From b0873bbf1337885b3d07be9f1293265472c68023 Mon Sep 17 00:00:00 2001
From: Developer <dev@localhost>
Date: Thu, 23 Apr 2026 22:12:20 -0400
Subject: [PATCH] Fix: Remove regex anchor from attack_type grep pattern

The pattern was using grep -F with || which is correct for
fixed-string matching in pipe-delimited format. Removed the second grep
with the problematic $ anchor since we're already matching the full
pipe-delimited field.
---
 modules/security/bot-analyzer.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index 448ac5d..c20a05f 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1036,7 +1036,7 @@ detect_threats() {
 
         # Breakdown by attack type
         for attack_type in sqli xss path_traversal rce_upload info_disclosure login_bruteforce; do
-            grep -F "|$attack_type" "$TEMP_DIR/attack_vectors_raw.txt" 2>/dev/null | grep -F "|$attack_type$" | \
+            grep -F "|$attack_type|" "$TEMP_DIR/attack_vectors_raw.txt" 2>/dev/null | \
                 awk -F'|' '{print $1"|"$2"|"$3"|"$4}' | \
                 sort | uniq -c | sort -rn > "$TEMP_DIR/${attack_type}_attempts.txt" || true
         done