mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
18 lines
501 B
C++
18 lines
501 B
C++
|
// Phase 19 (Track M.1) — class-method vuln fixture for C++.
|
||
|
|
//
|
||
|
|
// UserService::run pipes user input into `system(3)`. Default
|
||
|
|
// constructor exists; the harness can build the receiver with
|
||
|
|
// `UserService instance;`.
|
||
|
|
#include <cstdlib>
|
||
|
|
#include <string>
|
||
|
|
|
||
|
|
class UserService {
|
||
|
|
public:
|
||
|
|
UserService() = default;
|
||
|
|
void run(const std::string& input) {
|
||
|
|
std::string cmd = std::string("true ") + input;
|
||
|
|
// SINK: tainted input → system(3)
|
||
|
|
std::system(cmd.c_str());
|
||
|
|
}
|
||
|
|
};
|