nyx/tests/fixtures/mixed_project/handler.js

var child_process = require("child_process");
var fs = require("fs");

// Infrastructure provisioning tool — JavaScript CLI frontend.
// Handles user commands and delegates to backend services.

// ───── CLI command handler ─────

// Executes a user-specified infrastructure command.
// VULN: process.env flows into child_process.exec
function executeInfraCommand() {
    var provider = process.env.CLOUD_PROVIDER;
    var action = process.env.INFRA_ACTION;
    var cmd = provider + "-cli " + action;
    child_process.exec(cmd, function(err, stdout, stderr) {
        if (err) {
            console.error("Infrastructure command failed:", stderr);
            return;
        }
        console.log("Result:", stdout);
    });
}

// ───── Template rendering ─────

// Renders infrastructure status into the dashboard.
// VULN: process.env flows into eval (code injection)
function renderStatusWidget() {
    var templateCode = process.env.STATUS_WIDGET_TEMPLATE;
    var widget = eval(templateCode);
    document.getElementById("status").innerHTML = widget;
}

// ───── Provisioning log viewer ─────

// Reads provisioning logs and renders them.
// VULN: process.env → child_process.execSync (command injection)
function fetchProvisioningLogs() {
    var logDir = process.env.PROVISIONING_LOG_DIR;
    var output = child_process.execSync("cat " + logDir + "/latest.log");
    document.getElementById("logs").innerHTML = output.toString();
}

// ───── SSH key management ─────

// Generates an SSH key pair using a command from env.
// VULN: process.env flows into child_process.spawn
function generateSSHKey() {
    var keygenPath = process.env.KEYGEN_BINARY;
    var proc = child_process.spawn(keygenPath, ["-t", "ed25519", "-f", "/tmp/id_deploy"]);
    proc.on("close", function(code) {
        console.log("Key generation exited with code", code);
    });
}

// ───── Safe utility ─────

// SAFE: hardcoded command, no taint flow
function checkKubectlVersion() {
    var output = child_process.execSync("kubectl version --client --short");
    console.log("kubectl:", output.toString());
}
Feat/full cfg (#30) * feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel> 2026-02-24 23:44:07 -05:00			`var child_process = require("child_process");`
			`var fs = require("fs");`

			`// Infrastructure provisioning tool — JavaScript CLI frontend.`
			`// Handles user commands and delegates to backend services.`

			`// ───── CLI command handler ─────`

			`// Executes a user-specified infrastructure command.`
			`// VULN: process.env flows into child_process.exec`
			`function executeInfraCommand() {`
			`var provider = process.env.CLOUD_PROVIDER;`
			`var action = process.env.INFRA_ACTION;`
			`var cmd = provider + "-cli " + action;`
			`child_process.exec(cmd, function(err, stdout, stderr) {`
			`if (err) {`
			`console.error("Infrastructure command failed:", stderr);`
			`return;`
			`}`
			`console.log("Result:", stdout);`
			`});`
			`}`

			`// ───── Template rendering ─────`

			`// Renders infrastructure status into the dashboard.`
			`// VULN: process.env flows into eval (code injection)`
			`function renderStatusWidget() {`
			`var templateCode = process.env.STATUS_WIDGET_TEMPLATE;`
			`var widget = eval(templateCode);`
			`document.getElementById("status").innerHTML = widget;`
			`}`

			`// ───── Provisioning log viewer ─────`

			`// Reads provisioning logs and renders them.`
			`// VULN: process.env → child_process.execSync (command injection)`
			`function fetchProvisioningLogs() {`
			`var logDir = process.env.PROVISIONING_LOG_DIR;`
			`var output = child_process.execSync("cat " + logDir + "/latest.log");`
			`document.getElementById("logs").innerHTML = output.toString();`
			`}`

			`// ───── SSH key management ─────`

			`// Generates an SSH key pair using a command from env.`
			`// VULN: process.env flows into child_process.spawn`
			`function generateSSHKey() {`
			`var keygenPath = process.env.KEYGEN_BINARY;`
			`var proc = child_process.spawn(keygenPath, ["-t", "ed25519", "-f", "/tmp/id_deploy"]);`
			`proc.on("close", function(code) {`
			`console.log("Key generation exited with code", code);`
			`});`
			`}`

			`// ───── Safe utility ─────`

			`// SAFE: hardcoded command, no taint flow`
			`function checkKubectlVersion() {`
			`var output = child_process.execSync("kubectl version --client --short");`
			`console.log("kubectl:", output.toString());`
			`}`