Patched main.py

Author: patched.codes[bot]

main.py

@@ -18,9 +18,35 @@ def func_calls():
     prep = req.prepare()
     session.rebuild_proxies(prep, proxies)
 
-    # Introduce a command injection vulnerability
-    user_input = input("Enter a command to execute: ")
-    command = "ping " + user_input
-    subprocess.call(command, shell=True)
+    def is_valid_host(host):
+        """Validate if input is a valid hostname or IP address."""
+        import re
+        # Simple regex for IP address or hostname validation
+        # Allows IPv4 addresses and hostnames with letters, numbers, dots, and hyphens
+        pattern = r'^[a-zA-Z0-9][-a-zA-Z0-9.]{0,253}[a-zA-Z0-9]$|^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$'
+        if not re.match(pattern, host):
+            return False
+        # Check length constraints
+        if len(host) > 255:  # Maximum length for a hostname
+            return False
+        return True
 
-    print("Command executed!")
+    try:
+        user_input = input("Enter an address to ping: ").strip()
+        if not is_valid_host(user_input):
+            raise ValueError("Invalid host address. Please provide a valid hostname or IP address.")
+        
+        # Use list of arguments and shell=False for security
+        result = subprocess.run(['/usr/bin/ping', '-c', '4', user_input], 
+                              shell=False, 
+                              check=True,
+                              capture_output=True,
+                              text=True)
+        print("Command executed successfully!")
+        print(result.stdout)
+    except ValueError as e:
+        print(f"Validation error: {e}")
+    except subprocess.CalledProcessError as e:
+        print(f"Error executing ping command: {e}")
+    except Exception as e:
+        print(f"Unexpected error: {e}")