From 21ae3c0d7e8190b35e705ca4ad7866c8a4cfed0c Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
 <298395+patched.codes[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 06:48:23 +0000
Subject: [PATCH 1/2] Patched: "/tmp/tmpoo_lsvqj/main.py"

---
 main.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/main.py b/main.py
index 468f8c0..6b4c197 100644
--- a/main.py
+++ b/main.py
@@ -1,5 +1,6 @@
 import requests
 import subprocess
+import shlex
 
 def func_calls():
     formats.get_format()
@@ -18,9 +19,9 @@ def func_calls():
     prep = req.prepare()
     session.rebuild_proxies(prep, proxies)
 
-    # Introduce a command injection vulnerability
+    # Fixed command injection vulnerability
     user_input = input("Enter a command to execute: ")
-    command = "ping " + user_input
+    command = "ping " + shlex.quote(user_input)
     subprocess.call(command, shell=True)
 
-    print("Command executed!")
\ No newline at end of file
+    print("Command executed!")

From 6a2a0eb521bf093ab2514b6c8a5a1cf460fbe421 Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
 <298395+patched.codes[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 06:48:23 +0000
Subject: [PATCH 2/2] Patched: "/tmp/tmpoo_lsvqj/html.js"

---
 html.js | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/html.js b/html.js
index d685bd5..f65ccc5 100644
--- a/html.js
+++ b/html.js
@@ -127,15 +127,26 @@ export default class Html extends PureComponent {
           {scriptElement}
           <script
             dangerouslySetInnerHTML={{
-              __html: `(function(d) {
-                var config = {
-                  kitId: 'vlk1qbe',
-                  scriptTimeout: 3000,
-                  async: true
-                },
-                h=d.documentElement,t=setTimeout(function(){h.className=h.className.replace(/\bwf-loading\b/g,"")+" wf-inactive";},config.scriptTimeout),tk=d.createElement("script"),f=false,s=d.getElementsByTagName("script")[0],a;h.className+=" wf-loading";tk.src='https://use.typekit.net/'+config.kitId+'.js';tk.async=true;tk.onload=tk.onreadystatechange=function(){a=this.readyState;if(f||a&&a!="complete"&&a!="loaded")return;f=true;clearTimeout(t);try{Typekit.load(config)}catch(e){}};s.parentNode.insertBefore(tk,s)
-              })(document);
-            `,
+              __html: `
+                (function(d) {
+                  var config = {
+                    kitId: 'vlk1qbe',
+                    scriptTimeout: 3000,
+                    async: true
+                  },
+                  h=d.documentElement,t=setTimeout(function(){h.className=h.className.replace(/\\bwf-loading\\b/g,"")+" wf-inactive";},config.scriptTimeout),tk=d.createElement("script"),f=false,s=d.getElementsByTagName("script")[0],a;h.className+=" wf-loading";
+                  tk.src='https://use.typekit.net/'+encodeURIComponent(config.kitId)+'.js';
+                  tk.async=true;
+                  tk.onload=tk.onreadystatechange=function(){
+                    a=this.readyState;
+                    if(f||a&&a!="complete"&&a!="loaded")return;
+                    f=true;
+                    clearTimeout(t);
+                    try{Typekit.load(config)}catch(e){}
+                  };
+                  s.parentNode.insertBefore(tk,s)
+                })(document);
+              `,
             }}
           />
         </body>