diff --git a/tools/toolkit-qa-check.sh b/tools/toolkit-qa-check.sh index b42a183..94209d3 100755 --- a/tools/toolkit-qa-check.sh +++ b/tools/toolkit-qa-check.sh @@ -58,7 +58,7 @@ echo "" #============================================================================== # CHECK 1: grep -F with regex anchors (CRITICAL - causes wrong results) #============================================================================== -echo "[1/30] Checking: grep -F with regex anchors..." +echo "[1/31] Checking: grep -F with regex anchors..." { echo "## CHECK 1: grep -F with regex anchors" echo "Severity: CRITICAL" @@ -79,7 +79,7 @@ echo "" #============================================================================== # CHECK 2: SCRIPT_DIR collisions (HIGH - causes path errors) #============================================================================== -echo "[2/30] Checking: SCRIPT_DIR variable collisions..." +echo "[2/31] Checking: SCRIPT_DIR variable collisions..." { echo "## CHECK 2: SCRIPT_DIR variable collisions" echo "Severity: HIGH" @@ -99,7 +99,7 @@ echo "" #============================================================================== # CHECK 3: SYS_* variable resets (CRITICAL - breaks system detection) #============================================================================== -echo "[3/30] Checking: SYS_* variable resets..." +echo "[3/31] Checking: SYS_* variable resets..." { echo "## CHECK 3: SYS_* variable resets without protection" echo "Severity: CRITICAL" @@ -120,7 +120,7 @@ echo "" #============================================================================== # CHECK 4: Missing function exports (HIGH - functions unavailable) #============================================================================== -echo "[4/30] Checking: Missing function exports..." +echo "[4/31] Checking: Missing function exports..." { echo "## CHECK 4: Missing function exports in libraries" echo "Severity: HIGH" @@ -145,7 +145,7 @@ echo "" #============================================================================== # CHECK 5: Integer comparisons without empty checks (HIGH - causes errors) #============================================================================== -echo "[5/30] Checking: Unsafe integer comparisons (top 10)..." +echo "[5/31] Checking: Unsafe integer comparisons (top 10)..." { echo "## CHECK 5: Integer comparisons without empty checks" echo "Severity: HIGH" @@ -170,7 +170,7 @@ echo "" #============================================================================== # CHECK 6: Missing common-functions.sh (HIGH - command not found) #============================================================================== -echo "[6/30] Checking: Missing common-functions.sh..." +echo "[6/31] Checking: Missing common-functions.sh..." { echo "## CHECK 6: Missing common-functions.sh sourcing" echo "Severity: HIGH" @@ -190,7 +190,7 @@ echo "" #============================================================================== # CHECK 7: exit in libraries (HIGH - terminates parent script) #============================================================================== -echo "[7/30] Checking: exit in library files..." +echo "[7/31] Checking: exit in library files..." { echo "## CHECK 7: exit in sourced libraries" echo "Severity: HIGH" @@ -215,7 +215,7 @@ echo "" #============================================================================== # CHECK 8: bc command usage (LOW - external dependency) #============================================================================== -echo "[8/30] Checking: bc command usage..." +echo "[8/31] Checking: bc command usage..." { echo "## CHECK 8: bc command usage" echo "Severity: LOW" @@ -238,7 +238,7 @@ echo "" #============================================================================== # CHECK 9: Hardcoded /var/cpanel paths (MEDIUM - breaks multi-panel) #============================================================================== -echo "[9/30] Checking: Hardcoded /var/cpanel paths..." +echo "[9/31] Checking: Hardcoded /var/cpanel paths..." { echo "## CHECK 9: Hardcoded /var/cpanel paths" echo "Severity: MEDIUM" @@ -264,7 +264,7 @@ echo "" #============================================================================== # CHECK 10: Undefined color variables (LOW - cosmetic issue) #============================================================================== -echo "[10/30] Checking: Undefined color variables..." +echo "[10/31] Checking: Undefined color variables..." { echo "## CHECK 10: Undefined color variables" echo "Severity: LOW" @@ -289,7 +289,7 @@ echo "" #============================================================================== # CHECK 11: Bash syntax validation (CRITICAL - prevents execution) #============================================================================== -echo "[11/30] Checking: Bash syntax errors..." +echo "[11/31] Checking: Bash syntax errors..." { echo "## CHECK 11: Bash syntax validation" echo "Severity: CRITICAL" @@ -310,7 +310,7 @@ echo "" #============================================================================== # CHECK 12: Dangerous rm commands (CRITICAL - data loss risk) #============================================================================== -echo "[12/30] Checking: Dangerous rm commands..." +echo "[12/31] Checking: Dangerous rm commands..." { echo "## CHECK 12: Dangerous rm commands" echo "Severity: CRITICAL" @@ -339,7 +339,7 @@ echo "" #============================================================================== # CHECK 13: Unquoted variable expansions (HIGH - word splitting/globbing risks) #============================================================================== -echo "[13/30] Checking: Unquoted variables in dangerous contexts..." +echo "[13/31] Checking: Unquoted variables in dangerous contexts..." { echo "## CHECK 13: Unquoted variable expansions" echo "Severity: HIGH" @@ -363,7 +363,7 @@ echo "" #============================================================================== # CHECK 14: Command injection via eval (CRITICAL - arbitrary code execution) #============================================================================== -echo "[14/30] Checking: Command injection risks..." +echo "[14/31] Checking: Command injection risks..." { echo "## CHECK 14: Command injection via eval" echo "Severity: CRITICAL" @@ -384,7 +384,7 @@ echo "" #============================================================================== # CHECK 15: Temp file security (MEDIUM - race conditions/predictable names) #============================================================================== -echo "[15/30] Checking: Temp file security..." +echo "[15/31] Checking: Temp file security..." { echo "## CHECK 15: Insecure temp file creation" echo "Severity: MEDIUM" @@ -407,7 +407,7 @@ echo "" #============================================================================== # CHECK 16: TODO/FIXME/HACK markers (LOW - technical debt tracking) #============================================================================== -echo "[16/30] Checking: Technical debt markers..." +echo "[16/31] Checking: Technical debt markers..." { echo "## CHECK 16: TODO/FIXME/HACK comments" echo "Severity: LOW" @@ -431,7 +431,7 @@ echo "" #============================================================================== # CHECK 17: Duplicate function definitions (MEDIUM - causes conflicts) #============================================================================== -echo "[17/30] Checking: Duplicate function definitions..." +echo "[17/31] Checking: Duplicate function definitions..." { echo "## CHECK 17: Duplicate function definitions" echo "Severity: MEDIUM" @@ -457,7 +457,7 @@ echo "" #============================================================================== # CHECK 18: Missing input validation (HIGH - security/reliability risk) #============================================================================== -echo "[18/30] Checking: Missing input validation..." +echo "[18/31] Checking: Missing input validation..." { echo "## CHECK 18: Functions without parameter validation" echo "Severity: HIGH" @@ -555,7 +555,7 @@ echo "" #============================================================================== # CHECK 19: Long functions (MEDIUM - maintainability issue) #============================================================================== -echo "[19/30] Checking: Overly long functions..." +echo "[19/31] Checking: Overly long functions..." { echo "## CHECK 19: Long functions (>100 lines)" echo "Severity: MEDIUM" @@ -600,7 +600,7 @@ echo "" #============================================================================== # CHECK 20: ShellCheck integration (if available) #============================================================================== -echo "[20/30] Checking: ShellCheck warnings (if available)..." +echo "[20/31] Checking: ShellCheck warnings (if available)..." { echo "## CHECK 20: ShellCheck static analysis" echo "Severity: VARIES" @@ -636,7 +636,7 @@ echo "" #============================================================================== # CHECK 21: Using [ ] instead of [[ ]] (MEDIUM - less safe) #============================================================================== -echo "[21/30] Checking: Single bracket conditionals..." +echo "[21/31] Checking: Single bracket conditionals..." { echo "## CHECK 21: Using [ ] instead of [[ ]]" echo "Severity: MEDIUM" @@ -664,7 +664,7 @@ echo "" #============================================================================== # CHECK 22: Looping over ls output (HIGH - fatally flawed pattern) #============================================================================== -echo "[22/30] Checking: Loops over ls output..." +echo "[22/31] Checking: Loops over ls output..." { echo "## CHECK 22: Looping over ls output" echo "Severity: HIGH" @@ -684,7 +684,7 @@ echo "" #============================================================================== # CHECK 23: Missing set -euo pipefail (MEDIUM - silent failures) #============================================================================== -echo "[23/30] Checking: Missing error handling flags..." +echo "[23/31] Checking: Missing error handling flags..." { echo "## CHECK 23: Missing set -euo pipefail" echo "Severity: MEDIUM" @@ -717,7 +717,7 @@ echo "" #============================================================================== # CHECK 24: Unused variables (LOW - dead code) #============================================================================== -echo "[24/30] Checking: Unused variables..." +echo "[24/31] Checking: Unused variables..." { echo "## CHECK 24: Unused variables" echo "Severity: LOW" @@ -748,7 +748,7 @@ echo "" #============================================================================== # CHECK 25: Backticks instead of $() (LOW - deprecated syntax) #============================================================================== -echo "[25/30] Checking: Deprecated backticks..." +echo "[25/31] Checking: Deprecated backticks..." { echo "## CHECK 25: Using backticks instead of \$()" echo "Severity: LOW" @@ -768,7 +768,7 @@ echo "" #============================================================================== # CHECK 26: Missing or wrong shebang (HIGH - execution issues) #============================================================================== -echo "[26/30] Checking: Shebang issues..." +echo "[26/31] Checking: Shebang issues..." { echo "## CHECK 26: Missing or incorrect shebang" echo "Severity: HIGH" @@ -801,7 +801,7 @@ echo "" #============================================================================== # CHECK 27: Not checking command exit status (MEDIUM - silent failures) #============================================================================== -echo "[27/30] Checking: Unchecked critical commands..." +echo "[27/31] Checking: Unchecked critical commands..." { echo "## CHECK 27: Critical commands without exit status checks" echo "Severity: MEDIUM" @@ -831,7 +831,7 @@ echo "" #============================================================================== # CHECK 28: Incorrect string/number comparison (HIGH - type confusion) #============================================================================== -echo "[28/30] Checking: Type confusion in comparisons..." +echo "[28/31] Checking: Type confusion in comparisons..." { echo "## CHECK 28: Using wrong comparison operators" echo "Severity: HIGH" @@ -856,7 +856,7 @@ echo "" #============================================================================== # CHECK 29: Unsafe array iteration (MEDIUM - word splitting) #============================================================================== -echo "[29/30] Checking: Unsafe array expansions..." +echo "[29/31] Checking: Unsafe array expansions..." { echo "## CHECK 29: Array iteration without quotes" echo "Severity: MEDIUM" @@ -882,7 +882,7 @@ echo "" #============================================================================== # CHECK 30: Hardcoded credentials or secrets (CRITICAL - security) #============================================================================== -echo "[30/30] Checking: Hardcoded credentials..." +echo "[30/31] Checking: Hardcoded credentials..." { echo "## CHECK 30: Hardcoded passwords/API keys" echo "Severity: CRITICAL" @@ -901,6 +901,59 @@ done < <(grep -rniE '(password|passwd|api_key|apikey|secret|token)=' "$TOOLKIT_P echo "" } >> "$REPORT" +#============================================================================== +# CHECK 31: local keyword outside functions (CRITICAL - script fails) +#============================================================================== +echo "[31/31] Checking: 'local' outside functions..." +{ +echo "## CHECK 31: 'local' keyword outside function context" +echo "Severity: CRITICAL" +echo "Issue: 'local' can only be used inside functions, causes runtime error" +echo "" + +while read -r file; do + # Read entire file and track function boundaries + in_function=0 + brace_depth=0 + line_num=0 + + while IFS= read -r line_content; do + line_num=$((line_num + 1)) + + # Skip comments + if echo "$line_content" | grep -q '^\s*#'; then + continue + fi + + # Detect function start + if echo "$line_content" | grep -qE '^\s*[a-zA-Z_][a-zA-Z0-9_]*\s*\(\)'; then + in_function=1 + brace_depth=0 + fi + + # Track braces + open_braces=$(echo "$line_content" | grep -o '{' | wc -l) + close_braces=$(echo "$line_content" | grep -o '}' | wc -l) + brace_depth=$((brace_depth + open_braces - close_braces)) + + # If we were in a function and braces are now balanced back to 0, we've exited + if [ "$in_function" -eq 1 ] && [ "$brace_depth" -le 0 ]; then + in_function=0 + fi + + # Check for 'local' keyword outside function + if [ "$in_function" -eq 0 ]; then + if echo "$line_content" | grep -qE '^\s*local\s+[a-zA-Z_]'; then + echo "CRITICAL|$file|$line_num|'local' keyword outside function (runtime error)" + count_issue "CRITICAL" + fi + fi + done < "$file" +done < <(find "$TOOLKIT_PATH" -name "*.sh" -type f 2>/dev/null) + +echo "" +} >> "$REPORT" + #============================================================================== # PERFORMANCE CHECKS (INFO level - not counted as issues) #==============================================================================