#!/bin/bash
set -euo pipefail

# Portable paths - works from any directory
ROOT="${PRUVA_ROOT:-$(cd "$(dirname "$0")/.." && pwd)}"
REPRO_DIR="$ROOT/repro"
LOGS="$REPRO_DIR/logs"
PYMSF_DIR="$ROOT/pymetasploit3"

mkdir -p "$LOGS"

echo "=========================================="
echo "CVE-2026-5463 Reproduction Script"
echo "=========================================="
echo ""

# Ensure Python dependencies
echo "[1/4] Installing Python dependencies..."
pip install -q msgpack requests retry 2>/dev/null || true

# Install vulnerable pymetasploit3 from local source
echo "[2/4] Installing vulnerable pymetasploit3 v1.0.6..."
cd "$PYMSF_DIR"
pip install -q -e . 2>/dev/null || pip install -e .

# Check if Docker is available for real Metasploit RPC
echo "[3/4] Checking for Docker (to run real msfrpcd)..."
MSFRPCD_PID=""
USE_REAL_MSF=false

if command -v docker &> /dev/null; then
    echo "  [INFO] Docker available, attempting to start Metasploit RPC container..."
    
    # Pull and run Metasploit container with RPC
    docker pull metasploitframework/metasploit-framework:latest 2>/dev/null || {
        echo "  [WARN] Could not pull Metasploit Docker image"
    }
    
    # Try to run msfrpcd in container
    if docker images | grep -q metasploit; then
        echo "  [INFO] Starting Metasploit RPC daemon in Docker..."
        docker rm -f msfrpcd-test 2>/dev/null || true
        docker run -d --name msfrpcd-test -p 55553:55553 \
            metasploitframework/metasploit-framework:latest \
            msfrpcd -P password123 -U msf -S -p 55553 -f 2>/dev/null || {
            echo "  [WARN] Could not start Metasploit container"
        }
        
        if docker ps | grep -q msfrpcd-test; then
            echo "  [SUCCESS] Metasploit container started"
            USE_REAL_MSF=true
            sleep 10  # Wait for service to start
        else
            echo "  [WARN] Container failed to start, using simulation mode"
        fi
    fi
else
    echo "  [INFO] Docker not available, using simulation mode with mock RPC"
fi

# Run the reproduction
echo ""
echo "[4/4] Running reproduction test..."
cd "$ROOT"

# Set environment variables for the test
export REPRO_LOG_DIR="$LOGS"
export USE_REAL_MSF="$USE_REAL_MSF"
export MSFRPCD_HOST="127.0.0.1"
export MSFRPCD_PORT="55553"
export MSFRPCD_USER="msf"
export MSFRPCD_PASS="password123"

python3 "$REPRO_DIR/reproduction_steps.py" 2>&1 | tee "$LOGS/reproduction_output.log"
REPRO_EXIT_CODE=${PIPESTATUS[0]}

# Cleanup
if [ "$USE_REAL_MSF" = "true" ]; then
    echo ""
    echo "[5/5] Stopping Metasploit container..."
    docker rm -f msfrpcd-test 2>/dev/null || true
fi

echo ""
echo "[5/5] Results:"
if [ $REPRO_EXIT_CODE -eq 0 ] && grep -q "VULNERABILITY EXPLOITED" "$LOGS/reproduction_output.log" 2>/dev/null; then
    echo "  [SUCCESS] Command injection vulnerability CONFIRMED"
    echo ""
    echo "  Evidence files:"
    ls -la "$LOGS/"
    echo ""
    exit 0
else
    echo "  [FAIL] Could not confirm vulnerability (exit code: $REPRO_EXIT_CODE)"
    echo ""
    echo "  Debug output:"
    tail -50 "$LOGS/reproduction_output.log"
    exit 1
fi