[Fix] PR #478 review: 3 bugs fixed, 4 false positives validated

rfxn · rfxn · commit fc3f2cbc381c · 2026-04-06T03:18:47.000-05:00
[Fix] lmd_hook.sh: world-writable detection used broken glob extraction
      (${_perms##*[0-9][0-9]} always returned empty); replaced with
      ${_perms: -1} for correct last-octal-digit extraction; pr#478
[Fix] lmd_scan.sh: write resolved worker count to scan.meta instead of
      raw "auto" config value; prevents invalid JSON in -L --format json
      output; pr#478
[Fix] lmd_session.sh: --report list --format tsv now returns explicit
      error instead of silent text fallback; TSV remains supported for
      --report active and --report hooks; pr#478
[Change] tests: 5 new BATS tests (WW-01..WW-04 hook validation,
         TSV list rejection); updated TSV acceptance test to use
         --report active; 971 -&gt; 976 tests
diff --git a/CHANGELOG b/CHANGELOG
@@ -124,6 +124,13 @@ v2.0.1 | Mar 25 2026:
 
   -- Bug Fixes --
 
+[Fix] Hook validation: world-writable detection used broken glob extraction that always
+      returned empty string; replaced with bash substring to correctly extract last octal
+      digit; pr#478
+[Fix] Scan lifecycle JSON: workers field emitted unquoted "auto" string producing invalid
+      JSON; now resolves to integer before writing scan.meta; pr#478
+[Fix] Report list: --format tsv silently returned text output; now returns explicit error
+      directing users to --report active for TSV output; pr#478
 [Fix] Background scans (-b): scan process recorded parent shell PID ($$) instead of
       actual forked PID (BASHPID); --kill/--pause/--stop targeted wrong process; scan.meta
       now stores ns_pid separately from pid for correct liveness/signal delivery
diff --git a/CHANGELOG.RELEASE b/CHANGELOG.RELEASE
@@ -124,6 +124,13 @@ v2.0.1 | Mar 25 2026:
 
   -- Bug Fixes --
 
+[Fix] Hook validation: world-writable detection used broken glob extraction that always
+      returned empty string; replaced with bash substring to correctly extract last octal
+      digit; pr#478
+[Fix] Scan lifecycle JSON: workers field emitted unquoted "auto" string producing invalid
+      JSON; now resolves to integer before writing scan.meta; pr#478
+[Fix] Report list: --format tsv silently returned text output; now returns explicit error
+      directing users to --report active for TSV output; pr#478
 [Fix] Background scans (-b): scan process recorded parent shell PID ($$) instead of
       actual forked PID (BASHPID); --kill/--pause/--stop targeted wrong process; scan.meta
       now stores ns_pid separately from pid for correct liveness/signal delivery
diff --git a/files/internals/lmd_hook.sh b/files/internals/lmd_hook.sh
@@ -81,7 +81,7 @@ _scan_hook_validate() {
 		fi
 
 		# World-writable: last octal digit has bit 2 set (2, 3, 6, 7)
-		_last_digit="${_perms##*[0-9][0-9]}"
+		_last_digit="${_perms: -1}"
 		case "$_last_digit" in
 			2|3|6|7)
 				eout "{hook} ERROR: post_scan_hook '$_hook_path' failed validation: world-writable"
@@ -101,7 +101,7 @@ _scan_hook_validate() {
 		else
 			_parent_perms=$("$stat" -c '%a' "$_parent" 2>/dev/null) || _parent_perms="" # stat may fail if parent was removed; safe to skip check
 		fi
-		local _parent_last="${_parent_perms##*[0-9][0-9]}"
+		local _parent_last="${_parent_perms: -1}"
 		case "$_parent_last" in
 			2|3|6|7)
 				eout "{hook} ERROR: post_scan_hook '$_hook_path' failed validation: parent directory is world-writable"
diff --git a/files/internals/lmd_scan.sh b/files/internals/lmd_scan.sh
@@ -1070,8 +1070,15 @@ scan() {
 		if [ "${string_length_scan:-0}" == "1" ]; then
 			_scan_stages="${_scan_stages},strlen"
 		fi
+		# Resolve worker count to integer for meta (ClamAV/clamdscan = 1 worker)
+		local _meta_wk
+		if [ "$_engine_type" = "native" ]; then
+			_meta_wk=$(_resolve_worker_count "$tot_files")
+		else
+			_meta_wk=1
+		fi
 		_lifecycle_write_meta "$scanid" "$_scan_pid" "$PPID" "$hrspath" \
-			"$tot_files" "${scan_workers:-auto}" "$_engine_type" \
+			"$tot_files" "$_meta_wk" "$_engine_type" \
 			"$_effective_hashtype" "$_scan_stages" \
 			"scan_clamscan=$scan_clamscan,scan_yara=$scan_yara,quarantine_hits=$quarantine_hits"
 	fi
diff --git a/files/internals/lmd_session.sh b/files/internals/lmd_session.sh
@@ -338,9 +338,9 @@ view_report() {
 	fi
 
 	# --- TSV format restriction ---
-	# TSV is only supported for list commands, not individual report rendering
-	if [ "${_report_format:-}" = "tsv" ] && [ "$rid" != "list" ] && [ "$rid" != "active" ] && [ "$rid" != "hooks" ]; then
-		echo "maldet($$): TSV format is only supported for list commands (--report list, --report active, -L)" >&2
+	# TSV is only supported for active/hooks list commands, not report list or individual reports
+	if [ "${_report_format:-}" = "tsv" ] && [ "$rid" != "active" ] && [ "$rid" != "hooks" ]; then
+		echo "maldet($$): TSV format is only supported for active and hooks list commands (--report active, -L, --report hooks)" >&2
 		return 1
 	fi
 
diff --git a/tests/39-lifecycle-list.bats b/tests/39-lifecycle-list.bats
@@ -291,12 +291,17 @@ EOF
 # --format tsv validator
 # ========================================================================
 
-@test "CLI: --format tsv is accepted without error" {
-    run "$LMD_INSTALL/maldet" --format tsv --report list 2>&1
+@test "CLI: --format tsv is accepted for active list" {
+    run "$LMD_INSTALL/maldet" --format tsv --report active 2>&1
     # Should NOT get "ERROR: --format requires text, json, or html"
     refute_output --partial "ERROR: --format requires"
 }
 
+@test "CLI: --format tsv rejected for report list" {
+    run "$LMD_INSTALL/maldet" --format tsv --report list 2>&1
+    assert_output --partial "TSV format is only supported"
+}
+
 @test "CLI: --format invalid is rejected" {
     run "$LMD_INSTALL/maldet" --format xml --report list 2>&1
     [ "$status" -ne 0 ]
diff --git a/tests/46-post-scan-hook.bats b/tests/46-post-scan-hook.bats
@@ -560,3 +560,82 @@ TOHEOF
     run grep '"hook_timeout"' "$AUDIT_LOG"
     assert_success
 }
+
+# ---------------------------------------------------------------------------
+# WW-01..WW-04: _scan_hook_validate world-writable checks (PR #478 Issue A)
+# ---------------------------------------------------------------------------
+
+@test "WW-01: world-writable hook file (chmod 777) rejected" {
+    local scan_dir
+    scan_dir=$(mktemp -d)
+    cp "$SAMPLES_DIR/eicar.com" "$scan_dir/"
+    local ww_hook="$TEST_DIR/ww-hook.sh"
+    cat > "$ww_hook" <<'WWEOF'
+#!/usr/bin/env bash
+echo "should not run"
+WWEOF
+    chmod 777 "$ww_hook"
+    lmd_set_config post_scan_hook "$ww_hook"
+    lmd_set_config post_scan_hook_exec "sync"
+    lmd_set_config post_scan_hook_min_hits "1"
+    run maldet -co scan_hashtype=md5 -a "$scan_dir"
+    rm -rf "$scan_dir"
+    # Hook must NOT have run — marker absent
+    [ ! -f "$HOOK_MARKER" ]
+    # Scan still completes (validation failure is not a scan error)
+    [ "$status" -ne 1 ]
+}
+
+@test "WW-02: world-writable parent directory rejected" {
+    local ww_parent
+    ww_parent=$(mktemp -d)
+    chmod 1777 "$ww_parent"
+    local ww_hook="$ww_parent/hook.sh"
+    cat > "$ww_hook" <<'WWEOF'
+#!/usr/bin/env bash
+echo "should not run"
+WWEOF
+    chmod 755 "$ww_hook"
+    local scan_dir
+    scan_dir=$(mktemp -d)
+    cp "$SAMPLES_DIR/eicar.com" "$scan_dir/"
+    lmd_set_config post_scan_hook "$ww_hook"
+    lmd_set_config post_scan_hook_exec "sync"
+    lmd_set_config post_scan_hook_min_hits "1"
+    run maldet -co scan_hashtype=md5 -a "$scan_dir"
+    rm -rf "$scan_dir" "$ww_parent"
+    [ ! -f "$HOOK_MARKER" ]
+    [ "$status" -ne 1 ]
+}
+
+@test "WW-03: non-world-writable hook (chmod 755) accepted" {
+    local scan_dir
+    scan_dir=$(mktemp -d)
+    cp "$SAMPLES_DIR/eicar.com" "$scan_dir/"
+    # HOOK_SCRIPT is already 755 from setup()
+    lmd_set_config post_scan_hook "$HOOK_SCRIPT"
+    lmd_set_config post_scan_hook_exec "sync"
+    lmd_set_config post_scan_hook_format "args"
+    lmd_set_config post_scan_hook_min_hits "1"
+    run maldet -co scan_hashtype=md5 -a "$scan_dir"
+    rm -rf "$scan_dir"
+    # Hook should have fired — marker present
+    [ -f "$HOOK_MARKER" ]
+}
+
+@test "WW-04: setuid mode (chmod 4755) accepted (not world-writable)" {
+    local scan_dir
+    scan_dir=$(mktemp -d)
+    cp "$SAMPLES_DIR/eicar.com" "$scan_dir/"
+    # Reuse HOOK_SCRIPT from setup() (writes to HOOK_MARKER), but set 4755
+    chmod 4755 "$HOOK_SCRIPT"
+    lmd_set_config post_scan_hook "$HOOK_SCRIPT"
+    lmd_set_config post_scan_hook_exec "sync"
+    lmd_set_config post_scan_hook_format "args"
+    lmd_set_config post_scan_hook_min_hits "1"
+    run maldet -co scan_hashtype=md5 -a "$scan_dir"
+    rm -rf "$scan_dir"
+    # 4755 is not world-writable -- hook should pass validation and fire
+    [ "$status" -ne 1 ]
+    [ -f "$HOOK_MARKER" ]
+}
