mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
15 lines
418 B
Python
15 lines
418 B
Python
|
"""File I/O — positive fixture.
|
||
|
|
|
||
|
|
Vulnerable function: opens a file at a user-controlled path.
|
||
|
|
Expected verdict: Confirmed (path traversal payload reaches /etc/passwd).
|
||
|
|
"""
|
||
|
|
|
||
|
|
|
||
|
|
def read_file(path):
|
||
|
|
"""Vulnerable: reads file at user-controlled path."""
|
||
|
|
try:
|
||
|
|
with open(path) as f:
|
||
|
|
print(f.read())
|
||
|
|
except (OSError, PermissionError) as e:
|
||
|
|
print(f"Error reading {path}: {e}", end="")
|