commix icon indicating copy to clipboard operation
commix copied to clipboard
verified publisher icon commixproject

Fix: Replace f-strings and correct OS loop logic

Open ManojINaik opened this issue 8 months ago • 1 comments

This commit addresses several review comments:

  1. I replaced f-strings with .format() for Python 2.x/3.x compatibility in:

    • src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py
    • src/core/injections/controller/controller.py

  2. I modified the OS checking loop in src/core/injections/controller/controller.py (around line 320) to correctly respect the settings.OS_CHECKS_NUM variable. Previously, if settings.CHECK_BOTH_OS was true, the loop would iterate at most twice (once for UNIX, once for Windows). The new logic ensures that if settings.CHECK_BOTH_OS is true, the loop runs settings.OS_CHECKS_NUM times, cycling through the available OS options (UNIX, Windows). If settings.OS_CHECKS_NUM is not set or invalid, it defaults to iterating through each OS option once. The behavior for settings.CHECK_BOTH_OS being false (iterate once for settings.TARGET_OS) is preserved.

  3. I investigated potential double encoding and newline handling in src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py. No issues requiring changes within this specific file were identified; quoting/unquoting of separators is balanced, and newline manipulation is the final step in payload construction within this file.

ManojINaik avatar Jun 04 '25 05:06 ManojINaik

Thanks for the new PR! I’ll review it soon and follow up.

Closing your previous PR https://github.com/commixproject/commix/pull/1002 as it overlaps with this one.

stasinopoulos avatar Jun 08 '25 07:06 stasinopoulos

@ManojINaik the majority of the proposed changes in this PR were applied manually, since there were several conflicts with the existing code.

stasinopoulos avatar Sep 26 '25 03:09 stasinopoulos