From 55dc21f6e5ba594650dc4a52ab417b3e5894f824 Mon Sep 17 00:00:00 2001 From: Developer Date: Thu, 23 Apr 2026 22:15:37 -0400 Subject: [PATCH] CRITICAL FIX: Repair broken awk string concatenation in fingerprinting functions TWO CRITICAL BUGS FIXED: 1. calculate_bot_fingerprint() - Line 1309: BROKEN: printf '...' > tmpdir "/bot_fingerprints.txt" FIXED: Created fingerprint_file variable in BEGIN block Issue: Awk string concatenation in redirection doesn't work with space 2. analyze_domain_targeting_percentage() - Line 1382: BROKEN: awk -F'|' '...' -v tmpdir (wrong flag position) FIXED: awk -F'|' -v tmpdir '...' (flags before script) Issue: AWK requires -v flags BEFORE the script, not after Removed unused domain_file variable assignment These bugs prevented fingerprinting functions from writing output files, causing script to fail at 'Calculating threat scores...' phase. --- modules/security/bot-analyzer.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh index c20a05f..75ce99e 100755 --- a/modules/security/bot-analyzer.sh +++ b/modules/security/bot-analyzer.sh @@ -1219,6 +1219,7 @@ calculate_bot_fingerprint() { awk -F'|' -v tmpdir="$TEMP_DIR" ' BEGIN { # Initialize tracking arrays + fingerprint_file = tmpdir "/bot_fingerprints.txt" } { ip = $1 @@ -1306,10 +1307,10 @@ calculate_bot_fingerprint() { # Output fingerprint for high-confidence bots (score >= 60) if (score >= 60) { - printf "%s|%d|%d\n", ip, score, signal_count > tmpdir "/bot_fingerprints.txt" + printf "%s|%d|%d\n", ip, score, signal_count > fingerprint_file } } - close(tmpdir "/bot_fingerprints.txt") + close(fingerprint_file) } ' < "$TEMP_DIR/parsed_logs.txt" 2>/dev/null || true @@ -1356,7 +1357,7 @@ analyze_domain_targeting_percentage() { # Also create per-domain attack type breakdown # Format: domain|attack_type|ip|count if [ -f "$TEMP_DIR/attack_vectors_raw.txt" ]; then - awk -F'|' ' + awk -F'|' -v tmpdir="$TEMP_DIR" ' { ip = $1 domain = $2 @@ -1368,7 +1369,6 @@ analyze_domain_targeting_percentage() { } END { for (domain in attack_data) { - domain_file = tmpdir "/domain_attacks_" domain ".txt" for (attack_type in attack_data[domain]) { total = attack_totals[domain][attack_type] for (ip in attack_data[domain][attack_type]) { @@ -1378,7 +1378,7 @@ analyze_domain_targeting_percentage() { } } } - ' -v tmpdir="$TEMP_DIR" < "$TEMP_DIR/attack_vectors_raw.txt" + ' < "$TEMP_DIR/attack_vectors_raw.txt" fi print_success "Domain attack pattern analysis complete"