$shodan_cve_count on line 1781 is 0 but some stange error happens

nitefood / asn

ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server

MIT License

1.31k stars 159 forks source link

$shodan_cve_count on line 1781 is 0 but some stange error happens #26

Closed Slach closed 2 years ago

Slach commented 2 years ago

lot of errors integer expression expected .../usr/bin/asn: line 1781: [: 0

nitefood commented 2 years ago

can you give more details? How to reproduce? or do you get it in every run and for every target?

Slach commented 2 years ago

I just runbash ./asn auth.docker.io and got following output

nitefood commented 2 years ago

can you please also specify your OS and asn script version, so that I can try to reproduce the error? Don't seem to get it locally for that same target.

Slach commented 2 years ago

latest master asn checkout from github

os : WIndows10, CYGWIN bash --version GNU bash, version 4.4.12(3)-release (x86_64-unknown-cygwin)

inside WSL2 ubuntu GNU bash, version 5.0.17(1)-release (x86_64-pc-linux-gnu) all looks good

nitefood commented 2 years ago

Tried replicating but apparently I can't. I guess somehow the script isn't seeing that "0" as an integer, not sure why since that's the output from jq's length function and I doubt it could be anything but a number.

Anyway, try changing -ne 0 to != "0".

If that works, then please try running a lookup for a vulnerable host (for example asn -n 51.68.143.212), you should see an error on line 1782 (where another integer comparison is made, specifically -gt 1). If that happens, try changing that comparison to != "1" (which is conceptually equivalent in that specific point), that should fix it.

Let me know.

Slach commented 2 years ago

Yes you are right, the following patch works fine:

--- asn 2022-03-29 19:32:38.428967200 +0500                                                                                                                                                         
+++ asn.new      2022-03-29 19:31:24.267970000 +0500                                                                                                                                                 
@@ -1778,8 +1778,8 @@                                                                                                                                                                                                                                                                                                                                                                                                   
                # fetch Shodan CVE count                                                                                                                                                                            
                ip_shodan_cve_data=""
-               if [ -n "$shodan_cve_count" ] && [ "$shodan_cve_count" -ne 0 ]; then
-                       [[ "$shodan_cve_count" -gt 1 ]] && vulntext="VULNERABILITIES" || vulntext="VULNERABILITY"
+               if [ -n "$shodan_cve_count" ] && [ "$shodan_cve_count" != "0" ]; then
+                       [[ "$shodan_cve_count" != "1" ]] && vulntext="VULNERABILITIES" || vulntext="VULNERABILITY"
                    ip_shodan_cve_data+=" ${redbg} $shodan_cve_count $vulntext FOUND ${default} (check "
                    [[ "$IS_ASN_CHILD" = true ]] && ip_shodan_cve_data+="<a href=\"https://internetdb.shodan.io/$1\" target=\"_blank\" \">Shodan</a>)" || ip_shodan_cve_data+="https://internetdb.shodan.io/$1)"
                fi