Skip to content

Commit 2edbfd6

Browse files
BulletdevBulletdev
committed
fix: solve shell issues
1 parent 391fffd commit 2edbfd6

26 files changed

+105
-100
lines changed

.pentest/front/check-security-headers.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ TARGET="${1:-https://prostaff.gg}"
77

88
GREEN='\033[0;32m'
99
RED='\033[0;31m'
10-
YELLOW='\033[1;33m'
10+
YELLOW='\033[1;33m' # shellcheck disable=SC2034
1111
CYAN='\033[0;36m'
1212
NC='\033[0m'
1313

.pentest/front/check-sri.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,7 @@ while IFS= read -r JS_FILE; do
194194
# Verifica comentario sourceMappingURL no fim do JS
195195
JS_TAIL=$(curl -sL "${JS_URL}" --max-time 10 2>/dev/null | tail -c 200)
196196
if echo "$JS_TAIL" | grep -q "sourceMappingURL"; then
197-
MAP_FILE=$(echo "$JS_TAIL" | grep -oP "(?<=sourceMappingURL=)[^\s]+")
197+
MAP_FILE=$(echo "$JS_TAIL" | grep -oP "(?<=sourceMappingURL=)[^\s]+") # shellcheck disable=SC2034
198198
# Tenta acessar o .map
199199
MAP_URL="${JS_URL%.*}.map"
200200
MAP_CODE=$(curl -sI "${MAP_URL}" --max-time 5 2>/dev/null | head -1 | grep -oP '[0-9]{3}' | head -1)

.pentest/scripts/02_auth_fingerprint.sh

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ set -euo pipefail
2020
# ---------------------------------------------------------------------------
2121
# Configuration
2222
# ---------------------------------------------------------------------------
23-
BASE_URL="http://localhost:3333"
23+
BASE_URL="http://localhost:3333" # shellcheck disable=SC2034
2424
API="http://localhost:3333/api/v1"
2525
TEST_EMAIL="test@prostaff.gg"
2626
TEST_PASSWORD="Test123!@#"
@@ -107,7 +107,7 @@ auth_request() {
107107
cat "${tmp_headers}" 2>/dev/null || echo "(none)"
108108
echo ""
109109
echo "--- Response Body ---"
110-
cat "${tmp_body}" 2>/dev/null | python3 -m json.tool 2>/dev/null || cat "${tmp_body}" 2>/dev/null || echo "(empty)"
110+
python3 -m json.tool 2>/dev/null < "${tmp_body}" || cat "${tmp_body}" 2>/dev/null || echo "(empty)"
111111

112112
rm -f "${tmp_headers}" "${tmp_body}"
113113

@@ -162,12 +162,12 @@ print(f'{avg:.4f}')
162162

163163
echo " Average: ${avg}s"
164164
# Store for comparison
165-
TIMING_RESULT_LABEL="${label}"
165+
TIMING_RESULT_LABEL="${label}" # shellcheck disable=SC2034
166166
TIMING_RESULT_AVG="${avg}"
167167
}
168168

169-
AUTH_LAST_CODE=""
170-
AUTH_LAST_TIME=""
169+
AUTH_LAST_CODE="" # shellcheck disable=SC2034
170+
AUTH_LAST_TIME="" # shellcheck disable=SC2034
171171
VALID_TOKEN=""
172172

173173
# ===========================================================================
@@ -199,9 +199,9 @@ VALID_HTTP=$(curl -s \
199199
echo "HTTP Status: ${VALID_HTTP}"
200200
echo ""
201201
echo "--- Full Response ---"
202-
cat "${TMP_VALID_RESP}" | python3 -m json.tool 2>/dev/null || cat "${TMP_VALID_RESP}"
202+
python3 -m json.tool 2>/dev/null < "${TMP_VALID_RESP}" || cat "${TMP_VALID_RESP}"
203203

204-
VALID_TOKEN=$(cat "${TMP_VALID_RESP}" | python3 -c "
204+
VALID_TOKEN=$(python3 -c "
205205
import sys, json
206206
try:
207207
d = json.load(sys.stdin)
@@ -214,7 +214,7 @@ try:
214214
print(token)
215215
except Exception:
216216
pass
217-
" 2>/dev/null) || VALID_TOKEN=""
217+
" 2>/dev/null < "${TMP_VALID_RESP}") || VALID_TOKEN=""
218218

219219
rm -f "${TMP_VALID_RESP}"
220220

@@ -379,7 +379,7 @@ FORM_CODE=$(curl -s \
379379
-d "email=${TEST_EMAIL}&password=${TEST_PASSWORD}" \
380380
2>/dev/null) || FORM_CODE="CURL_ERROR"
381381
echo "HTTP Status: ${FORM_CODE}"
382-
cat "${TMP_FORM}" | python3 -m json.tool 2>/dev/null || cat "${TMP_FORM}"
382+
python3 -m json.tool 2>/dev/null < "${TMP_FORM}" || cat "${TMP_FORM}"
383383
rm -f "${TMP_FORM}"
384384

385385
# ---------------------------------------------------------------------------
@@ -422,9 +422,9 @@ info "This test collects response times to detect whether the server processes"
422422
info "valid vs invalid emails differently (constant-time comparison check)."
423423
echo ""
424424

425-
T1_TIMES=()
426-
T2_TIMES=()
427-
T3_TIMES=()
425+
T1_TIMES=() # shellcheck disable=SC2034
426+
T2_TIMES=() # shellcheck disable=SC2034
427+
T3_TIMES=() # shellcheck disable=SC2034
428428

429429
collect_timing "Valid email, wrong password" "${TEST_EMAIL}" "${WRONG_PASSWORD}" "${TIMING_SAMPLES}"
430430
T1_AVG="${TIMING_RESULT_AVG}"
@@ -490,7 +490,7 @@ REG_CODE=$(curl -s \
490490
2>/dev/null) || REG_CODE="CURL_ERROR"
491491
echo "HTTP Status: ${REG_CODE}"
492492
echo "(A distinct error for 'email taken' vs generic error leaks user enumeration)"
493-
cat "${TMP_REG}" | python3 -m json.tool 2>/dev/null || cat "${TMP_REG}"
493+
python3 -m json.tool 2>/dev/null < "${TMP_REG}" || cat "${TMP_REG}"
494494
rm -f "${TMP_REG}"
495495

496496
# ---------------------------------------------------------------------------

.pentest/scripts/03_jwt_attacks.sh

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ set -euo pipefail
2424
# ---------------------------------------------------------------------------
2525
# Configuration
2626
# ---------------------------------------------------------------------------
27-
BASE_URL="http://localhost:3333"
27+
BASE_URL="http://localhost:3333" # shellcheck disable=SC2034
2828
API="http://localhost:3333/api/v1"
2929
TEST_EMAIL="test@prostaff.gg"
3030
TEST_PASSWORD="Test123!@#"
@@ -34,7 +34,7 @@ OUTPUT_FILE="${SNAPSHOT_DIR}/jwt_attacks_${TIMESTAMP}.txt"
3434

3535
# Target endpoint for token testing (requires auth)
3636
TARGET="${API}/dashboard"
37-
TARGET_ALT="${API}/players"
37+
TARGET_ALT="${API}/players" # shellcheck disable=SC2034
3838

3939
# ---------------------------------------------------------------------------
4040
# Colors
@@ -115,7 +115,7 @@ test_token() {
115115
echo "HTTP STATUS: ${http_code}"
116116
echo ""
117117
echo "--- Response Body ---"
118-
cat "${tmp_body}" | python3 -m json.tool 2>/dev/null || cat "${tmp_body}"
118+
python3 -m json.tool 2>/dev/null < "${tmp_body}" || cat "${tmp_body}"
119119
echo ""
120120

121121
if [ "${http_code}" == "200" ]; then
@@ -154,7 +154,7 @@ test_auth_header() {
154154
2>/dev/null) || http_code="CURL_ERROR"
155155

156156
echo "HTTP STATUS: ${http_code}"
157-
cat "${tmp_body}" | python3 -m json.tool 2>/dev/null || cat "${tmp_body}"
157+
python3 -m json.tool 2>/dev/null < "${tmp_body}" || cat "${tmp_body}"
158158
echo ""
159159

160160
if [ "${http_code}" == "200" ]; then
@@ -187,7 +187,7 @@ if [ "${LOGIN_CODE}" != "200" ] && [ "${LOGIN_CODE}" != "201" ]; then
187187
VALID_TOKEN="INVALID_LOGIN_PLACEHOLDER"
188188
REFRESH_TOKEN=""
189189
else
190-
VALID_TOKEN=$(cat "${TMP_LOGIN}" | python3 -c "
190+
VALID_TOKEN=$(python3 -c "
191191
import sys, json
192192
try:
193193
d = json.load(sys.stdin)
@@ -199,9 +199,9 @@ try:
199199
print(token)
200200
except Exception:
201201
pass
202-
" 2>/dev/null) || VALID_TOKEN=""
202+
" 2>/dev/null < "${TMP_LOGIN}") || VALID_TOKEN=""
203203

204-
REFRESH_TOKEN=$(cat "${TMP_LOGIN}" | python3 -c "
204+
REFRESH_TOKEN=$(python3 -c "
205205
import sys, json
206206
try:
207207
d = json.load(sys.stdin)
@@ -211,7 +211,7 @@ try:
211211
print(rt)
212212
except Exception:
213213
pass
214-
" 2>/dev/null) || REFRESH_TOKEN=""
214+
" 2>/dev/null < "${TMP_LOGIN}") || REFRESH_TOKEN=""
215215
fi
216216

217217
rm -f "${TMP_LOGIN}"
@@ -491,9 +491,9 @@ log_sep
491491
TMP_NOAUTH="$(mktemp)"
492492
NOAUTH_CODE=$(curl -s -o "${TMP_NOAUTH}" -w "%{http_code}" --max-time 10 "${TARGET}" 2>/dev/null) || NOAUTH_CODE="error"
493493
echo "HTTP STATUS: ${NOAUTH_CODE}"
494-
cat "${TMP_NOAUTH}" | python3 -m json.tool 2>/dev/null || cat "${TMP_NOAUTH}"
494+
python3 -m json.tool 2>/dev/null < "${TMP_NOAUTH}" || cat "${TMP_NOAUTH}"
495495
rm -f "${TMP_NOAUTH}"
496-
[ "${NOAUTH_CODE}" == "401" ] && ok "Correctly requires auth (401)" || finding "Returned ${NOAUTH_CODE} without any token"
496+
if [ "${NOAUTH_CODE}" == "401" ]; then ok "Correctly requires auth (401)"; else finding "Returned ${NOAUTH_CODE} without any token"; fi
497497

498498
test_auth_header "Empty Authorization header" ""
499499
test_auth_header "Authorization: Bearer (no token)" "Bearer "
@@ -546,7 +546,7 @@ if [ -n "${VALID_TOKEN}" ]; then
546546
-H "Content-Type: application/json" \
547547
2>/dev/null) || LOGOUT_CODE="error"
548548
echo "Logout HTTP Status: ${LOGOUT_CODE}"
549-
cat "${TMP_LOGOUT}" | python3 -m json.tool 2>/dev/null || cat "${TMP_LOGOUT}"
549+
python3 -m json.tool 2>/dev/null < "${TMP_LOGOUT}" || cat "${TMP_LOGOUT}"
550550
rm -f "${TMP_LOGOUT}"
551551

552552
# Now try to use the refresh token to get a new access token
@@ -564,7 +564,7 @@ if [ -n "${VALID_TOKEN}" ]; then
564564
-d "{\"refresh_token\":\"${REFRESH_TOKEN}\"}" \
565565
2>/dev/null) || REFRESH_CODE="error"
566566
echo "Refresh after logout HTTP Status: ${REFRESH_CODE}"
567-
cat "${TMP_REFRESH}" | python3 -m json.tool 2>/dev/null || cat "${TMP_REFRESH}"
567+
python3 -m json.tool 2>/dev/null < "${TMP_REFRESH}" || cat "${TMP_REFRESH}"
568568
rm -f "${TMP_REFRESH}"
569569

570570
if [ "${REFRESH_CODE}" == "200" ]; then
@@ -589,7 +589,7 @@ if [ -n "${VALID_TOKEN}" ]; then
589589
"${TARGET}" \
590590
2>/dev/null) || POSTLOGOUT_CODE="error"
591591
echo "HTTP STATUS: ${POSTLOGOUT_CODE}"
592-
cat "${TMP_POSTLOGOUT}" | python3 -m json.tool 2>/dev/null || cat "${TMP_POSTLOGOUT}"
592+
python3 -m json.tool 2>/dev/null < "${TMP_POSTLOGOUT}" || cat "${TMP_POSTLOGOUT}"
593593
rm -f "${TMP_POSTLOGOUT}"
594594

595595
if [ "${POSTLOGOUT_CODE}" == "200" ]; then

.pentest/scripts/04_org_isolation.sh

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ set -euo pipefail
3030
# ---------------------------------------------------------------------------
3131
# Configuration
3232
# ---------------------------------------------------------------------------
33-
BASE_URL="http://localhost:3333"
33+
BASE_URL="http://localhost:3333" # shellcheck disable=SC2034
3434
API="http://localhost:3333/api/v1"
3535
TEST_EMAIL="test@prostaff.gg"
3636
TEST_PASSWORD="Test123!@#"
@@ -82,7 +82,7 @@ get_token() {
8282
-d "{\"email\":\"${TEST_EMAIL}\",\"password\":\"${TEST_PASSWORD}\"}" \
8383
2>/dev/null) || code="error"
8484

85-
TOKEN=$(cat "${tmp}" | python3 -c "
85+
TOKEN=$(python3 -c "
8686
import sys, json
8787
try:
8888
d = json.load(sys.stdin)
@@ -92,7 +92,7 @@ try:
9292
print(t)
9393
except Exception:
9494
pass
95-
" 2>/dev/null) || TOKEN=""
95+
" 2>/dev/null < "${tmp}") || TOKEN=""
9696

9797
rm -f "${tmp}"
9898

@@ -227,7 +227,7 @@ if [ "${#OWN_PLAYER_IDS[@]}" -gt 0 ]; then
227227
result=$(authenticated_get "${API}/players/${pid}")
228228
code="${result%%|*}"
229229
echo " GET /players/${pid} -> HTTP ${code}"
230-
[ "${code}" == "200" ] && ok "Own resource accessible (expected)" || warn "Unexpected ${code} for own resource"
230+
if [ "${code}" == "200" ]; then ok "Own resource accessible (expected)"; else warn "Unexpected ${code} for own resource"; fi
231231
done
232232
else
233233
warn "No own player IDs to verify baseline"
@@ -365,19 +365,19 @@ for body in "${ORG_OVERRIDE_BODIES[@]}"; do
365365
-d "${body}" \
366366
2>/dev/null) || CODE="error"
367367
echo "HTTP STATUS: ${CODE}"
368-
cat "${TMP_BODY_RESP}" | python3 -m json.tool 2>/dev/null || cat "${TMP_BODY_RESP}"
368+
python3 -m json.tool 2>/dev/null < "${TMP_BODY_RESP}" || cat "${TMP_BODY_RESP}"
369369
rm -f "${TMP_BODY_RESP}"
370370

371371
if [ "${CODE}" == "200" ] || [ "${CODE}" == "201" ]; then
372-
CREATED_ORG=$(cat "${TMP_BODY_RESP}" 2>/dev/null | python3 -c "
372+
CREATED_ORG=$(python3 -c "
373373
import sys, json
374374
try:
375375
d = json.load(sys.stdin)
376376
item = d.get('data', d)
377377
print('org_id:', item.get('org_id', item.get('organization_id', 'NOT_IN_RESPONSE')))
378378
except Exception:
379379
pass
380-
" 2>/dev/null) || true
380+
" 2>/dev/null < "${TMP_BODY_RESP}" 2>/dev/null) || true
381381
echo "Created resource org: ${CREATED_ORG}"
382382
if echo "${CREATED_ORG}" | grep -qE ':\s*1$'; then
383383
finding "Resource created with org_id=1 via body override - mass assignment vulnerability!"

.pentest/scripts/05_rbac_probe.sh

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ set -euo pipefail
2626
# ---------------------------------------------------------------------------
2727
# Configuration
2828
# ---------------------------------------------------------------------------
29-
BASE_URL="http://localhost:3333"
29+
BASE_URL="http://localhost:3333" # shellcheck disable=SC2034
3030
API="http://localhost:3333/api/v1"
3131
TEST_EMAIL="test@prostaff.gg"
3232
TEST_PASSWORD="Test123!@#"
@@ -71,7 +71,7 @@ get_token() {
7171
-d "{\"email\":\"${TEST_EMAIL}\",\"password\":\"${TEST_PASSWORD}\"}" \
7272
2>/dev/null) || code="error"
7373

74-
TOKEN=$(cat "${tmp}" | python3 -c "
74+
TOKEN=$(python3 -c "
7575
import sys, json
7676
try:
7777
d = json.load(sys.stdin)
@@ -81,7 +81,7 @@ try:
8181
print(t)
8282
except Exception:
8383
pass
84-
" 2>/dev/null) || TOKEN=""
84+
" 2>/dev/null < "${tmp}") || TOKEN=""
8585
rm -f "${tmp}"
8686

8787
if [ -z "${TOKEN}" ]; then
@@ -224,7 +224,7 @@ curl -s -o "${TMP_LIST}" --max-time 10 \
224224
-H "Authorization: Bearer ${TOKEN}" \
225225
"${API}/players" 2>/dev/null || true
226226

227-
PLAYER_ID_FOR_DELETE=$(cat "${TMP_LIST}" | python3 -c "
227+
PLAYER_ID_FOR_DELETE=$(python3 -c "
228228
import sys, json
229229
try:
230230
d = json.load(sys.stdin)
@@ -237,15 +237,15 @@ try:
237237
print('1')
238238
except Exception:
239239
print('1')
240-
" 2>/dev/null) || PLAYER_ID_FOR_DELETE="1"
240+
" 2>/dev/null < "${TMP_LIST}") || PLAYER_ID_FOR_DELETE="1"
241241
rm -f "${TMP_LIST}"
242242

243243
TMP_MLIST="$(mktemp)"
244244
curl -s -o "${TMP_MLIST}" --max-time 10 \
245245
-H "Authorization: Bearer ${TOKEN}" \
246246
"${API}/matches" 2>/dev/null || true
247247

248-
MATCH_ID_FOR_DELETE=$(cat "${TMP_MLIST}" | python3 -c "
248+
MATCH_ID_FOR_DELETE=$(python3 -c "
249249
import sys, json
250250
try:
251251
d = json.load(sys.stdin)
@@ -258,7 +258,7 @@ try:
258258
print('1')
259259
except Exception:
260260
print('1')
261-
" 2>/dev/null) || MATCH_ID_FOR_DELETE="1"
261+
" 2>/dev/null < "${TMP_MLIST}") || MATCH_ID_FOR_DELETE="1"
262262
rm -f "${TMP_MLIST}"
263263

264264
info "Using Player ID ${PLAYER_ID_FOR_DELETE} and Match ID ${MATCH_ID_FOR_DELETE} for delete tests"
@@ -379,9 +379,9 @@ OVERRIDE_CODE=$(curl -s -o "${TMP_OVERRIDE}" -w "%{http_code}" --max-time 10 \
379379
"${API}/players/${PLAYER_ID_FOR_DELETE}" \
380380
2>/dev/null) || OVERRIDE_CODE="error"
381381
echo "STATUS : ${OVERRIDE_CODE}"
382-
cat "${TMP_OVERRIDE}" | python3 -m json.tool 2>/dev/null || cat "${TMP_OVERRIDE}"
382+
python3 -m json.tool 2>/dev/null < "${TMP_OVERRIDE}" || cat "${TMP_OVERRIDE}"
383383
rm -f "${TMP_OVERRIDE}"
384-
[ "${OVERRIDE_CODE}" == "200" ] && finding "Method override succeeded - DELETE via POST!" || ok "HTTP ${OVERRIDE_CODE} - method override not accepted"
384+
if [ "${OVERRIDE_CODE}" == "200" ]; then finding "Method override succeeded - DELETE via POST!"; else ok "HTTP ${OVERRIDE_CODE} - method override not accepted"; fi
385385

386386
# _method param in body
387387
echo ""
@@ -396,9 +396,9 @@ MP_CODE=$(curl -s -o "${TMP_METHOD_PARAM}" -w "%{http_code}" --max-time 10 \
396396
"${API}/players/${PLAYER_ID_FOR_DELETE}" \
397397
2>/dev/null) || MP_CODE="error"
398398
echo "STATUS : ${MP_CODE}"
399-
cat "${TMP_METHOD_PARAM}" | python3 -m json.tool 2>/dev/null || cat "${TMP_METHOD_PARAM}"
399+
python3 -m json.tool 2>/dev/null < "${TMP_METHOD_PARAM}" || cat "${TMP_METHOD_PARAM}"
400400
rm -f "${TMP_METHOD_PARAM}"
401-
[ "${MP_CODE}" == "200" ] && finding "_method=DELETE override succeeded!" || ok "HTTP ${MP_CODE} - _method param not honored"
401+
if [ "${MP_CODE}" == "200" ]; then finding "_method=DELETE override succeeded!"; else ok "HTTP ${MP_CODE} - _method param not honored"; fi
402402

403403
# X-HTTP-Method-Override: PATCH for escalation
404404
probe_post "POST with X-HTTP-Method-Override: PATCH" \
@@ -422,10 +422,10 @@ RE_CODE=$(curl -s -o "${TMP_ROLE_ESC}" -w "%{http_code}" --max-time 10 \
422422
"${API}/auth/me" \
423423
2>/dev/null) || RE_CODE="error"
424424
echo "PATCH /auth/me with role=admin -> HTTP ${RE_CODE}"
425-
cat "${TMP_ROLE_ESC}" | python3 -m json.tool 2>/dev/null || cat "${TMP_ROLE_ESC}"
425+
python3 -m json.tool 2>/dev/null < "${TMP_ROLE_ESC}" || cat "${TMP_ROLE_ESC}"
426426
rm -f "${TMP_ROLE_ESC}"
427427

428-
[ "${RE_CODE}" == "200" ] && finding "Role escalation via PATCH /auth/me succeeded!" || ok "HTTP ${RE_CODE} - role escalation rejected"
428+
if [ "${RE_CODE}" == "200" ]; then finding "Role escalation via PATCH /auth/me succeeded!"; else ok "HTTP ${RE_CODE} - role escalation rejected"; fi
429429

430430
# Attempt role escalation on player endpoint
431431
TMP_PLAYER_ESC="$(mktemp)"
@@ -437,10 +437,10 @@ PE_CODE=$(curl -s -o "${TMP_PLAYER_ESC}" -w "%{http_code}" --max-time 10 \
437437
"${API}/players/${PLAYER_ID_FOR_DELETE}" \
438438
2>/dev/null) || PE_CODE="error"
439439
echo "PATCH /players/${PLAYER_ID_FOR_DELETE} with role=admin -> HTTP ${PE_CODE}"
440-
cat "${TMP_PLAYER_ESC}" | python3 -m json.tool 2>/dev/null || cat "${TMP_PLAYER_ESC}"
440+
python3 -m json.tool 2>/dev/null < "${TMP_PLAYER_ESC}" || cat "${TMP_PLAYER_ESC}"
441441
rm -f "${TMP_PLAYER_ESC}"
442442

443-
[ "${PE_CODE}" == "200" ] && finding "Role escalation via player PATCH succeeded!" || ok "HTTP ${PE_CODE}"
443+
if [ "${PE_CODE}" == "200" ]; then finding "Role escalation via player PATCH succeeded!"; else ok "HTTP ${PE_CODE}"; fi
444444

445445
# ===========================================================================
446446
# 8. Pundit-specific bypasses

0 commit comments

Comments
 (0)