From fa6dad90e5ec494c756df4a96acb8a5d828a9fcf Mon Sep 17 00:00:00 2001
From: kqjy <jun@jzwsite.com>
Date: Sun, 7 Dec 2025 05:19:39 +0000
Subject: [PATCH] Update nextcheck.sh

---
 nextcheck.sh | 57 ++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 46 insertions(+), 11 deletions(-)

diff --git a/nextcheck.sh b/nextcheck.sh
index baaab67..3e9b2e8 100644
--- a/nextcheck.sh
+++ b/nextcheck.sh
@@ -1,16 +1,51 @@
 #!/bin/bash
-# Loop through all running containers
-for container in $(docker ps --format '{{.Names}}'); do
-    echo "------------------------------------------------"
-    echo "Checking container: $container"
+
+# Counters
+TOTAL_SCANNED=0
+NODE_CONTAINERS=0
+VULNERABLE_COUNT=0
+
+echo "========================================================"
+echo "   Next.js Vulnerability Scanner (CVE-2025-55182)       "
+echo "========================================================"
+
+# Get all running container IDs and Names
+# We use a while loop to handle spaces in names correctly
+docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do
+    ((TOTAL_SCANNED++))
     
-    # Try to list the installed next version inside the container
-    # Most Coolify/Nixpacks containers place source in /app
-    version=$(docker exec "$container" npm list next --depth=0 2>/dev/null | grep 'next@')
+    # 1. HEURISTIC CHECK: Is this a Node/JS app?
+    # We check for package.json in common paths (/app is Coolify standard)
+    # OR if the 'node' binary exists in the path.
+    is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
     
-    if [ ! -z "$version" ]; then
-        echo -e "\033[31mFOUND NEXT.JS:\033[0m $version"
-    else
-        echo "Next.js not detected (or not a Node container)"
+    if [ "$is_node" == "yes" ]; then
+        ((NODE_CONTAINERS++))
+        
+        # 2. VERSION CHECK
+        # Check package.json for "next" version
+        version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null)
+        # Check for Standalone server (Production builds)
+        is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null)
+
+        if [[ ! -z "$version_check" ]]; then
+            echo -e "[\033[31mVULN\033[0m] $name \t-> Next.js $version_check"
+            ((VULNERABLE_COUNT++))
+        elif [[ ! -z "$is_standalone" ]]; then
+            echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually"
+            ((VULNERABLE_COUNT++))
+        else
+             # Uncomment the line below if you want to see SAFE node apps too
+             # echo -e "[\033[32mSAFE\033[0m] $name \t-> Node app (No Next.js detected)"
+             :
+        fi
     fi
 done
+
+echo "========================================================"
+echo "SCAN COMPLETE"
+echo "--------------------------------------------------------"
+echo "Total Containers Scanned: $TOTAL_SCANNED"
+echo "Node/JS Environments:     $NODE_CONTAINERS"
+echo "Next.js Apps Found:       $VULNERABLE_COUNT"
+echo "========================================================"