From 55067a339a0debb60971b8cb403d4f80bcb899ea Mon Sep 17 00:00:00 2001 From: cschantz Date: Mon, 22 Dec 2025 18:34:07 -0500 Subject: [PATCH] Fix CRITICAL: Remove 'local' outside function scope in malware-scanner.sh QA Check Issue: CHECK 31 - 'local' keyword outside function context Severity: CRITICAL - Causes runtime errors Problem: The 'local' keyword can only be used inside bash functions. Using it at the global scope or inside while loops (but outside functions) causes "local: can only be used in a function" runtime error. Found 7 instances: - Line 1043: flagged_ips (inside heredoc while loop) - Line 1046: filename (inside heredoc while loop) - Line 1047: filepath (inside heredoc while loop) - Line 1060: ip (inside nested while loop #1) - Line 1078: ip (inside nested while loop #2) - Line 1171: paths_declaration (outside any function) - Line 1223: scan_pid (outside any function) Fix: Changed all 7 instances from 'local var=' to 'var=' since they are not inside function scope. These variables are still properly scoped within their respective while loops or code blocks. Impact: - Prevents runtime errors when script executes - Maintains correct variable scoping - No functional changes to logic Verification: - bash -n syntax check: PASSED - All 'local' keywords now only appear inside functions - Script logic unchanged --- modules/security/malware-scanner.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 0241007..966fd4a 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -1040,11 +1040,11 @@ done echo "────────────────────────────────────────" # Correlate infected files with Apache logs to find uploading IPs - local flagged_ips=0 + flagged_ips=0 while read -r infected_file; do # Extract file path components - local filename=$(basename "$infected_file") - local filepath=$(dirname "$infected_file") + filename=$(basename "$infected_file") + filepath=$(dirname "$infected_file") # Try to find corresponding Apache access logs # Look for POST requests to the directory containing the infected file @@ -1057,7 +1057,7 @@ done # Check if this log corresponds to the domain/user grep -h "POST.*${filepath}" "$logfile" 2>/dev/null | tail -20 | while read -r logline; do # Extract IP from Apache log line - local ip=$(echo "$logline" | awk '{print $1}') + ip=$(echo "$logline" | awk '{print $1}') if [ -n "$ip" ] && [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then # Flag this IP in reputation database if type flag_ip_attack &>/dev/null; then @@ -1075,7 +1075,7 @@ done # Check if this log corresponds to the domain/user grep -h "POST.*${filepath}" "$logfile" 2>/dev/null | tail -20 | while read -r logline; do # Extract IP from Apache log line - local ip=$(echo "$logline" | awk '{print $1}') + ip=$(echo "$logline" | awk '{print $1}') if [ -n "$ip" ] && [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then # Flag this IP in reputation database if type flag_ip_attack &>/dev/null; then @@ -1168,7 +1168,7 @@ exec bash STANDALONE_EOF # Replace placeholder with actual paths - local paths_declaration="SCAN_PATHS=(" + paths_declaration="SCAN_PATHS=(" for path in "${scan_paths[@]}"; do paths_declaration+="\"$path\" " done @@ -1220,7 +1220,7 @@ STANDALONE_EOF echo "" echo "Launching scan with nohup (background mode)..." nohup bash "$session_dir/scan.sh" > "$session_dir/logs/nohup.out" 2>&1 & - local scan_pid=$! + scan_pid=$! sleep 1