Update nextcheck.sh

2025-12-07 05:21:05 +00:00
parent fa6dad90e5
commit 52b407994c
1 changed files with 21 additions and 15 deletions
--- a/nextcheck.sh
+++ b/nextcheck.sh
@@ -1,5 +1,12 @@
 #!/bin/bash

+# 1. PRE-FLIGHT CHECK: Ensure Docker is running and accessible
+if ! docker ps >/dev/null 2>&1; then
+    echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon."
+    echo "         Try running this script with 'sudo'."
+    exit 1
+fi
+
 # Counters
 TOTAL_SCANNED=0
 NODE_CONTAINERS=0
@@ -9,23 +16,26 @@ echo "========================================================"
 echo "   Next.js Vulnerability Scanner (CVE-2025-55182)       "
 echo "========================================================"

-# Get all running container IDs and Names
-# We use a while loop to handle spaces in names correctly
-docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do
+# We use Process Substitution < <(...) instead of a pipe | 
+# This ensures the loop runs in the current shell, preserving variables.
+while IFS='|' read -r id name; do
    ((TOTAL_SCANNED++))
    
-    # 1. HEURISTIC CHECK: Is this a Node/JS app?
-    # We check for package.json in common paths (/app is Coolify standard)
-    # OR if the 'node' binary exists in the path.
+    # Optional: Progress indicator (uncomment if you have many containers)
+    # echo -ne "Scanning: $name\r"
+    
+    # 2. HEURISTIC: Is this a Node environment?
+    # We check for package.json in standard paths or the 'node' binary
    is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
    
    if [ "$is_node" == "yes" ]; then
        ((NODE_CONTAINERS++))
        
-        # 2. VERSION CHECK
-        # Check package.json for "next" version
+        # 3. VERSION CHECK
+        # Method A: Grep package.json
        version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null)
-        # Check for Standalone server (Production builds)
+        
+        # Method B: Check for Standalone server
        is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null)

        if [[ ! -z "$version_check" ]]; then
@@ -34,15 +44,11 @@ docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do
        elif [[ ! -z "$is_standalone" ]]; then
            echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually"
            ((VULNERABLE_COUNT++))
-        else
-             # Uncomment the line below if you want to see SAFE node apps too
-             # echo -e "[\033[32mSAFE\033[0m] $name \t-> Node app (No Next.js detected)"
-             :
        fi
    fi
-done
+done < <(docker ps --format '{{.ID}}|{{.Names}}')

-echo "========================================================"
+echo -e "\n========================================================"
 echo "SCAN COMPLETE"
 echo "--------------------------------------------------------"
 echo "Total Containers Scanned: $TOTAL_SCANNED"