hectamail-website/app.py

from flask import Flask, render_template, request, redirect, url_for
import subprocess
import re
from waitress import serve

allowed_pattern = r'^[a-zA-Z0-9.]+$'

def is_valid_input(input_string):
    return re.match(allowed_pattern, input_string) is not None

app = Flask(__name__)

def create_email_account(username, password):
    if is_valid_input(password) and is_valid_input(username):
        try:
            # Use echo to securely pass the password to the command
            cmd = ["echo", password, "|", "doas", "-u", "maddy", "maddy", "creds", "create", f"{username}@hectabit.org"]
            result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

            if result.returncode == 0:
                # Command executed successfully
                return True
            else:
                # Handle errors, log them, and return False
                error_message = result.stderr.decode("utf-8")
                print(f"Error creating email account: {error_message}")
                return False
        except Exception as e:
            # Handle exceptions and return False
            print(f"Error creating email account: {str(e)}")
            return False
    else:
        print(f"Injection Bypass! Very bad!")
        return False

@app.route('/')
def index():
    return render_template('index.html')

@app.route('/api', methods=['POST'])
def register():
    username = request.form.get('username')
    password = request.form.get('password')

    if not is_valid_input(password) or not is_valid_input(username):
        return render_template('num.html'), 400

    if create_email_account(username, password):
        return render_template('ok.html')
    else:
        return render_template('err.html'), 500


if __name__ == '__main__':
    serve(app, host='0.0.0.0', port=8050)
Init 2023-11-04 16:46:10 +00:00			`from flask import Flask, render_template, request, redirect, url_for`
			`import subprocess`
			`import re`
			`from waitress import serve`

			`allowed_pattern = r'^[a-zA-Z0-9.]+$'`

			`def is_valid_input(input_string):`
			`return re.match(allowed_pattern, input_string) is not None`

			`app = Flask(__name__)`

			`def create_email_account(username, password):`
			`if is_valid_input(password) and is_valid_input(username):`
			`try:`
			`# Use echo to securely pass the password to the command`
			`cmd = ["echo", password, "\|", "doas", "-u", "maddy", "maddy", "creds", "create", f"{username}@hectabit.org"]`
			`result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)`

			`if result.returncode == 0:`
			`# Command executed successfully`
			`return True`
			`else:`
			`# Handle errors, log them, and return False`
			`error_message = result.stderr.decode("utf-8")`
			`print(f"Error creating email account: {error_message}")`
			`return False`
			`except Exception as e:`
			`# Handle exceptions and return False`
			`print(f"Error creating email account: {str(e)}")`
			`return False`
			`else:`
			`print(f"Injection Bypass! Very bad!")`
			`return False`

			`@app.route('/')`
			`def index():`
			`return render_template('index.html')`

			`@app.route('/api', methods=['POST'])`
			`def register():`
			`username = request.form.get('username')`
			`password = request.form.get('password')`

			`if not is_valid_input(password) or not is_valid_input(username):`
			`return render_template('num.html'), 400`

			`if create_email_account(username, password):`
			`return render_template('ok.html')`
			`else:`
			`return render_template('err.html'), 500`


			`if __name__ == '__main__':`
			`serve(app, host='0.0.0.0', port=8050)`