CRITICAL FIXES:
1. Add missing initialize_system_detection() call (launcher.sh)
- System detection was never initialized before building reference database
- This caused all SYS_* variables to be empty
- Fixed blank system detection output issue reported on Alma 8
2. Fix all unsafe read statements (launcher.sh - 10+ occurrences)
- Changed all 'read -r choice' to use /dev/tty with error handling
- Prevents crashes when stdin is piped (curl | bash)
- Prevents unexpected SSH session termination
- Gracefully returns instead of exiting
3. Fix remaining read -p statements (launcher.sh)
- Added </dev/tty and error suppression to startup and exit prompts
- Prevents hangs when terminal not available
SECURITY FIXES:
4. Fix SQL injection in database queries (reference-db.sh)
- Escape database names with backticks: WHERE table_schema=`$db`
- Prevents malicious database names from breaking SQL
5. Fix password exposure in process listings (reference-db.sh)
- Use MYSQL_PWD environment variable instead of command line
- Credentials no longer visible in ps aux output
- Added cleanup with unset MYSQL_PWD
6. Fix race condition in temp directory creation (common-functions.sh)
- Changed from mkdir -p to mktemp -d
- Secure permissions (0700) and unpredictable naming
- Prevents TOCTOU attacks
All changes validated with bash -n syntax checks
Production launcher now matches/exceeds beta stability
PREVENTION STRATEGY for "echo without -e" bug:
1. NEW HELPER FUNCTION - cecho()
- Added to lib/common-functions.sh (lines 100-115)
- Wrapper around echo -e for colored output
- Clear documentation with examples
- Usage: cecho "${BOLD}Text${NC}" instead of echo -e
2. COMPREHENSIVE CODING GUIDELINES
- Created CODING_GUIDELINES.md
- Documents the echo -e color bug with examples
- Prevention rules and quick reference table
- Search command to find potential issues
- Pre-commit checklist for developers
- Performance guidelines (subprocess elimination)
3. DOCUMENTATION INCLUDES:
- Why the bug happens (escape sequences not interpreted)
- How to identify it (grep pattern)
- How to fix it (echo -e or cecho)
- When to use each approach
- Historical context (commit 7053b3b)
BENEFITS:
- Future developers can reference guidelines
- cecho() provides cleaner, safer API
- Search pattern helps audit existing code
- Reduces recurring "This happens a lot" issues
USER FEEDBACK ADDRESSED:
User: "This happens a lot with you. is there a way for us to avoid this in the future?"
Answer: Yes - cecho() helper + guidelines document + search pattern
- Complete security menu restructure (3-mode: Analysis/Actions/Live)
- Intelligent cPHulk enablement with CSF whitelist import
- Live network security monitoring dashboard
- Multi-source threat detection and classification
- 50+ organized security tools across 4-level menu hierarchy
- System health diagnostics with cPanel/WHM integration
- Reference database for cross-module intelligence sharing
cschantz