nyx/tests/cross_file_data_exfil_split_tests.rs

//! Integration test for cross-file `param_to_gate_filters` propagation.
//!
//! A wrapper function whose two parameters target distinct gated-sink
//! classes on a single inner call (here, `fetch`'s SSRF gate on the URL
//! arg vs the DATA_EXFIL gate on the body arg) must keep cap attribution
//! per-position when callers reach it across a file boundary.  Without
//! [`SsaFuncSummary::param_to_gate_filters`], the wrapper's summary
//! collapses both params into a single `SSRF | DATA_EXFIL` mask, and
//! every caller incorrectly fires both classes regardless of which
//! argument was tainted.
//!
//! The fixture pairs the wrapper with two callers, each tainting one
//! parameter and asserting only the cap class corresponding to that
//! parameter's gate fires.

mod common;

use common::{scan_fixture_dir, validate_expectations};
use nyx_scanner::utils::config::AnalysisMode;
use std::path::{Path, PathBuf};

fn fixture_path(name: &str) -> PathBuf {
    Path::new(env!("CARGO_MANIFEST_DIR"))
        .join("tests")
        .join("fixtures")
        .join(name)
}

#[test]
fn cross_file_data_exfil_split() {
    let dir = fixture_path("cross_file_data_exfil_split");
    let diags = scan_fixture_dir(&dir, AnalysisMode::Full);
    validate_expectations(&diags, &dir);
}

/// Python parallel of the JS cross-file split fixture.  A wrapper
/// `forward(url, body)` calls `requests.post(url, json=body)` so the URL
/// flows to the SSRF gate and the body kwarg flows to the DATA_EXFIL
/// gate.  Per-position cap attribution must hold across the file
/// boundary: a caller that taints only the URL fires SSRF (no
/// DATA_EXFIL), and a caller that taints only the body with a Sensitive
/// source fires DATA_EXFIL (no SSRF).
#[test]
fn cross_file_python_data_exfil() {
    let dir = fixture_path("cross_file_python_data_exfil");
    let diags = scan_fixture_dir(&dir, AnalysisMode::Full);
    validate_expectations(&diags, &dir);
}
Added Cap::DATA_EXFIL and taint fp and fn fixes on real repos (#59) * feat: Enhance data exfiltration detection with source sensitivity gating for cookies and headers * feat: Implement cross-file data exfiltration detection with parameter-specific gate filters * feat: Add calibration tests and refine DATA_EXFIL severity scoring logic * feat: Introduce per-detector configuration for data exfiltration suppression * feat: Enhance DATA_EXFIL findings with destination field tracking in diagnostics and SARIF output * feat: Add tainted body and URL handling for data exfiltration detection * feat: Add integration tests and fixtures for DATA_EXFIL and SSRF detection in Go * feat: Add Java integration tests and fixtures for DATA_EXFIL detection across multiple HTTP clients * feat: Add synthetic externals handling for closure-captured variables in SSA * feat: Implement closure-based suppression for resource leak findings * feat: Add regression guards for shell-injection and taint propagation in for-of destructure patterns * feat: Implement constructor cap narrowing for data exfiltration detection in HTTP request builders * feat: Add gated sinks for data exfiltration detection in C and C++ using curl_easy_setopt * feat: Implement DATA_EXFIL cap parity for backwards analysis and add integration tests * feat: Add data exfiltration sinks for various languages and enhance documentation * refactor: Simplify formatting and improve readability in various files * refactor: Improve readability by simplifying conditional statements and adding clippy linting * docs: Update CHANGELOG and comments for data exfiltration features and configuration * docs: Clarify configuration instructions for data exfiltration trusted destinations * docs: Enhance comments for evidence routing logic in data exfiltration 2026-05-01 10:59:52 -04:00			//! Integration test for cross-file `param_to_gate_filters` propagation.
			`//!`
			`//! A wrapper function whose two parameters target distinct gated-sink`
			//! classes on a single inner call (here, `fetch`'s SSRF gate on the URL
			`//! arg vs the DATA_EXFIL gate on the body arg) must keep cap attribution`
			`//! per-position when callers reach it across a file boundary. Without`
			//! [`SsaFuncSummary::param_to_gate_filters`], the wrapper's summary
			//! collapses both params into a single `SSRF \| DATA_EXFIL` mask, and
			`//! every caller incorrectly fires both classes regardless of which`
			`//! argument was tainted.`
			`//!`
			`//! The fixture pairs the wrapper with two callers, each tainting one`
			`//! parameter and asserting only the cap class corresponding to that`
			`//! parameter's gate fires.`

			`mod common;`

			`use common::{scan_fixture_dir, validate_expectations};`
			`use nyx_scanner::utils::config::AnalysisMode;`
			`use std::path::{Path, PathBuf};`

			`fn fixture_path(name: &str) -> PathBuf {`
			`Path::new(env!("CARGO_MANIFEST_DIR"))`
			`.join("tests")`
			`.join("fixtures")`
			`.join(name)`
			`}`

			`#[test]`
			`fn cross_file_data_exfil_split() {`
			`let dir = fixture_path("cross_file_data_exfil_split");`
			`let diags = scan_fixture_dir(&dir, AnalysisMode::Full);`
			`validate_expectations(&diags, &dir);`
			`}`

			`/// Python parallel of the JS cross-file split fixture. A wrapper`
			/// `forward(url, body)` calls `requests.post(url, json=body)` so the URL
			`/// flows to the SSRF gate and the body kwarg flows to the DATA_EXFIL`
			`/// gate. Per-position cap attribution must hold across the file`
			`/// boundary: a caller that taints only the URL fires SSRF (no`
			`/// DATA_EXFIL), and a caller that taints only the body with a Sensitive`
			`/// source fires DATA_EXFIL (no SSRF).`
			`#[test]`
			`fn cross_file_python_data_exfil() {`
			`let dir = fixture_path("cross_file_python_data_exfil");`
			`let diags = scan_fixture_dir(&dir, AnalysisMode::Full);`
			`validate_expectations(&diags, &dir);`
			`}`