits:-0}" -eq 1 ]; then
                         score=10
                     else
                         score=$((score + 8))
@@ -2355,7 +2355,7 @@ monitor_ftp_attacks() {
                         block_reasons="${block_reasons}${context_reason}"
                     fi
 
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2432,7 +2432,7 @@ monitor_database_attacks() {
                     fi
 
                     # Progressive scoring: First DB attack = 15pts, each additional = 12pts
-                    if [ $is_new_attack -eq 1 ]; then
+                    if [ "${is_new_attack:-0}" -eq 1 ]; then
                         score=$((score + 15))
                     else
                         score=$((score + 12))
@@ -2476,7 +2476,7 @@ monitor_database_attacks() {
                         block_reasons="${block_reasons}${context_reason}"
                     fi
 
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"