Merge remote-tracking branch 'refs/remotes/origin/main'

Author: jackfromeast

.gitignore

@@ -14,10 +14,13 @@ output/**
 **/dependency/output
 **/dependency/output/**
 **/dependency/logs/**
+staticfiles
+db.sqlite3
 node_modules
 .claude
 .vscode
 dataset/github/python-20141001-20241001-star-100-1K.json
 
 # Generated wiki output (built from website/source/ by Hugo CI)
-website/wiki/
+website/wiki/
+credentials.json

cp-collection/EPro-PnP/poc/library/model_updater.py

@@ -0,0 +1,60 @@
+"""
+Copyright (C) 2010-2022 Alibaba Group Holding Limited.
+This file is modified from
+https://github.com/tjiiv-cprg/MonoRUn
+"""
+
+import functools
+from mmcv.runner.hooks.hook import HOOKS, Hook
+
+
+def rgetattr(obj, attr, *args):
+    def _getattr(obj, attr):
+        return getattr(obj, attr, *args)
+    return functools.reduce(_getattr, [obj] + attr.split('.'))
+
+
+def rsetattr(obj, attr, val):
+    pre, _, post = attr.rpartition('.')
+    return setattr(rgetattr(obj, pre) if pre else obj, post, val)
+
+
+@HOOKS.register_module()
+class ModelUpdaterHook(Hook):
+    """
+    Args:
+        step (list[int])
+        cfgs (list[dict])
+        by_epoch (bool)
+    """
+
+    def __init__(self, step, cfgs, by_epoch=True):
+        self.by_epoch = by_epoch
+        assert isinstance(step, list) and isinstance(cfgs, list) and isinstance(cfgs[0], dict)
+        self.step = step
+        self.cfgs = cfgs
+        self.current_step_id = 0
+
+    def get_step_id(self, runner):
+        progress = runner.epoch if self.by_epoch else runner.iter
+        step_id = len(self.step)
+        for i, s in enumerate(self.step):
+            if progress < s:
+                step_id = i
+                break
+        if step_id > self.current_step_id:  # step forward
+            self.set_cfg(runner, step_id)
+            self.current_step_id = step_id
+
+    def set_cfg(self, runner, step_id):
+        cfg = self.cfgs[step_id - 1]
+        for key, value in cfg.items():
+            rsetattr(runner.model.module, key, value)
+
+    def before_train_iter(self, runner):
+        if not self.by_epoch:
+            self.get_step_id(runner)
+
+    def before_train_epoch(self, runner):
+        if self.by_epoch:
+            self.get_step_id(runner)

cp-collection/EPro-PnP/poc/library/poc.py

@@ -1,8 +1,44 @@
 # CLASS POLLUTION PROOF OF CONCEPT (PoC)
 # Class Pollution Func: rsetattr
 # Type: get-attr-set-attr
+# Source: EPro-PnP-Det/epropnp_det/runner/hooks/model_updater.py
+#
+# EPro-PnP requires mmcv/mmdet C extensions that prevent pip install.
+# We download the vulnerable source file, verify the code matches,
+# then reproduce the vulnerable functions to demonstrate the bug.
+
+import functools
+import os
+import subprocess
+
+REPO_COMMIT = "21269649033c464c2c9d829ee9bad09ef6839320"
+SOURCE_URL = f"https://raw.githubusercontent.com/tjiiv-cprg/EPro-PnP/{REPO_COMMIT}/EPro-PnP-Det/epropnp_det/runner/hooks/model_updater.py"
+LOCAL_FILE = os.path.join(os.path.dirname(__file__), "model_updater.py")
+
+# Download source if not cached
+if not os.path.exists(LOCAL_FILE):
+    subprocess.run(["curl", "-sS", SOURCE_URL, "-o", LOCAL_FILE], check=True)
+
+with open(LOCAL_FILE, "r") as f:
+    source = f.read()
+
+# Verify vulnerable pattern exists in source
+assert "def rsetattr(obj, attr, val):" in source
+assert "def rgetattr(obj, attr, *args):" in source
+assert "functools.reduce(_getattr, [obj] + attr.split('.'))" in source
+print(f"[*] Verified vulnerable rsetattr/rgetattr at commit {REPO_COMMIT[:12]}")
+
+
+# Reproduce the exact vulnerable functions from source
+def rgetattr(obj, attr, *args):
+    def _getattr(obj, attr):
+        return getattr(obj, attr, *args)
+    return functools.reduce(_getattr, [obj] + attr.split('.'))
+
+def rsetattr(obj, attr, val):
+    pre, _, post = attr.rpartition('.')
+    return setattr(rgetattr(obj, pre) if pre else obj, post, val)
 
-from epropnp_det.runner.hooks.model_updater import rsetattr
 
 class Target: pass
 target = Target()

cp-collection/EPro-PnP/poc/library/requirements.txt

@@ -1,2 +1,3 @@
-# EPro-PnP is not on PyPI, install from git
-git+https://github.com/tjiiv-cprg/EPro-PnP.git#subdirectory=EPro-PnP-Det
+# EPro-PnP cannot be pip-installed (requires mmcv/mmdet C extensions).
+# The PoC downloads the vulnerable source file directly from GitHub.
+# Pinned commit: 21269649033c464c2c9d829ee9bad09ef6839320

cp-collection/django-unicorn/poc/remote/app/settings.py

@@ -1,13 +1,26 @@
-SECRET_KEY = "poc-insecure-key"
-DEBUG = True
+from pathlib import Path
+
+BASE_DIR = Path(__file__).resolve().parent
+
+SECRET_KEY = "demo-insecure-key-do-not-use-in-production"
+DEBUG = False
 ALLOWED_HOSTS = ["*"]
 ROOT_URLCONF = "urls"
 INSTALLED_APPS = [
     "django.contrib.contenttypes",
     "django.contrib.auth",
+    "django.contrib.sessions",
+    "django.contrib.staticfiles",
     "django_unicorn",
     "unicorn",
 ]
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "whitenoise.middleware.WhiteNoiseMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+]
 TEMPLATES = [
     {
         "BACKEND": "django.template.backends.django.DjangoTemplates",
@@ -16,8 +29,28 @@
         "OPTIONS": {
             "context_processors": [
                 "django.template.context_processors.request",
+                "django.template.context_processors.static",
             ],
         },
     },
 ]
-DATABASES = {"default": {"ENGINE": "django.db.backends.sqlite3", "NAME": ":memory:"}}
+DATABASES = {"default": {"ENGINE": "django.db.backends.sqlite3", "NAME": BASE_DIR / "db.sqlite3"}}
+LOGGING = {
+    "version": 1,
+    "handlers": {
+        "console": {"class": "logging.StreamHandler"},
+    },
+    "loggers": {
+        "django.server": {
+            "handlers": ["console"],
+            "level": "INFO",
+        },
+        "django.request": {
+            "handlers": ["console"],
+            "level": "ERROR",
+        },
+    },
+}
+STATIC_URL = "/static/"
+STATIC_ROOT = BASE_DIR / "staticfiles"
+STATICFILES_DIRS = ["static"]

cp-collection/django-unicorn/poc/remote/app/templates/home.html

@@ -0,0 +1,142 @@
+{% load unicorn %}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>NovaMart — Modern E-Commerce</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <script>
+        tailwind.config = {
+            theme: {
+                extend: {
+                    colors: {
+                        brand: { 50: '#f0f9ff', 100: '#e0f2fe', 500: '#0ea5e9', 600: '#0284c7', 700: '#0369a1' },
+                    }
+                }
+            }
+        }
+    </script>
+    <style>
+        @import url('https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap');
+        body { font-family: 'Inter', sans-serif; }
+        .product-card:hover { transform: translateY(-4px); box-shadow: 0 20px 40px rgba(0,0,0,0.1); }
+        .product-card { transition: all 0.3s ease; }
+        .fade-in { animation: fadeIn 0.3s ease-in; }
+        @keyframes fadeIn { from { opacity: 0; transform: translateY(10px); } to { opacity: 1; transform: translateY(0); } }
+        .star-filled { color: #f59e0b; }
+        .star-empty { color: #d1d5db; }
+    </style>
+    {% unicorn_scripts %}
+</head>
+<body class="bg-gray-50 min-h-screen">
+    {% csrf_token %}
+    <!-- Navigation -->
+    <nav class="bg-white border-b border-gray-200 sticky top-0 z-50 shadow-sm">
+        <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
+            <div class="flex justify-between items-center h-16">
+                <div class="flex items-center space-x-8">
+                    <a href="/" class="text-2xl font-bold text-brand-700">
+                        <span class="text-brand-500">Nova</span>Mart
+                    </a>
+                    <div class="hidden md:flex space-x-6">
+                        <a href="#" class="text-gray-600 hover:text-brand-600 font-medium text-sm">New Arrivals</a>
+                        <a href="#" class="text-gray-600 hover:text-brand-600 font-medium text-sm">Best Sellers</a>
+                        <a href="#" class="text-gray-600 hover:text-brand-600 font-medium text-sm">Categories</a>
+                        <a href="#" class="text-gray-600 hover:text-brand-600 font-medium text-sm">Deals</a>
+                    </div>
+                </div>
+                <div class="flex items-center space-x-4">
+                    <button class="text-gray-500 hover:text-gray-700">
+                        <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"/>
+                        </svg>
+                    </button>
+                    <button class="text-gray-500 hover:text-gray-700">
+                        <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4.318 6.318a4.5 4.5 0 000 6.364L12 20.364l7.682-7.682a4.5 4.5 0 00-6.364-6.364L12 7.636l-1.318-1.318a4.5 4.5 0 00-6.364 0z"/>
+                        </svg>
+                    </button>
+                </div>
+            </div>
+        </div>
+    </nav>
+
+    <!-- Hero Banner -->
+    <div class="bg-gradient-to-r from-brand-700 via-brand-600 to-indigo-600 text-white">
+        <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
+            <div class="flex flex-col md:flex-row items-center justify-between">
+                <div>
+                    <p class="text-brand-100 text-sm font-medium mb-2">SUMMER COLLECTION 2025</p>
+                    <h1 class="text-4xl md:text-5xl font-bold mb-4">Discover What's New</h1>
+                    <p class="text-brand-100 text-lg max-w-lg">Curated products from top brands. Free shipping on orders over $99.</p>
+                </div>
+                <div class="mt-6 md:mt-0">
+                    <span class="bg-white/20 backdrop-blur-sm border border-white/30 rounded-full px-6 py-3 text-sm font-medium">
+                        Use code <strong>SUMMER25</strong> for 25% off
+                    </span>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Main Content -->
+    <main class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-10">
+        <!-- Product Search, Filter & Cart -->
+        {% unicorn 'product_search' %}
+
+        <!-- Reviews Section -->
+        <div class="mt-16 border-t border-gray-200 pt-12">
+            <h2 class="text-2xl font-bold text-gray-900 mb-8">Customer Reviews</h2>
+            {% unicorn 'review_form' %}
+        </div>
+    </main>
+
+    <!-- Footer -->
+    <footer class="bg-gray-900 text-gray-400 mt-20">
+        <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
+            <div class="grid grid-cols-2 md:grid-cols-4 gap-8">
+                <div>
+                    <h3 class="text-white font-semibold mb-4">Shop</h3>
+                    <ul class="space-y-2 text-sm">
+                        <li><a href="#" class="hover:text-white">New Arrivals</a></li>
+                        <li><a href="#" class="hover:text-white">Best Sellers</a></li>
+                        <li><a href="#" class="hover:text-white">Sale</a></li>
+                        <li><a href="#" class="hover:text-white">Gift Cards</a></li>
+                    </ul>
+                </div>
+                <div>
+                    <h3 class="text-white font-semibold mb-4">Help</h3>
+                    <ul class="space-y-2 text-sm">
+                        <li><a href="#" class="hover:text-white">Shipping</a></li>
+                        <li><a href="#" class="hover:text-white">Returns</a></li>
+                        <li><a href="#" class="hover:text-white">Size Guide</a></li>
+                        <li><a href="#" class="hover:text-white">Contact Us</a></li>
+                    </ul>
+                </div>
+                <div>
+                    <h3 class="text-white font-semibold mb-4">About</h3>
+                    <ul class="space-y-2 text-sm">
+                        <li><a href="#" class="hover:text-white">Our Story</a></li>
+                        <li><a href="#" class="hover:text-white">Careers</a></li>
+                        <li><a href="#" class="hover:text-white">Sustainability</a></li>
+                        <li><a href="#" class="hover:text-white">Press</a></li>
+                    </ul>
+                </div>
+                <div>
+                    <h3 class="text-white font-semibold mb-4">Connect</h3>
+                    <ul class="space-y-2 text-sm">
+                        <li><a href="#" class="hover:text-white">Instagram</a></li>
+                        <li><a href="#" class="hover:text-white">Twitter</a></li>
+                        <li><a href="#" class="hover:text-white">Facebook</a></li>
+                        <li><a href="#" class="hover:text-white">Newsletter</a></li>
+                    </ul>
+                </div>
+            </div>
+            <div class="border-t border-gray-800 mt-10 pt-8 text-sm text-center">
+                <p>&copy; 2025 NovaMart. All rights reserved. Built with Django + django-unicorn.</p>
+            </div>
+        </div>
+    </footer>
+</body>
+</html>