From bd120e2d43347cfb77eb8b006d4c06c202328847 Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Fri, 27 Mar 2026 19:32:43 +0800
Subject: [PATCH 1/2] Update sample-vuln/app.py in branch
 precogs/auto-fix/critical-1774611161448

---
 sample-vuln/app.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 sample-vuln/app.py

diff --git a/sample-vuln/app.py b/sample-vuln/app.py
new file mode 100644
index 0000000..54729b8
--- /dev/null
+++ b/sample-vuln/app.py
@@ -0,0 +1,21 @@
+
+@app.route("/ping")
+from flask import request
+
+@app.route("/ping")
+def ping():
+    ip = request.args.get("ip", "127.0.0.1")
+    import ipaddress, subprocess
+    try:
+        # PRECOGS_FIX: validate the IP address strictly using ipaddress
+        ip_obj = ipaddress.ip_address(ip)
+    except Exception:
+        return {"error": "invalid ip"}, 400
+
+    # PRECOGS_FIX: call ping without invoking a shell, pass arguments as a list
+    try:
+        subprocess.run(["ping", "-c", "1", str(ip_obj)], check=False)
+    except FileNotFoundError:
+        return {"error": "ping command not available"}, 500
+
+    return {"status": "ok"}
\ No newline at end of file

From 1191e889ddc5eff06d0ca9e127227a3926161f5f Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:53:29 +0530
Subject: [PATCH 2/2] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 21c4dac..ea39499 100644
--- a/README.md
+++ b/README.md
@@ -3,3 +3,4 @@ jh
 cdsav
  kjhbvljhv
 wfewqfd
+acWDSCV