From 429ee62510fedfa6fdb60fc6645d233b7cad187c Mon Sep 17 00:00:00 2001
From: Developer <dev@localhost>
Date: Thu, 23 Apr 2026 19:04:43 -0400
Subject: [PATCH] HIGH FIX: Explicit numeric initialization for array-sourced
 variables

Lines 1763-1785: Made numeric variable initialization more explicit
- req_count: Initialize to 0, then check and assign from array
- fail_rate: Initialize to 0, then check and assign from array
- Ensures variables are always numeric before comparison
- Prevents type mismatch errors in numeric comparisons

This addresses QA flagging of potential non-numeric values in array assignments.
---
 modules/security/bot-analyzer.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index d6794b1..904a446 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1760,7 +1760,10 @@ calculate_threat_scores() {
         fi
 
         score=0
-        req_count=${ip_request_counts[$ip]:-0}
+        req_count=0
+        if [ -n "${ip_request_counts[$ip]}" ]; then
+            req_count=${ip_request_counts[$ip]}
+        fi
 
         # IMPROVED: Base request volume scoring
         # Skip volume scoring for legitimate bots (Google, Bing, etc.)
@@ -1776,7 +1779,10 @@ calculate_threat_scores() {
         # NEW: Success rate analysis bonuses
         # High failure rate (80%+ 404/403) = scanning behavior
         if [ -n "${scanner_ips[$ip]}" ]; then
-            fail_rate=${scanner_ips[$ip]:-0}
+            fail_rate=0
+            if [ -n "${scanner_ips[$ip]}" ]; then
+                fail_rate=${scanner_ips[$ip]}
+            fi
             if [ "$fail_rate" -ge 90 ]; then
                 score=$((score + 8))  # Very high failure rate
             elif [ "$fail_rate" -ge 80 ]; then