Fix/systemd generated vars ci (#584)

* Fix Systemd module generated vars metadata

* add auto master fix

* f

.github/workflows/ci-master-failure-codex-pr.yml

@@ -0,0 +1,213 @@
+name: CI-master Failure Codex PR
+
+on:
+  workflow_run:
+    workflows: ["CI-master_test"]
+    types: [completed]
+
+jobs:
+  codex_fix_master_failure:
+    if: >
+      ${{ github.event.workflow_run.conclusion == 'failure' &&
+          github.event.workflow_run.head_branch == 'master' &&
+          !startsWith(github.event.workflow_run.head_commit.message, 'Fix CI-master failures for run #') }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      actions: read
+    env:
+      TARGET_BRANCH: master
+      FIX_BRANCH: codex/ci-master-fix-${{ github.event.workflow_run.id }}
+    steps:
+      - name: Checkout failing commit
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.workflow_run.head_sha }}
+          fetch-depth: 0
+          persist-credentials: true
+          token: ${{ secrets.CODEX_FIXER_TOKEN }}
+
+      - name: Configure git author
+        run: |
+          git config user.name "codex-action"
+          git config user.email "codex-action@users.noreply.github.com"
+
+      - name: Create fix branch
+        run: git checkout -b "$FIX_BRANCH"
+
+      - name: Fetch failure summary and failed-step logs
+        env:
+          GH_TOKEN: ${{ github.token }}
+          RUN_ID: ${{ github.event.workflow_run.id }}
+        run: |
+          failed_logs_file="$(pwd)/codex_failed_steps_logs.txt"
+          if gh run view "$RUN_ID" --repo "${{ github.repository }}" --log-failed > "$failed_logs_file"; then
+            if [ ! -s "$failed_logs_file" ]; then
+              echo "No failed step logs were returned by gh run view --log-failed." > "$failed_logs_file"
+            fi
+          else
+            echo "Failed to download failed step logs with gh run view --log-failed." > "$failed_logs_file"
+          fi
+          echo "FAILED_LOGS_PATH=$failed_logs_file" >> "$GITHUB_ENV"
+
+          gh api -H "Accept: application/vnd.github+json" \
+            /repos/${{ github.repository }}/actions/runs/$RUN_ID/jobs \
+            --paginate > /tmp/jobs.json
+          python3 - <<'PY'
+          import json
+
+          data = json.load(open('/tmp/jobs.json'))
+          lines = []
+          for job in data.get('jobs', []):
+            if job.get('conclusion') == 'failure':
+              lines.append(f"Job: {job.get('name')} (id {job.get('id')})")
+              lines.append(f"URL: {job.get('html_url')}")
+              for step in job.get('steps', []):
+                if step.get('conclusion') == 'failure':
+                  lines.append(f"  Step: {step.get('name')}")
+              lines.append("")
+
+          summary = "\n".join(lines).strip() or "No failing job details found."
+          with open('codex_failure_summary.txt', 'w') as handle:
+            handle.write(summary)
+          PY
+
+      - name: Create Codex prompt
+        env:
+          RUN_URL: ${{ github.event.workflow_run.html_url }}
+          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
+        run: |
+          {
+            echo "You are fixing a failing CI-master_test run in ${{ github.repository }}."
+            echo "The failing workflow run is: ${RUN_URL}"
+            echo "The failing commit SHA is: ${HEAD_SHA}"
+            echo "The target branch for the final PR is: ${TARGET_BRANCH}"
+            echo ""
+            echo "Failure summary:"
+            cat codex_failure_summary.txt
+            echo ""
+            echo "Failed-step logs file absolute path (local runner): ${FAILED_LOGS_PATH}"
+            echo "Read that file to inspect the exact failing logs."
+            echo ""
+            echo "Please identify the cause, apply an easy, simple and minimal fix, and update files accordingly."
+            echo "Run any fast checks you can locally (no network)."
+            echo "Leave the repo in a state ready to commit; changes will be committed and pushed automatically."
+          } > codex_prompt.txt
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install chack-agent
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e chack-agent
+
+      - name: Run Chack Agent
+        id: run_codex
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          INPUT_PROVIDER: openai
+          INPUT_MODEL_PRIMARY: gpt-5.2-codex
+          INPUT_SYSTEM_PROMPT: You are an advanced research agent.
+        run: |
+          python - <<'PY' > chack_output.txt
+          import os
+          from chack_agent import (
+              Chack,
+              ChackConfig,
+              ModelConfig,
+              AgentConfig,
+              SessionConfig,
+              ToolsConfig,
+              CredentialsConfig,
+              LoggingConfig,
+          )
+
+          with open("codex_prompt.txt", "r", encoding="utf-8") as handle:
+              user_prompt = handle.read()
+
+          config = ChackConfig(
+              model=ModelConfig(
+                  primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
+                  provider=os.environ.get("INPUT_PROVIDER", "openai"),
+              ),
+              agent=AgentConfig(
+                  main_action="github_action",
+                  sub_action="run",
+              ),
+              session=SessionConfig(),
+              tools=ToolsConfig(exec_enabled=True),
+              credentials=CredentialsConfig(
+                  openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
+              ),
+              logging=LoggingConfig(level="INFO"),
+              system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
+              env={},
+          )
+
+          agent = Chack(config)
+          result = agent.run(session_id="github-action", text=user_prompt)
+          print(result.output)
+          PY
+
+          {
+            echo "final-message<<EOF"
+            cat chack_output.txt
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Commit and push fix branch if changed
+        id: push_fix
+        run: |
+          if git diff --quiet; then
+            echo "No changes to commit."
+            echo "pushed=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          rm -f codex_failure_summary.txt codex_prompt.txt codex_failed_steps_logs.txt chack_output.txt
+          git add -A
+          git reset -- codex_failure_summary.txt codex_prompt.txt codex_failed_steps_logs.txt chack_output.txt
+          git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
+          git push origin HEAD:"$FIX_BRANCH"
+          echo "pushed=true" >> "$GITHUB_OUTPUT"
+
+      - name: Create PR to master
+        if: ${{ steps.push_fix.outputs.pushed == 'true' }}
+        id: create_pr
+        env:
+          GH_TOKEN: ${{ secrets.CODEX_FIXER_TOKEN }}
+          RUN_URL: ${{ github.event.workflow_run.html_url }}
+        run: |
+          pr_url=$(gh pr create \
+            --title "Fix CI-master_test failure (run #${{ github.event.workflow_run.id }})" \
+            --body "Automated Codex fix for failing CI-master_test run: ${RUN_URL}" \
+            --base "$TARGET_BRANCH" \
+            --head "$FIX_BRANCH")
+          echo "url=$pr_url" >> "$GITHUB_OUTPUT"
+
+      - name: Comment on created PR with Codex result
+        if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_codex.outputs.final-message != '' }}
+        uses: actions/github-script@v7
+        env:
+          PR_URL: ${{ steps.create_pr.outputs.url }}
+          CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            const prUrl = process.env.PR_URL;
+            const match = prUrl.match(/\/pull\/(\d+)$/);
+            if (!match) {
+              core.info(`Could not parse PR number from URL: ${prUrl}`);
+              return;
+            }
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: Number(match[1]),
+              body: process.env.CODEX_MESSAGE,
+            });

.github/workflows/codex-pr-triage.yml

@@ -80,35 +80,96 @@ jobs:
             ${{ steps.gate.outputs.base_ref }} \
             +refs/pull/${{ steps.gate.outputs.pr_number }}/head
 
-      - name: Run Codex
+      - name: Set up Python
+        if: ${{ steps.gate.outputs.should_run == 'true' }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install chack-agent
+        if: ${{ steps.gate.outputs.should_run == 'true' }}
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e chack-agent
+
+      - name: Run Chack Agent
         id: run_codex
         if: ${{ steps.gate.outputs.should_run == 'true' }}
-        uses: openai/codex-action@v1
-        with:
-          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          output-schema-file: .github/codex/pr-merge-schema.json
-          model: gpt-5.2-codex
-          prompt: |
-            You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          INPUT_PROVIDER: openai
+          INPUT_MODEL_PRIMARY: gpt-5.2-codex
+          INPUT_SYSTEM_PROMPT: You are an advanced research agent.
+        run: |
+          cat <<'EOF' > chack_prompt.txt
+          You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
 
-            Decide whether to merge or comment. Merge only if all of the following are true:
-            - Changes are simple and safe (no DoS, no long operations, no backdoors).
-            - Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
-            - Changes simplify code or add new useful checks without breaking anything.
+          Decide whether to merge or comment. Merge only if all of the following are true:
+          - Changes are simple and safe (no DoS, no long operations, no backdoors).
+          - Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
+          - Changes simplify code or add new useful checks without breaking anything.
 
-            If you don't have any doubts, and all the previous conditions are met, decide to merge.
-            If you have serious doubts, choose "comment" and include your doubts or questions.
-            If you decide to merge, include a short rationale.
+          If you don't have any doubts, and all the previous conditions are met, decide to merge.
+          If you have serious doubts, choose "comment" and include your doubts or questions.
+          If you decide to merge, include a short rationale.
 
-            Pull request title and body:
-            ----
-            ${{ steps.gate.outputs.pr_title }}
-            ${{ steps.gate.outputs.pr_body }}
+          Pull request title and body:
+          ----
+          ${{ steps.gate.outputs.pr_title }}
+          ${{ steps.gate.outputs.pr_body }}
 
-            Review ONLY the changes introduced by the PR:
-              git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
+          Review ONLY the changes introduced by the PR:
+            git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
 
-            Output JSON only, following the provided schema.
+          Output JSON only, following the provided schema:
+          .github/codex/pr-merge-schema.json
+          EOF
+
+          python - <<'PY' > chack_output.txt
+          import os
+          from chack_agent import (
+              Chack,
+              ChackConfig,
+              ModelConfig,
+              AgentConfig,
+              SessionConfig,
+              ToolsConfig,
+              CredentialsConfig,
+              LoggingConfig,
+          )
+
+          with open("chack_prompt.txt", "r", encoding="utf-8") as handle:
+              user_prompt = handle.read()
+
+          config = ChackConfig(
+              model=ModelConfig(
+                  primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
+                  provider=os.environ.get("INPUT_PROVIDER", "openai"),
+              ),
+              agent=AgentConfig(
+                  main_action="github_action",
+                  sub_action="run",
+              ),
+              session=SessionConfig(),
+              tools=ToolsConfig(exec_enabled=True),
+              credentials=CredentialsConfig(
+                  openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
+              ),
+              logging=LoggingConfig(level="INFO"),
+              system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
+              env={},
+          )
+
+          agent = Chack(config)
+          result = agent.run(session_id="github-action", text=user_prompt)
+          print(result.output)
+          PY
+
+          {
+            echo "final-message<<EOF"
+            cat chack_output.txt
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
 
       - name: Parse Codex decision
         id: parse

.github/workflows/pr-failure-codex-dispatch.yml

@@ -152,14 +152,69 @@ jobs:
             echo "Leave the repo in a state ready to commit as when you finish, it'll be automatically committed and pushed."
           } > codex_prompt.txt
 
-      - name: Run Codex
-        id: run_codex
-        uses: openai/codex-action@v1
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
-          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          prompt-file: codex_prompt.txt
-          sandbox: workspace-write
-          model: gpt-5.2-codex
+          python-version: "3.11"
+
+      - name: Install chack-agent
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e chack-agent
+
+      - name: Run Chack Agent
+        id: run_codex
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          INPUT_PROVIDER: openai
+          INPUT_MODEL_PRIMARY: gpt-5.2-codex
+          INPUT_SYSTEM_PROMPT: You are an advanced research agent.
+        run: |
+          python - <<'PY' > chack_output.txt
+          import os
+          from chack_agent import (
+              Chack,
+              ChackConfig,
+              ModelConfig,
+              AgentConfig,
+              SessionConfig,
+              ToolsConfig,
+              CredentialsConfig,
+              LoggingConfig,
+          )
+
+          with open("codex_prompt.txt", "r", encoding="utf-8") as handle:
+              user_prompt = handle.read()
+
+          config = ChackConfig(
+              model=ModelConfig(
+                  primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
+                  provider=os.environ.get("INPUT_PROVIDER", "openai"),
+              ),
+              agent=AgentConfig(
+                  main_action="github_action",
+                  sub_action="run",
+              ),
+              session=SessionConfig(),
+              tools=ToolsConfig(exec_enabled=True),
+              credentials=CredentialsConfig(
+                  openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
+              ),
+              logging=LoggingConfig(level="INFO"),
+              system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
+              env={},
+          )
+
+          agent = Chack(config)
+          result = agent.run(session_id="github-action", text=user_prompt)
+          print(result.output)
+          PY
+
+          {
+            echo "final-message<<EOF"
+            cat chack_output.txt
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
 
       - name: Commit and push if changed
         env:
@@ -170,9 +225,9 @@ jobs:
             echo "No changes to commit."
             exit 0
           fi
-          rm -f codex_failure_summary.txt codex_prompt.txt
+          rm -f codex_failure_summary.txt codex_prompt.txt chack_output.txt
           git add -A
-          git reset -- codex_failure_summary.txt codex_prompt.txt
+          git reset -- codex_failure_summary.txt codex_prompt.txt chack_output.txt
           git commit -m "Fix CI failures for PR #${PR_NUMBER}"
           git push origin HEAD:${TARGET_BRANCH}
 

linPEAS/builder/linpeas_parts/1_system_information/13_Linux_exploit_suggester.sh

@@ -1,39 +0,0 @@
-# Title: System Information - Linux Exploit Suggester
-# ID: SY_Linux_exploit_suggester
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Execute Linux Exploit Suggester to identify potential kernel exploits:
-#   - Automated kernel vulnerability detection
-#   - Common vulnerable scenarios:
-#     * Known kernel vulnerabilities
-#     * Unpatched kernel versions
-#     * Missing security patches
-#   - Exploitation methods:
-#     * Kernel exploit execution: Use suggested exploits
-#     * Common attack vectors:
-#       - Kernel memory corruption
-#       - Race conditions
-#       - Use-after-free
-#       - Integer overflow
-#     * Exploit techniques:
-#       - Kernel memory manipulation
-#       - Privilege escalation
-#       - Root access acquisition
-#       - System compromise
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $MACPEAS
-# Initial Functions:
-# Generated Global Variables: $les_b64
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$(command -v bash 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
-    print_2title "Executing Linux Exploit Suggester"
-    print_info "https://github.com/mzet-/linux-exploit-suggester"
-    les_b64="peass{https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh}"
-    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
-    echo ""
-fi

linPEAS/builder/linpeas_parts/1_system_information/14_Linux_exploit_suggester_2.sh

@@ -1,41 +0,0 @@
-# Title: System Information - Linux Exploit Suggester 2
-# ID: SY_Linux_exploit_suggester_2
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Execute Linux Exploit Suggester 2 (Perl version) to identify potential kernel exploits:
-#   - Alternative kernel vulnerability detection
-#   - Perl-based exploit suggestions
-#   - Common vulnerable scenarios:
-#     * Known kernel vulnerabilities
-#     * Unpatched kernel versions
-#     * Missing security patches
-#     * Alternative exploit paths
-#   - Exploitation methods:
-#     * Kernel exploit execution: Use suggested exploits
-#     * Common attack vectors:
-#       - Kernel memory corruption
-#       - Race conditions
-#       - Use-after-free
-#       - Integer overflow
-#     * Exploit techniques:
-#       - Kernel memory manipulation
-#       - Privilege escalation
-#       - Root access acquisition
-#       - System compromise
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $les2_b64
-# Fat linpeas: 1
-# Small linpeas: 0
-
-
-if [ "$(command -v perl 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
-    print_2title "Executing Linux Exploit Suggester 2"
-    print_info "https://github.com/jondonas/linux-exploit-suggester-2"
-    les2_b64="peass{https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl}"
-    echo $les2_b64 | base64 -d | perl 2>/dev/null | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -iE "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
-    echo ""
-fi

linPEAS/builder/linpeas_parts/2_container/6_Am_I_contained.sh

@@ -1,20 +0,0 @@
-# Title: Container - Am I Containered 
-# ID: CT_Am_I_contained
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Am I Containered tool
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, execBin
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $FAT_LINPEAS_AMICONTAINED
-# Fat linpeas: 1
-# Small linpeas: 0
-
-
-if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
-  print_2title "Am I Containered?"
-  FAT_LINPEAS_AMICONTAINED="peass{https://github.com/genuinetools/amicontained/releases/latest/download/amicontained-linux-amd64}"
-  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
-fi

linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/11_Systemd.sh

@@ -17,7 +17,7 @@
 # Functions Used: print_2title, print_list, echo_not_found
 # Global Variables: $SEARCH_IN_FOLDER, $Wfolders, $SED_RED, $SED_RED_YELLOW, $NC
 # Initial Functions:
-# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $cmd
+# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $exec_value, $cmd, $cmd_path
 # Fat linpeas: 0
 # Small linpeas: 1
 

linPEAS/builder/linpeas_parts/7_software_information/Leaks_git_repo.sh

@@ -1,30 +0,0 @@
-# Title: Software Information - Checking leaks in git repositories
-# ID: SI_Leaks_git_repo
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Checking leaks in git repositories
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: execBin, print_2title
-# Global Variables: $MACPEAS, $TIMEOUT
-# Initial Functions:
-# Generated Global Variables: $git_dirname, $FAT_LINPEAS_GITLEAKS
-# Fat linpeas: 1
-# Small linpeas: 0
-
-
-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
-  print_2title "Checking leaks in git repositories"
-  printf "%s\n" "$PSTORAGE_GITHUB" | while read f; do
-    if echo "$f" | grep -Eq ".git$"; then
-      git_dirname=$(dirname "$f")
-      if [ "$MACPEAS" ]; then
-        FAT_LINPEAS_GITLEAKS="peass{https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_darwin_arm64.tar.gz}"
-      else
-        FAT_LINPEAS_GITLEAKS="peass{https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_linux_x64.tar.gz}"
-      fi
-      execBin "GitLeaks (checking $git_dirname)" "https://github.com/zricethezav/gitleaks" "$FAT_LINPEAS_GITLEAKS" "detect -s '$git_dirname' -v | grep -E 'Description|Match|Secret|Message|Date'"
-    fi
-  done
-  echo ""
-fi