Skip to content

Commit

Permalink
updates to avoid shell injection vulnerability One-Click-Auth#22
Browse files Browse the repository at this point in the history
  • Loading branch information
@Just2Deep
Just2Deep committed Mar 27, 2024
1 parent 06f9d73 commit cb3e613
Showing 1 changed file with 65 additions and 51 deletions.
116 changes: 65 additions & 51 deletions trustauthx/cli.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,28 +5,30 @@
from dotenv import load_dotenv
import platform


def is_mac():
return platform.system() == 'Darwin'
return platform.system() == "Darwin"


def main():
parser = argparse.ArgumentParser(prog='trustauthx')
load_dotenv(dotenv_path='./.env', override=True, verbose=True)
api_key = os.environ.get('API_KEY')
api_secret = os.environ.get('API_SECRET')
org_id = os.environ.get('ORG_ID')
parser.add_argument('command')
parser.add_argument('framework')

parser.add_argument('-k', required=not api_key, help='API key')
parser.add_argument('-s', required=not api_secret, help='API secret')
parser.add_argument('-o', required=not org_id, help='Organization ID')
parser = argparse.ArgumentParser(prog="trustauthx")
load_dotenv(dotenv_path="./.env", override=True, verbose=True)
api_key = os.environ.get("API_KEY")
api_secret = os.environ.get("API_SECRET")
org_id = os.environ.get("ORG_ID")

parser.add_argument("command")
parser.add_argument("framework")

parser.add_argument("-k", required=not api_key, help="API key")
parser.add_argument("-s", required=not api_secret, help="API secret")
parser.add_argument("-o", required=not org_id, help="Organization ID")

args = parser.parse_args()
# try:
if args.k and args.s and args.o:
if api_key or api_secret or org_id:
file_path = './.env'
file_path = "./.env"
if os.path.isfile(file_path):
os.remove(file_path)
else:
Expand All @@ -36,76 +38,88 @@ def main():
time.sleep(1)
print("\nEverything Done Status 200, Successfully logged out")
else:
env_vars = {
"API_KEY": args.k,
"API_SECRET": args.s,
"ORG_ID": args.o
}
env_vars = {"API_KEY": args.k, "API_SECRET": args.s, "ORG_ID": args.o}
if is_mac():
try:
with open('.env', 'w') as f:
with open(".env", "w") as f:
for key, value in env_vars.items():
f.write(f'export {key}={value}\n')
except: raise EnvironmentError()
else: subprocess.call("source .env", shell=True)
f.write(f"export {key}={value}\n")
except:
raise EnvironmentError()
else:
subprocess.run(["source", ".env"])
else:
with open('.env', 'w') as f:
with open(".env", "w") as f:
for key, value in env_vars.items():
f.write(f'{key}={value}\n')
load_dotenv(dotenv_path='./.env', override=True, verbose=True)
api_key = os.environ.get('API_KEY')
api_secret = os.environ.get('API_SECRET')
org_id = os.environ.get('ORG_ID')
f.write(f"{key}={value}\n")
load_dotenv(dotenv_path="./.env", override=True, verbose=True)
api_key = os.environ.get("API_KEY")
api_secret = os.environ.get("API_SECRET")
org_id = os.environ.get("ORG_ID")

if api_key or api_secret or org_id: pass
else: print(f"no .env found, api_key {not bool(api_key)}, api_secret {not bool(api_secret)}, org_id {not bool(org_id)}")
if api_key or api_secret or org_id:
pass
else:
print(
f"no .env found, api_key {not bool(api_key)}, api_secret {not bool(api_secret)}, org_id {not bool(org_id)}"
)

client = LLMAI_Inter(api_key, api_secret, org_id, "")
print("\ngetting auth status ...")
if not client.arb_login():raise ConnectionRefusedError("user not found, invalid credential")
print("\ngetting auth status ...")
if not client.arb_login():
raise ConnectionRefusedError("user not found, invalid credential")
print("\nauthorization success, credentials valid")
if args.command == 'neuroform':
client.framework=args.framework

if args.command == "neuroform":
client.framework = args.framework
sdk = client
print("\ngetting req. dependencies:")
list_depends = sdk.Install_dependancies()
print(list_depends)
print("\nInstalling dependencies...")

def install(packages):
if packages == "pip install fastapi[all]":
subprocess.call("pip install fastapi[all]", shell=True)
packages = packages.split(" ") # passing as list of commands
subprocess.run(packages)
return
if isinstance(packages, list):
for package in packages:subprocess.call(package, shell=True)
else:subprocess.call(packages, shell=True)
for package in packages:
subprocess.run(package.split(" "))
else:
subprocess.run(packages.split(" "))

install(list_depends)
print("\nDependencies installed.")
a = sdk.Create_App(path=os.getcwd())
print(a)
print("\nApp named --> authx.py")
print(f"\napp located at --> {os.path.join(os.getcwd(), 'authx.py')}")
print("\nApp creation Successful...")
print(f"\nyou could start the server with command trustauthx start {args.framework}")

if args.command == 'start':
client.framework=args.framework
print(
f"\nyou could start the server with command trustauthx start {args.framework}"
)

if args.command == "start":
client.framework = args.framework
sdk = client
print("\nTrying to start local server ...")
print("\nthis command might fail in case of few frameworks in such cases consider installing req. lib. and starting server manually")
print(
"\nthis command might fail in case of few frameworks in such cases consider installing req. lib. and starting server manually"
)
b = sdk.Start_server()
process = subprocess.Popen(b, shell=True)
process.wait()
b = b.split(" ") # split commands into a list
subprocess.run(b)

if args.command == 'login':
if args.command == "login":
time.sleep(0.5)
print("\nattempt to Login TrustAuthx Build AI successful")
print("\nExecuting Rate-Limit")
time.sleep(1)
print("\nEverything Done Status 200, Ready To Start")

if args.command == 'logout':
file_path = './.env'
if args.command == "logout":
file_path = "./.env"
if os.path.isfile(file_path):
os.remove(file_path)
else:
Expand All @@ -115,9 +129,9 @@ def install(packages):
time.sleep(1)
print("\nEverything Done Status 200, Successfully logged out")

if __name__ == '__main__':
main()

if __name__ == "__main__":
main()

# if args.command == 'fabricate':
# client.framework=args.framework
Expand Down

0 comments on commit cb3e613

Please sign in to comment.