Fix HIGH priority issues: library exit, unquoted paths, and globs

Fixed multiple HIGH severity issues found by QA scan:

1. Library exit usage (lib/http-attack-analyzer.sh):
   - Changed exit 1 to return 1
   - Libraries should return, not exit (would terminate caller)

2. Unquoted path expansions (9 fixes):
   - cleanup-toolkit-data.sh: Quoted $pattern in ls/rm commands
   - hardware-health-check.sh: Quoted /sys/block/$disk/queue paths
   - plesk-helpers.sh: Quoted /var/qmail/mailnames/$domain path
   - Prevents breakage with paths containing spaces

3. Unquoted globs in rm commands (3 fixes):
   - erase-toolkit-traces.sh: Quoted glob patterns
   - Prevents unintended file deletion from glob expansion

All changes improve robustness and prevent edge case failures.

lib/http-attack-analyzer.sh

@@ -9,7 +9,7 @@
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "$SCRIPT_DIR/attack-signatures.sh" 2>/dev/null || {
     echo "ERROR: attack-signatures.sh not found" >&2
-    exit 1
+    return 1
 }
 
 # Analyze a single HTTP request log line

lib/plesk-helpers.sh

@@ -357,7 +357,7 @@ plesk_list_mailboxes() {
     else
         # Fallback: scan mailnames directory
         [ -d "/var/qmail/mailnames/$domain" ] && \
-            ls -1 /var/qmail/mailnames/$domain/ 2>/dev/null
+            ls -1 "/var/qmail/mailnames/$domain/" 2>/dev/null
     fi
 }
 

modules/maintenance/cleanup-toolkit-data.sh

@@ -100,8 +100,8 @@ echo ""
 echo -e "${BOLD}Temporary Analysis Files:${NC}"
 # Bot analyzer temp files
 for pattern in /tmp/bot_analysis_* /tmp/*_bot_*.txt; do
-    if ls $pattern 2>/dev/null | grep -q .; then
-        rm -f $pattern 2>/dev/null
+    if ls "$pattern" 2>/dev/null | grep -q .; then
+        rm -f "$pattern" 2>/dev/null
         echo -e "  ${GREEN}✓${NC} Removed: Bot analysis temp files"
         ((cleaned_count++))
         break
@@ -110,8 +110,8 @@ done
 
 # 500 error tracker temp files
 for pattern in /tmp/500-tracker-* /tmp/*500*.txt; do
-    if ls $pattern 2>/dev/null | grep -q .; then
-        rm -rf $pattern 2>/dev/null
+    if ls "$pattern" 2>/dev/null | grep -q .; then
+        rm -rf "$pattern" 2>/dev/null
         echo -e "  ${GREEN}✓${NC} Removed: 500 error tracker temp files"
         ((cleaned_count++))
         break
@@ -120,8 +120,8 @@ done
 
 # Live monitoring temp files
 for pattern in /tmp/live-monitor-* /tmp/*monitor*.tmp; do
-    if ls $pattern 2>/dev/null | grep -q .; then
-        rm -rf $pattern 2>/dev/null
+    if ls "$pattern" 2>/dev/null | grep -q .; then
+        rm -rf "$pattern" 2>/dev/null
         echo -e "  ${GREEN}✓${NC} Removed: Live monitoring temp files"
         ((cleaned_count++))
         break
@@ -130,8 +130,8 @@ done
 
 # Error analyzer temp files
 for pattern in /tmp/error_analysis_* /tmp/*error*.tmp; do
-    if ls $pattern 2>/dev/null | grep -q .; then
-        rm -f $pattern 2>/dev/null
+    if ls "$pattern" 2>/dev/null | grep -q .; then
+        rm -f "$pattern" 2>/dev/null
         echo -e "  ${GREEN}✓${NC} Removed: Error analyzer temp files"
         ((cleaned_count++))
         break
@@ -140,8 +140,8 @@ done
 
 # Generic toolkit temp files
 for pattern in /tmp/toolkit_* /tmp/server-toolkit*; do
-    if ls $pattern 2>/dev/null | grep -q .; then
-        rm -rf $pattern 2>/dev/null
+    if ls "$pattern" 2>/dev/null | grep -q .; then
+        rm -rf "$pattern" 2>/dev/null
         echo -e "  ${GREEN}✓${NC} Removed: Generic toolkit temp files"
         ((cleaned_count++))
         break
@@ -153,9 +153,9 @@ echo ""
 echo -e "${BOLD}Generated Reports:${NC}"
 # Look for common report locations
 for pattern in /tmp/*_report_*.txt /tmp/*_analysis_*.txt /root/*toolkit*.txt /root/*_report*.txt; do
-    if ls $pattern 2>/dev/null | grep -q .; then
-        count=$(ls $pattern 2>/dev/null | wc -l)
-        rm -f $pattern 2>/dev/null
+    if ls "$pattern" 2>/dev/null | grep -q .; then
+        count=$(ls "$pattern" 2>/dev/null | wc -l)
+        rm -f "$pattern" 2>/dev/null
         echo -e "  ${GREEN}✓${NC} Removed: $count report file(s)"
         ((cleaned_count++))
         break

modules/performance/hardware-health-check.sh

@@ -1425,8 +1425,8 @@ check_kernel_parameters() {
         local disks=$(lsblk -nd -o NAME,TYPE 2>/dev/null | awk '$2=="disk" {print $1}')
         if [ -n "$disks" ]; then
             while IFS= read -r disk; do
-                local scheduler=$(cat /sys/block/$disk/queue/scheduler 2>/dev/null | grep -oP '\[\K[^\]]+')
-                local rotational=$(cat /sys/block/$disk/queue/rotational 2>/dev/null)
+                local scheduler=$(cat "/sys/block/$disk/queue/scheduler" 2>/dev/null | grep -oP '\[\K[^\]]+')
+                local rotational=$(cat "/sys/block/$disk/queue/rotational" 2>/dev/null)
 
                 if [ -n "$scheduler" ] && [ -n "$rotational" ]; then
                     # Check if scheduler is appropriate for disk type

tools/erase-toolkit-traces.sh

@@ -93,9 +93,9 @@ echo "  ✓ Auth logs cleaned"
 # Remove toolkit download artifacts
 echo "→ Removing download artifacts..."
 rm -f /root/toolkit.tar.gz 2>/dev/null
-rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
-rm -f /tmp/toolkit*.tar.gz 2>/dev/null
-rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
+rm -f /root/"Linux-Server-Management-Toolkit"*.tar.gz 2>/dev/null
+rm -f /tmp/"toolkit"*.tar.gz 2>/dev/null
+rm -f /tmp/"Linux-Server-Management-Toolkit"*.tar.gz 2>/dev/null
 echo "  ✓ Download artifacts removed"
 
 # Remove toolkit temp files