cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix 10 HIGH integer comparisons in security modules (malware-scanner, optimize-ct-limit, live-attack-monitor)

Browse Source 
FIXES:
malware-scanner.sh:
- Line 433: $skip → ${skip:-0}
- Line 938: $flagged_ips → ${flagged_ips:-0}

optimize-ct-limit.sh:
- Line 811: $AUTO_MODE → ${AUTO_MODE:-0}
- Line 845: $AUTO_MODE → ${AUTO_MODE:-0}
- Line 879: $AUTO_MODE → ${AUTO_MODE:-0}

live-attack-monitor.sh:
- Line 232: $hits → ${hits:-0}
- Line 253: $new_score → ${new_score:-0}
- Line 260: $new_score → ${new_score:-0}
- Line 269: $new_score → ${new_score:-0}
- Line 319: $hits → ${hits:-0}

IMPACT:
- Prevents "integer expression expected" errors
- Safe defaults for all integer comparisons
- More robust error handling

QA STATUS:
- 10 more HIGH issues remain in live-attack-monitor.sh
- Will address in next commit
This commit is contained in:
cschantz
2025-12-03 20:09:22 -05:00
parent 07961d76ed
commit 87118c5036
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/live-attack-monitor.sh
+5 -5
View File
@@ -229,7 +229,7 @@ update_ip_intelligence() {
hits=$((hits + 1)) hits=$((hits + 1))
# Enrich with threat intelligence on first encounter (hits == 1) # Enrich with threat intelligence on first encounter (hits == 1)
if [ $hits -eq 1 ]; then if [ "${hits:-0}" -eq 1 ]; then
# Check if whitelisted first # Check if whitelisted first
if is_whitelisted_service "$ip" 2>/dev/null; then if is_whitelisted_service "$ip" 2>/dev/null; then
score=0 score=0
@@ -250,14 +250,14 @@ update_ip_intelligence() {
local current_data="${IP_DATA[$ip]}" local current_data="${IP_DATA[$ip]}"
IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data" IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
local new_score=$((old_score + 30)) local new_score=$((old_score + 30))
[ $new_score -gt 100 ] && new_score=100 [ "${new_score:-0}" -gt 100 ] && new_score=100
IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep" IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
elif [ "${abuse_conf:-0}" -ge 50 ]; then elif [ "${abuse_conf:-0}" -ge 50 ]; then
# Medium confidence - add 15 points # Medium confidence - add 15 points
local current_data="${IP_DATA[$ip]}" local current_data="${IP_DATA[$ip]}"
IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data" IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
local new_score=$((old_score + 15)) local new_score=$((old_score + 15))
[ $new_score -gt 100 ] && new_score=100 [ "${new_score:-0}" -gt 100 ] && new_score=100
IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep" IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
fi fi
@@ -266,7 +266,7 @@ update_ip_intelligence() {
local current_data="${IP_DATA[$ip]}" local current_data="${IP_DATA[$ip]}"
IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data" IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
local new_score=$((old_score + 5)) local new_score=$((old_score + 5))
[ $new_score -gt 100 ] && new_score=100 [ "${new_score:-0}" -gt 100 ] && new_score=100
IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep" IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
fi fi
) & ) &
@@ -316,7 +316,7 @@ update_ip_intelligence() {
fi fi
# Request volume scoring # Request volume scoring
if [ $hits -gt 100 ]; then if [ "${hits:-0}" -gt 100 ]; then
score=$((score + 5)) score=$((score + 5))
elif [ $hits -gt 50 ]; then elif [ $hits -gt 50 ]; then
score=$((score + 3)) score=$((score + 3))
modules/security/malware-scanner.sh
+2 -2
View File
@@ -430,7 +430,7 @@ sanitize_docroots() {
fi fi
done done
if [ $skip -eq 0 ]; then if [ "${skip:-0}" -eq 0 ]; then
sanitized_docroot+=("$docroot") sanitized_docroot+=("$docroot")
fi fi
done done
@@ -935,7 +935,7 @@ done
fi fi
done < <(sort -u "$INFECTED_LIST" | head -20) # Limit to first 20 files to avoid long processing done < <(sort -u "$INFECTED_LIST" | head -20) # Limit to first 20 files to avoid long processing
if [ $flagged_ips -gt 0 ]; then if [ "${flagged_ips:-0}" -gt 0 ]; then
echo "✓ Flagged $flagged_ips IPs in reputation database" echo "✓ Flagged $flagged_ips IPs in reputation database"
echo " (See $LOG_DIR/flagged_ips.log for details)" echo " (See $LOG_DIR/flagged_ips.log for details)"
else else
modules/security/optimize-ct-limit.sh
+3 -3
View File
@@ -808,7 +808,7 @@ main() {
AUTO_MODE=1 AUTO_MODE=1
fi fi
if [ $AUTO_MODE -eq 0 ]; then if [ "${AUTO_MODE:-0}" -eq 0 ]; then
clear clear
print_banner "CT_LIMIT Optimizer - Intelligent Connection Limit Calculator" print_banner "CT_LIMIT Optimizer - Intelligent Connection Limit Calculator"
echo "" echo ""
@@ -842,7 +842,7 @@ main() {
generate_recommendation generate_recommendation
# Apply automatically in auto mode, otherwise ask # Apply automatically in auto mode, otherwise ask
if [ $AUTO_MODE -eq 1 ]; then if [ "${AUTO_MODE:-0}" -eq 1 ]; then
# Extract balanced value from recommendation # Extract balanced value from recommendation
local balanced=$(grep "2. BALANCED" -A1 "$TEMP_ANALYSIS/recommendation.txt" | grep "CT_LIMIT" | grep -oE '[0-9]+') local balanced=$(grep "2. BALANCED" -A1 "$TEMP_ANALYSIS/recommendation.txt" | grep "CT_LIMIT" | grep -oE '[0-9]+')
@@ -876,7 +876,7 @@ main() {
fi fi
echo "" echo ""
if [ $AUTO_MODE -eq 0 ]; then if [ "${AUTO_MODE:-0}" -eq 0 ]; then
print_success "Analysis complete!" print_success "Analysis complete!"
fi fi
} }