cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix 3 HIGH issues with parameter validation + QA improvements

Browse Source 
PARAMETER VALIDATION FIXES (3 functions):
1. lib/common-functions.sh:238 - command_exists()
   - Added [ -z "$1" ] && return 1

2. lib/php-detector.sh:284 - get_fpm_memory_usage()
   - Added [ -z "$1" ] && return 1

3. lib/user-manager.sh:271 - get_interworx_user_domains()
   - Added [ -z "$1" ] && return 1

QA SCRIPT IMPROVEMENTS:
- tools/toolkit-qa-check.sh: Filter out AWK/sed field references
  - Problem: $1 in awk '{print $1}' was detected as bash parameter
  - Solution: grep -v 'awk\|sed' before checking for $1-9
  - Impact: Eliminates 7 false positives from functions with no params

FALSE POSITIVES ELIMINATED:
- is_server_stressed() - $1 was from awk command
- calculate_server_memory_capacity() - $2 was from awk command
- calculate_balanced_memory_allocation() - $2 was from awk command
- list_cpanel_users() - no parameters
- list_interworx_users() - no parameters
- list_system_users() - no parameters
- press_enter() - $1 was from neighboring function

IMPACT:
HIGH issues: 10 → 10 (fixed 3, eliminated 7 FPs, but 10 new remain)
Need to improve QA script further to extract exact function bodies
This commit is contained in:
cschantz
2025-12-04 16:41:03 -05:00
parent ca2ba660c6
commit b39a382834
4 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/toolkit-qa-check.sh
+5 -3
View File
@@ -471,8 +471,11 @@ while read -r file; do
# Get function name
func_name=$(echo "$func_line" | sed 's/^\s*//; s/(.*$//')
# Check if function uses parameters
if grep -A 20 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -q '\$[1-9]'; then
# Check if function uses parameters (exclude AWK/sed field references)
# Get function body and filter out awk/sed commands before checking for $1-9
func_body=$(grep -A 20 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -v 'awk\|sed' || true)
if echo "$func_body" | grep -q '\$[1-9]'; then
# Skip if uses safe default pattern: ${1:-default}
if grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\$\{[1-9]:-'; then
continue
@@ -480,7 +483,6 @@ while read -r file; do
# Skip if function doesn't actually use positional params (only uses local vars)
# Check first 10 lines of function - if all $1-9 are in local declarations only, skip
func_body=$(grep -A 10 "^[[:space:]]*$func_name()" "$file" 2>/dev/null)
if ! echo "$func_body" | grep -v "local.*=" | grep -q '\$[1-9]'; then
continue
fi