SCOPE: Major bug affecting analyze_domain_threats() and detect_threats() functions
ROOT CAUSE:
All file output operations in awk blocks were using broken quote syntax:
> "'""'/file.txt"
This created filenames with literal single quote characters, causing awk to
fail when trying to open files. The script would exit silently with set -eo pipefail.
BROKEN FUNCTIONS:
1. detect_threats() - 12 file redirections (lines 940, 948, 956, 966, 982, 988, 993, 1003, 1009, 1014, 1020, 1024)
2. analyze_domain_threats() - 5+ redirections and getline operations (lines 3196, 3203, 3206, 3210, 3229, 3233, 3245, 3249)
3. analyze_headers(), analyze_entry_points(), analyze_url_entropy(), analyze_request_timing(), detect_false_positives() - additional issues
FIX:
- Added -v tmpdir="$TEMP_DIR" to awk invocations
- Replaced all broken file paths with simple tmpdir concatenation
- Pattern change: "'""'/file.txt" → tmpdir "/file.txt"
- Total 21 broken redirections fixed in one sweep using sed
IMPACT:
- detect_threats() now properly outputs to attack_vectors_raw.txt, admin_probes_raw.txt, etc.
- analyze_domain_threats() now properly outputs to domain_threats.txt, domain_high_risk_ips.txt
- Full threat detection pipeline can now complete
- Analysis sections in report will now populate correctly
VERIFIED:
- Syntax check passed (bash -n)
- No remaining broken quote patterns found
- All file paths now use tmpdir variable correctly
Developer
8477c8d7e1