ShellCheck Lint: Fix All Reported Issues in Service Scripts

.devcontainer/Dockerfile

@@ -64,7 +64,6 @@ ENV LOG_IP_CHANGES=${NETALERTX_LOG}/IP_changes.log
 ENV LOG_APP=${NETALERTX_LOG}/app.log
 ENV LOG_APP_FRONT=${NETALERTX_LOG}/app_front.log
 ENV LOG_REPORT_OUTPUT_TXT=${NETALERTX_LOG}/report_output.txt
-ENV LOG_CRON=${NETALERTX_LOG}/supercronic
 ENV LOG_DB_IS_LOCKED=${NETALERTX_LOG}/db_is_locked.log
 ENV LOG_REPORT_OUTPUT_HTML=${NETALERTX_LOG}/report_output.html
 ENV LOG_STDERR=${NETALERTX_LOG}/stderr.log
@@ -246,7 +245,7 @@ USER root
 # Install common tools, create user, and set up sudo
 RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest \
     pytest-cov zsh alpine-zsh-config shfmt github-cli py3-yaml py3-docker-py docker-cli docker-cli-buildx \
-    docker-cli-compose
+    docker-cli-compose shellcheck
 
 RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \
     cp -a /usr/lib/php83/modules/. /services/php/modules/ && \

.devcontainer/devcontainer.json

@@ -75,7 +75,8 @@
         "alexcvzz.vscode-sqlite",
         "mkhl.shfmt",
         "charliermarsh.ruff",
-        "ms-python.flake8"
+        "ms-python.flake8",
+        "timonwong.shellcheck"
       ],
       "settings": {
         "terminal.integrated.cwd": "${containerWorkspaceFolder}",

.devcontainer/resources/devcontainer-Dockerfile

@@ -22,7 +22,7 @@ USER root
 # Install common tools, create user, and set up sudo
 RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest \
     pytest-cov zsh alpine-zsh-config shfmt github-cli py3-yaml py3-docker-py docker-cli docker-cli-buildx \
-    docker-cli-compose
+    docker-cli-compose shellcheck
 
 RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \
     cp -a /usr/lib/php83/modules/. /services/php/modules/ && \

.devcontainer/scripts/generate-configs.sh

@@ -7,27 +7,28 @@
 # the final .devcontainer/Dockerfile used by the devcontainer.
 
 echo "Generating .devcontainer/Dockerfile"
-SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+SCRIPT_PATH=$(set -- "$0"; dirname -- "$1")
+SCRIPT_DIR=$(cd "$SCRIPT_PATH" && pwd -P)
 DEVCONTAINER_DIR="${SCRIPT_DIR%/scripts}"
 ROOT_DIR="${DEVCONTAINER_DIR%/.devcontainer}"
 
 OUT_FILE="${DEVCONTAINER_DIR}/Dockerfile"
 
-echo "Adding base Dockerfile from $ROOT_DIR..." 
+echo "Adding base Dockerfile from $ROOT_DIR and merging to devcontainer-Dockerfile" 
+{
 
-echo "# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-configs.sh" > "$OUT_FILE"
-echo "" >> "$OUT_FILE"
-echo "# ---/Dockerfile---" >> "$OUT_FILE"
+echo "# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-configs.sh"
+echo ""
+echo "# ---/Dockerfile---" 
 
-cat "${ROOT_DIR}/Dockerfile" >> "$OUT_FILE"
+cat "${ROOT_DIR}/Dockerfile" 
 
-echo "" >> "$OUT_FILE"
-echo "# ---/resources/devcontainer-Dockerfile---" >> "$OUT_FILE"
-echo "" >> "$OUT_FILE"
+echo ""
+echo "# ---/resources/devcontainer-Dockerfile---"
+echo ""
+cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile"
+} > "$OUT_FILE"
 
-echo "Adding devcontainer-Dockerfile from $DEVCONTAINER_DIR/resources..."
-cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile" >> "$OUT_FILE"
-
-echo "Generated $OUT_FILE using root dir $ROOT_DIR" >&2
+echo "Generated $OUT_FILE using root dir $ROOT_DIR"
 
 echo "Done."

.devcontainer/scripts/setup.sh

@@ -16,7 +16,6 @@
 
 SOURCE_DIR=${SOURCE_DIR:-/workspaces/NetAlertX}
 PY_SITE_PACKAGES="${VIRTUAL_ENV:-/opt/venv}/lib/python3.12/site-packages"
-SOURCE_SERVICES_DIR="${SOURCE_DIR}/install/production-filesystem/services"
 
 LOG_FILES=(
   LOG_APP

back/cron_script.sh

@@ -1,8 +1,6 @@
 #!/bin/bash
 export INSTALL_DIR=/app
 
-LOG_FILE="${INSTALL_DIR}/log/execution_queue.log"
-
 if [ -f "${LOG_EXECUTION_QUEUE}" ] && grep -q "cron_restart_backend" "${LOG_EXECUTION_QUEUE}"; then
   echo "$(date): Restarting backend triggered by cron_restart_backend"
   killall python3 || echo "killall python3 failed or no process found"

install/debian12/install.debian12.sh

@@ -24,7 +24,7 @@ apt-get install sudo -y
 apt-get install -y git
 
 # Clean the directory
-rm -R $INSTALL_DIR/
+rm -R ${INSTALL_DIR:?}/
 
 # Clone the application repository
 git clone https://github.com/jokob-sk/NetAlertX "$INSTALL_DIR/"

install/debian12/install_dependencies.debian12.sh

@@ -34,6 +34,8 @@ sudo phpenmod -v 8.2 sqlite3
 # setup virtual python environment so we can use pip3 to install packages
 apt-get install python3-venv -y
 python3 -m venv /opt/venv
+# Shell check doesn't recognize source command because it's not in the repo, it is in the system at runtime
+# shellcheck disable=SC1091
 source /opt/venv/bin/activate
 
 update-alternatives --install /usr/bin/python python /usr/bin/python3 10

install/debian12/start.debian12.sh

@@ -175,6 +175,8 @@ nginx -t || { echo "[INSTALL] nginx config test failed"; exit 1; }
 # sudo systemctl restart nginx
 
 #  Activate the virtual python environment
+# Shell check doesn't recognize source command because it's not in the repo, it is in the system at runtime
+# shellcheck disable=SC1091
 source /opt/venv/bin/activate
 
 echo "[INSTALL] 🚀 Starting app - navigate to your <server IP>:${PORT}"

install/production-filesystem/build/init-cron.sh

@@ -1,5 +1,5 @@
-
 #!/bin/bash
+
 echo "Initializing cron..."
  # Placeholder for cron initialization commands
 echo "cron initialized."

install/production-filesystem/build/init-nginx.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 echo "Initializing nginx..."
-install -d -o netalertx -g netalertx -m 700 ${SYSTEM_SERVICES_RUN_TMP}/client_body;
+install -d -o netalertx -g netalertx -m 700 "${SYSTEM_SERVICES_RUN_TMP}/client_body";
 echo "nginx initialized."

install/production-filesystem/entrypoint.d/0-storage-permission.sh

@@ -51,12 +51,13 @@ if [ "$(id -u)" -eq 0 ]; then
 EOF
     >&2 printf "%s" "${RESET}"
 
-    # Set ownership to netalertx user for all read-write paths
-    chown -R netalertx ${READ_WRITE_PATHS} 2>/dev/null || true
-
-    # Set directory and file permissions for all read-write paths
-    find ${READ_WRITE_PATHS} -type d -exec chmod u+rwx {} \;
-    find ${READ_WRITE_PATHS} -type f -exec chmod u+rw {} \;
+    # Set ownership and permissions for each read-write path individually
+    printf '%s\n' "${READ_WRITE_PATHS}" | while IFS= read -r path; do
+        [ -n "${path}" ] || continue
+        chown -R netalertx "${path}" 2>/dev/null || true
+        find "${path}" -type d -exec chmod u+rwx {} \;
+        find "${path}" -type f -exec chmod u+rw {} \;
+    done
     echo Permissions fixed for read-write paths. Please restart the container as user 20211.
     sleep infinity & wait $!
 fi

install/production-filesystem/entrypoint.d/01-data-migration.sh

@@ -16,11 +16,11 @@ LEGACY_DB=/app/db
 MARKER_NAME=.migration
 
 is_mounted() {
-    local path="$1"
-    if [ ! -d "${path}" ]; then
+    my_path="$1"
+    if [ ! -d "${my_path}" ]; then
         return 1
     fi
-    mountpoint -q "${path}" 2>/dev/null
+    mountpoint -q "${my_path}" 2>/dev/null
 }
 
 warn_unmount_legacy() {

install/production-filesystem/entrypoint.d/15-first-run-config.sh

@@ -2,7 +2,7 @@
 # first-run-check.sh - Checks and initializes configuration files on first run
 
 # Check for app.conf and deploy if required
-if [ ! -f ${NETALERTX_CONFIG}/app.conf ]; then
+if [ ! -f "${NETALERTX_CONFIG}/app.conf" ]; then
     mkdir -p "${NETALERTX_CONFIG}" || {
         >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}"
         exit 1

install/production-filesystem/entrypoint.d/20-first-run-db.sh

@@ -441,7 +441,9 @@ CREATE TRIGGER "trg_delete_devices"
             END;
 end-of-database-schema
 
-if [ $? -ne 0 ]; then
+database_creation_status=$?
+
+if [ $database_creation_status -ne 0 ]; then
   RED=$(printf '\033[1;31m')
   RESET=$(printf '\033[0m')
   >&2 printf "%s" "${RED}"

install/production-filesystem/entrypoint.sh

@@ -50,7 +50,7 @@ fi
 RED='\033[1;31m'
 GREY='\033[90m'
 RESET='\033[0m'
-printf "${RED}"
+printf "%s" "${RED}"
 echo '
  _   _      _    ___  _           _  __   __
 | \ | |    | |  / _ \| |         | | \ \ / /
@@ -60,7 +60,7 @@ echo '
 \_| \_/\___|\__\_| |_/_|\___|_|   \__\/   \/
 '
 
-printf "\033[0m"
+printf "%s" "${RESET}"
 echo '   Network intruder and presence detector. 
    https://netalertx.com
 
@@ -69,15 +69,15 @@ set -u
 
 FAILED_STATUS=""
 echo "Startup pre-checks"
-for script in ${ENTRYPOINT_CHECKS}/*; do
+for script in "${ENTRYPOINT_CHECKS}"/*; do
     if [ -n "${SKIP_TESTS:-}" ]; then
         echo "Skipping startup checks as SKIP_TESTS is set."
         break
     fi
     script_name=$(basename "$script" | sed 's/^[0-9]*-//;s/\.(sh|py)$//;s/-/ /g')
     echo "--> ${script_name} "
 	if [ -n "${SKIP_STARTUP_CHECKS:-}" ] && echo "${SKIP_STARTUP_CHECKS}" | grep -q "\b${script_name}\b"; then
-		printf "${GREY}skip${RESET}\n"
+    printf "%sskip%s\n" "${GREY}" "${RESET}"
 		continue
 	fi
 
@@ -134,7 +134,7 @@ fi
 
 # Update vendor data (MAC address OUI database) in the background
 # This happens concurrently with service startup to avoid blocking container readiness
-bash ${SYSTEM_SERVICES_SCRIPTS}/update_vendors.sh &
+bash "${SYSTEM_SERVICES_SCRIPTS}/update_vendors.sh" &
 
 
 

install/production-filesystem/services/start-backend.sh

@@ -3,7 +3,7 @@
 cd "${NETALERTX_APP}" || exit 1
 max_attempts=50  # 10 seconds total (50 * 0.2s)
 attempt=0
-while ps ax | grep -v grep | grep -q python3 && [ $attempt -lt $max_attempts ]; do
+while pgrep -x python3 >/dev/null && [ $attempt -lt $max_attempts ]; do
 	killall -TERM python3 &>/dev/null
 	sleep 0.2
 	((attempt++))
@@ -12,4 +12,5 @@ done
 killall -KILL python3 &>/dev/null
 
 echo "Starting python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > ${NETALERTX_LOG}/stdout.log 2> >(tee ${NETALERTX_LOG}/stderr.log >&2)"
-exec python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > ${NETALERTX_LOG}/stdout.log 2> >(tee ${NETALERTX_LOG}/stderr.log >&2)
+read -ra EXTRA_PARAMS < <(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null)
+exec python3 "${EXTRA_PARAMS[@]}" -m server > "${NETALERTX_LOG}/stdout.log" 2> >(tee "${NETALERTX_LOG}/stderr.log" >&2)

install/production-filesystem/services/start-cron.sh

@@ -4,18 +4,22 @@ set -euo pipefail
 
 crond_pid=""
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 cleanup() {
 	status=$?
 	echo "Supercronic stopped! (exit ${status})"
 }
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 forward_signal() {
 	if [[ -n "${crond_pid}" ]]; then
 		kill -TERM "${crond_pid}" 2>/dev/null || true
 	fi
 }
 
-while ps ax | grep -v -e grep -e '.sh' | grep crond >/dev/null 2>&1; do
+while pgrep -x crond >/dev/null 2>&1; do
 	killall crond &>/dev/null
 	sleep 0.2
 done

install/production-filesystem/services/start-nginx.sh

@@ -11,11 +11,15 @@ mkdir -p "${LOG_DIR}" "${RUN_DIR}" "${TMP_DIR}"
 
 nginx_pid=""
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 cleanup() {
 	status=$?
 	echo "nginx stopped! (exit ${status})"
 }
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 forward_signal() {
 	if [[ -n "${nginx_pid}" ]]; then
 		kill -TERM "${nginx_pid}" 2>/dev/null || true
@@ -24,12 +28,15 @@ forward_signal() {
 
 
 # When in devcontainer we must kill any existing nginx processes
-while ps ax | grep -v -e "grep" -e "nginx.sh" | grep nginx >/dev/null 2>&1; do
+while pgrep -x nginx >/dev/null 2>&1; do
 	killall nginx &>/dev/null || true
 	sleep 0.2
 done
 
 TEMP_CONFIG_FILE=$(mktemp "${TMP_DIR}/netalertx.conf.XXXXXX")
+
+# Shell check doesn't recognize envsubst variables
+# shellcheck disable=SC2016
 if envsubst '${LISTEN_ADDR} ${PORT}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then
 	mv "${TEMP_CONFIG_FILE}" "${SYSTEM_SERVICES_ACTIVE_CONFIG_FILE}"
 else

install/production-filesystem/services/start-php-fpm.sh

@@ -3,18 +3,22 @@ set -euo pipefail
 
 php_fpm_pid=""
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 cleanup() {
 	status=$?
 	echo "php-fpm stopped! (exit ${status})"
 }
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 forward_signal() {
 	if [[ -n "${php_fpm_pid}" ]]; then
 		kill -TERM "${php_fpm_pid}" 2>/dev/null || true
 	fi
 }
 
-while ps ax | grep -v grep | grep php-fpm83 >/dev/null; do
+while pgrep -x php-fpm83 >/dev/null; do
 	killall php-fpm83 &>/dev/null
 	sleep 0.2
 done
@@ -27,5 +31,6 @@ echo "Starting /usr/sbin/php-fpm83 -y \"${PHP_FPM_CONFIG_FILE}\" -F >>\"${LOG_AP
 php_fpm_pid=$!
 
 wait "${php_fpm_pid}"
+exit_status=$?
 echo -ne " done"
-exit $?
+exit $exit_status

install/proxmox/proxmox-install-netalertx.sh

@@ -127,6 +127,8 @@ apt-get install -y --no-install-recommends \
     ca-certificates lsb-release curl gnupg
 
 # Detect OS
+# Shell check doesn't recognize source command because it's not in the repo, it is in the system at runtime
+# shellcheck disable=SC1091
 . /etc/os-release
 OS_ID="${ID:-}"
 OS_VER="${VERSION_ID:-}"
@@ -203,6 +205,8 @@ printf "%b\n" "-----------------------------------------------------------------
 printf "%b\n" "${GREEN}[INSTALLING]                          ${RESET}Setting up Python environment"
 printf "%b\n" "--------------------------------------------------------------------------"
 python3 -m venv /opt/myenv
+# Shell check doesn't recognize source command because it's not in the repo, it is in the system at runtime
+# shellcheck disable=SC1091
 source /opt/myenv/bin/activate
 python -m pip install --upgrade pip
 python -m pip install -r "${INSTALLER_DIR}/requirements.txt"

install/ubuntu24/install.sh

@@ -22,7 +22,6 @@ NGINX_CONF_FILE=netalertx.conf
 WEB_UI_DIR=/var/www/html/netalertx
 NGINX_CONFIG_FILE=/etc/nginx/conf.d/$NGINX_CONF_FILE
 OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
-SCRIPT_DIR="$(cd -- "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 FILEDB=${INSTALL_DIR}/db/${DB_FILE}
 PHPVERSION="8.3"
 VENV_DIR="/opt/netalertx-python"
@@ -106,7 +105,7 @@ if [ -d "${INSTALL_DIR}" ]; then
   if [ "$1" == "install" ] || [ "$1" == "update" ] || [ "$1" == "start" ]; then
     confirmation=$1
   else
-    read -p "Enter your choice: " confirmation
+    read -rp "Enter your choice: " confirmation
   fi
   if [ "$confirmation" == "install" ]; then
     # Ensure INSTALL_DIR is safe to wipe
@@ -118,7 +117,7 @@ if [ -d "${INSTALL_DIR}" ]; then
       mountpoint -q "${INSTALL_DIR}/front" && umount "${INSTALL_DIR}/front" 2>/dev/null
 
       # Remove all contents safely
-      rm -rf -- "${INSTALL_DIR}"/* "${INSTALL_DIR}"/.[!.]* "${INSTALL_DIR}"/..?* 2>/dev/null
+      rm -rf -- "${INSTALL_DIR:?}"/* "${INSTALL_DIR}"/.[!.]* "${INSTALL_DIR}"/..?* 2>/dev/null
 
       # Re-clone repository
       git clone "${GITHUB_REPO}" "${INSTALL_DIR}/"
@@ -152,6 +151,8 @@ echo "---------------------------------------------------------"
 echo
 # update-alternatives --install /usr/bin/python python /usr/bin/python3 10
 python3 -m venv "${VENV_DIR}"
+# Shell check doesn't recognize source command because it's not in the repo, it is in the system at runtime
+# shellcheck disable=SC1091
 source "${VENV_DIR}/bin/activate"
 
 if [[ ! -f "${REQUIREMENTS_FILE}" ]]; then