CSV path extraction maybe incorrect in S21, S23, and S27 modules

[starrysky1004]

When I used some modules of emba to check script files, I found that shell and php could be checked normally, and python perl lua files could be correctly scanned in the p99 module to find the file path and file type, but the file checked in the s21, s23, and s27 modules was P50_binwalk_extractor instead of the actual file path. I made some changes and it worked successfully. I'm not sure if there is a problem here or if my usage is wrong, so I submitted a Q&A report. Due to my poor English and expression skills, the following content is generated by ai... (This is my first time posting Discussions on github. If there is something wrong with what I said, just treat it as if I have never submitted it. QWQ)

Problem Description

Root Cause

The modules incorrectly use "${variable/;*}" to extract file paths from P99 CSV records. This Bash parameter substitution deletes everything after the first semicolon, returning only the first CSV field (source module name) instead of the file path (second field).

Example with S21 Python Module

P99 CSV Record Structure:

P50_binwalk_extractor;/logs/firmware/test.py;NA;NA;NA;;NA;Python script, ASCII text executable;hash;;

Problematic Code:

s21_script_bandit "${lPY_SCRIPT/;*}"

What Actually Happens:

• Input: P50_binwalk_extractor;/logs/firmware/test.py;NA;...
• "${lPY_SCRIPT/;*}" produces: P50_binwalk_extractor
• bandit tries to scan: ./P50_binwalk_extractor
• Result: Files skipped (1): ./P50_binwalk_extractor (No such file or directory)

What Should Happen:

• Extract file path: /logs/firmware/test.py
• bandit scans the actual Python file
• Security vulnerabilities are properly detected

Steps to Reproduce

1. Create a Python file with security vulnerabilities in firmware directory
2. Run EMBA scan with S21 module enabled
3. Check s21_python_check/bandit_*.txt logs
4. Observe "No such file or directory" errors

Evidence

bandit Log Output:

Files skipped (1):
./P50_binwalk_extractor (No such file or directory)

Total issues (by severity):
Low: 0, Medium: 0, High: 0

Manual bandit Test (works correctly):

bandit /logs/firmware/test.py
# Results: Low: 6, Medium: 5, High: 3

Proposed Fix

Replace incorrect parameter substitution with proper CSV field extraction:

Before:

s21_script_bandit "${lPY_SCRIPT/;*}"

After:

s21_script_bandit "$(echo "${lPY_SCRIPT}" | cut -d';' -f2)"

[m-1-k-3]

This is a bug!
Would you be interested in fixing it and setup a PR for it?

Thanks,
Mike

[starrysky1004]

Yes！I'll setup a PR soon ٩(๑•̀ω•́๑)۶

[m-1-k-3]

Thank you for the fix