Skip to content

Commit c10c99b

Browse files
committed
hotfix(hotfix): in recon command ss now work propertly \n\n Version: release/0.2.151 \n\n with lvoe \n\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: dom 07 jun 2026 23:12:51 -04 \n\n Hora: 1780888371
1 parent 87f56a5 commit c10c99b

7 files changed

Lines changed: 2684 additions & 2549 deletions

File tree

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,13 @@
22
# Changelog
33

44

5+
### Correcciones urgentes
6+
7+
### Otros
8+
9+
* * hotfix(hotfix): in recon command ss now work propertly \n\n Version: release/0.2.151 \n\n with lvoe \n\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: dom 07 jun 2026 23:12:51 -04 \n\n Hora: 1780888371
10+
11+
512
### Refactorización
613

714
### Otros

README.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13021,6 +13021,20 @@ No description available.
1302113021
# Changelog
1302213022

1302313023

13024+
### Refactorización
13025+
13026+
### Otros
13027+
13028+
* * refactor(refactor): some love to security issues \n\n Version: release/0.2.149 \n\n Versiones de corrección confirmadas contra la base OSV (vía pip-audit sobre el entorno real, no a ojo): \n\n Modified file(s):\n- core/payload_schema.py - lazyc2.py - lazyown.py - modules/lazyown_metaextract0r.py - pyproject.toml - requirements.txt - templates/surface_live.html - tests/test_improvements_spec.py\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: dom 07 jun 2026 13:50:59 -04 \n\n Hora: 1780854659
13029+
13030+
13031+
### Otros
13032+
13033+
### Otros
13034+
13035+
* * update pp
13036+
13037+
1302413038
### Refactorización
1302513039

1302613040
### Otros

cli/commands/_base.py

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
from typing import Any
2525

2626
from cmd2 import CommandSet
27+
from cmd2.exceptions import CommandSetRegistrationError
2728

2829
SHELL_INJECTION_ATTRIBUTE = "_cmd"
2930

@@ -42,6 +43,26 @@ class LazyOwnCommandSet(CommandSet):
4243
phase: str = ""
4344
category: str = ""
4445

46+
def _resolve_shell(self) -> Any:
47+
"""Return the bound parent shell, or ``None`` before registration.
48+
49+
``cmd2`` stores the parent shell in a name-mangled private attribute
50+
and exposes it through the :attr:`cmd2.CommandSet._cmd` property, which
51+
raises :class:`CommandSetRegistrationError` until the set is
52+
registered. This helper centralises that access so the migrated
53+
``do_*`` methods can forward attribute reads without leaking the cmd2
54+
registration exception or depending on cmd2 internals.
55+
56+
Returns:
57+
The parent ``LazyOwnShell`` instance once the set is registered,
58+
otherwise ``None``.
59+
"""
60+
try:
61+
shell = self._cmd
62+
except CommandSetRegistrationError:
63+
return None
64+
return shell if shell is not self else None
65+
4566
@property
4667
def params(self) -> dict[str, Any]:
4768
"""Return the live ``params`` dict owned by the parent shell.
@@ -50,7 +71,7 @@ def params(self) -> dict[str, Any]:
5071
The same dict object that ``LazyOwnShell.params`` exposes when
5172
the set is registered, or an empty dict when it is not.
5273
"""
53-
shell = self.__dict__.get(SHELL_INJECTION_ATTRIBUTE)
74+
shell = self._resolve_shell()
5475
return getattr(shell, "params", {}) if shell is not None else {}
5576

5677
@property
@@ -62,7 +83,7 @@ def payload(self) -> Any:
6283
``LazyOwnShell.params`` so callers always receive a mapping-
6384
like object. Falls back to an empty dict before registration.
6485
"""
65-
shell = self.__dict__.get(SHELL_INJECTION_ATTRIBUTE)
86+
shell = self._resolve_shell()
6687
if shell is None:
6788
return {}
6889
return getattr(shell, "config", None) or getattr(shell, "params", {})
@@ -88,8 +109,8 @@ def __getattr__(self, name: str) -> Any:
88109
"""
89110
if name.startswith("_"):
90111
raise AttributeError(name)
91-
shell = self.__dict__.get(SHELL_INJECTION_ATTRIBUTE)
92-
if shell is None or shell is self:
112+
shell = self._resolve_shell()
113+
if shell is None:
93114
raise AttributeError(name)
94115
return getattr(shell, name)
95116

0 commit comments

Comments
 (0)