Update app.py
Browse files
app.py
CHANGED
|
@@ -6,6 +6,10 @@ import shutil
|
|
| 6 |
import sys
|
| 7 |
import google.generativeai as genai
|
| 8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
app = Flask(__name__)
|
| 10 |
|
| 11 |
# Create a temporary directory for operations
|
|
@@ -61,8 +65,9 @@ chat = model.start_chat(history=[])
|
|
| 61 |
|
| 62 |
def execute_command(command, cwd=None):
|
| 63 |
"""Executes a command and returns the output."""
|
|
|
|
| 64 |
process = subprocess.Popen(
|
| 65 |
-
|
| 66 |
shell=True,
|
| 67 |
stdout=subprocess.PIPE,
|
| 68 |
stderr=subprocess.PIPE,
|
|
@@ -109,13 +114,15 @@ def execute_code():
|
|
| 109 |
with open(filepath, 'w') as f:
|
| 110 |
f.write(content)
|
| 111 |
result = f"File {filename} created and edited successfully."
|
| 112 |
-
elif ai_result.startswith("!"):
|
| 113 |
result = execute_command(ai_result[1:]) # Remove the leading '!'
|
|
|
|
|
|
|
| 114 |
elif ai_result.startswith("show files"):
|
| 115 |
files = os.listdir(current_dir)
|
| 116 |
result = "Files in current directory:\n" + "\n".join(files)
|
| 117 |
else:
|
| 118 |
-
result =
|
| 119 |
|
| 120 |
return jsonify({"result": f"AI Executed: {ai_result}\n\nOutput:\n{result}"})
|
| 121 |
elif command == "show files":
|
|
|
|
| 6 |
import sys
|
| 7 |
import google.generativeai as genai
|
| 8 |
|
| 9 |
+
def sanitize_command(command):
|
| 10 |
+
"""Sanitize the command to prevent shell injection."""
|
| 11 |
+
return command.replace(";", "").replace("&&", "").replace("||", "")
|
| 12 |
+
|
| 13 |
app = Flask(__name__)
|
| 14 |
|
| 15 |
# Create a temporary directory for operations
|
|
|
|
| 65 |
|
| 66 |
def execute_command(command, cwd=None):
|
| 67 |
"""Executes a command and returns the output."""
|
| 68 |
+
sanitized_command = sanitize_command(command)
|
| 69 |
process = subprocess.Popen(
|
| 70 |
+
sanitized_command,
|
| 71 |
shell=True,
|
| 72 |
stdout=subprocess.PIPE,
|
| 73 |
stderr=subprocess.PIPE,
|
|
|
|
| 114 |
with open(filepath, 'w') as f:
|
| 115 |
f.write(content)
|
| 116 |
result = f"File {filename} created and edited successfully."
|
| 117 |
+
elif ai_result.startswith("!python"):
|
| 118 |
result = execute_command(ai_result[1:]) # Remove the leading '!'
|
| 119 |
+
elif ai_result.startswith("git clone"):
|
| 120 |
+
result = execute_command(ai_result)
|
| 121 |
elif ai_result.startswith("show files"):
|
| 122 |
files = os.listdir(current_dir)
|
| 123 |
result = "Files in current directory:\n" + "\n".join(files)
|
| 124 |
else:
|
| 125 |
+
result = f"Unclear AI response: {ai_result}"
|
| 126 |
|
| 127 |
return jsonify({"result": f"AI Executed: {ai_result}\n\nOutput:\n{result}"})
|
| 128 |
elif command == "show files":
|