cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CRITICAL FIX: Protect all array variable accesses in threat scoring loop

Browse Source 
Lines 1812-1850: Protected all array accesses with default guards
- header_score: Added ${header_score:-0} guards
- fuzz_requests: Added ${fuzz_requests:-0} guards
- admin_count: Changed from 2>/dev/null to ${admin_count:-0} guards
- scan_404: Changed from 2>/dev/null to ${scan_404:-0} guards

These were causing type mismatches when array values were undefined.
This was the root cause of script exit after 'Calculating threat scores'.
This commit is contained in:
Developer
2026-04-23 20:26:14 -04:00
parent e360f12aab
commit 62ee9674d8
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/bot-analyzer.sh
+8 -8
View File
@@ -1809,8 +1809,8 @@ calculate_threat_scores() {
# NEW: Header anomalies (strong indicator of bots)
if [ -n "${header_anomalies[$ip]}" ]; then
header_score=${header_anomalies[$ip]}
if [ "$header_score" -ge 12 ]; then
header_score=${header_anomalies[$ip]:-0}
if [ "${header_score:-0}" -ge 12 ]; then
score=$((score + 8)) # Multiple header suspicions
elif [ "$header_score" -ge 8 ]; then
score=$((score + 5)) # Moderate header anomalies
@@ -1824,10 +1824,10 @@ calculate_threat_scores() {
# NEW: Fuzzing/parameter scanning behavior
if [ -n "${fuzzing_ips[$ip]}" ]; then
fuzz_requests=${fuzzing_ips[$ip]}
if [ "$fuzz_requests" -gt 100 ]; then
fuzz_requests=${fuzzing_ips[$ip]:-0}
if [ "${fuzz_requests:-0}" -gt 100 ]; then
score=$((score + 7)) # Aggressive fuzzing
elif [ "$fuzz_requests" -gt 50 ]; then
elif [ "${fuzz_requests:-0}" -gt 50 ]; then
score=$((score + 4)) # Moderate fuzzing
fi
fi
@@ -1839,15 +1839,15 @@ calculate_threat_scores() {
# Admin probing - IMPROVED: Raised threshold to 50 (only failed attempts counted)
admin_count=${threat_admin_count[$ip]:-0}
if [ "$admin_count" -gt 100 ] 2>/dev/null; then
if [ "${admin_count:-0}" -gt 100 ]; then
score=$((score + 10)) # Excessive probing
elif [ "$admin_count" -gt 50 ] 2>/dev/null; then
elif [ "${admin_count:-0}" -gt 50 ]; then
score=$((score + 5)) # Moderate probing
fi
# 404 scanning
scan_404=${threat_404_count[$ip]:-0}
[ "$scan_404" -gt 50 ] 2>/dev/null && score=$((score + 3))
[ "${scan_404:-0}" -gt 50 ] && score=$((score + 3))
# OPTIMIZATION: Skip external API calls for performance
# Threat Intelligence Enrichment can be done post-analysis for high-risk IPs only