nyx/tests/fixtures/rust_web_app/handler.rs

use std::collections::HashMap;
use std::env;
use std::fs;
use std::process::Command;

// ───── Configuration from environment ─────

struct AppConfig {
    db_url: String,
    upload_dir: String,
    admin_token: String,
    log_level: String,
}

fn load_config() -> AppConfig {
    AppConfig {
        db_url: env::var("DATABASE_URL").unwrap(),
        upload_dir: env::var("UPLOAD_DIR").unwrap(),
        admin_token: env::var("ADMIN_TOKEN").expect("ADMIN_TOKEN must be set"),
        log_level: env::var("LOG_LEVEL").unwrap_or_else(|_| "info".to_string()),
    }
}

// ───── Request handling ─────

struct Request {
    path: String,
    headers: HashMap<String, String>,
    body: String,
}

struct Response {
    status: u16,
    body: String,
}

/// POST /admin/run-migration
/// Reads a migration script name from the environment and executes it.
/// VULN: env var flows directly into Command without sanitization.
fn handle_migration() -> Response {
    let script = env::var("MIGRATION_SCRIPT").unwrap();
    let output = Command::new("bash")
        .arg("-c")
        .arg(&script)
        .output()
        .expect("migration failed");

    Response {
        status: 200,
        body: String::from_utf8_lossy(&output.stdout).to_string(),
    }
}

/// POST /admin/deploy
/// Reads deployment target from config file (which is a source),
/// then shells out.
/// VULN: file contents flow into Command.
fn handle_deploy() -> Response {
    let manifest = fs::read_to_string("/etc/deploy/manifest.toml").unwrap();
    let target = manifest.lines().next().unwrap();
    let status = Command::new("rsync")
        .arg("-avz")
        .arg("./build/")
        .arg(target)
        .status()
        .unwrap();

    Response {
        status: if status.success() { 200 } else { 500 },
        body: format!("deploy exited with {}", status),
    }
}

/// GET /admin/export
/// Constructs a shell command from an env-var driven path.
/// VULN: env var flows into Command::arg.
fn handle_export() -> Response {
    let config = load_config();
    let dump_cmd = format!("pg_dump {}", config.db_url);
    let output = Command::new("sh")
        .arg("-c")
        .arg(&dump_cmd)
        .output()
        .unwrap();

    let dump_path = format!("{}/export.sql", config.upload_dir);
    fs::write(&dump_path, &output.stdout).unwrap();

    Response {
        status: 200,
        body: format!("Exported to {}", dump_path),
    }
}

/// POST /admin/backup
/// SAFE: uses a hardcoded command, no taint from external input.
fn handle_backup() -> Response {
    let output = Command::new("tar")
        .arg("-czf")
        .arg("/backups/nightly.tar.gz")
        .arg("/var/data")
        .output()
        .expect("backup failed");

    Response {
        status: if output.status.success() { 200 } else { 500 },
        body: "backup complete".to_string(),
    }
}

/// POST /admin/cleanup
/// SAFE: shell_escape sanitizer applied before sink.
fn handle_cleanup() -> Response {
    let dir = env::var("CLEANUP_DIR").unwrap();
    let safe_dir = sanitize_shell(&dir);
    let output = Command::new("rm")
        .arg("-rf")
        .arg(&safe_dir)
        .output()
        .unwrap();

    Response {
        status: 200,
        body: format!("cleaned up, exit={}", output.status),
    }
}

fn sanitize_shell(input: &str) -> String {
    input.replace(['&', ';', '|', '$', '`', '\\', '"', '\''], "")
}

// ───── Unsafe FFI bridge ─────

/// Re-encodes a buffer from an external C library.
/// VULN: unsafe block for FFI.
unsafe fn decode_legacy_buffer(ptr: *const u8, len: usize) -> Vec<u8> {
    std::slice::from_raw_parts(ptr, len).to_vec()
}

/// Transmutes raw byte data into a config header struct.
/// VULN: transmute is inherently dangerous, mem::zeroed is UB-prone.
fn parse_legacy_header(bytes: &[u8]) -> u64 {
    if bytes.len() < 8 {
        panic!("header too short");
    }
    unsafe { std::mem::transmute::<[u8; 8], u64>(bytes[..8].try_into().unwrap()) }
}

// ───── Utility functions with code smells ─────

fn read_pid_file(path: &str) -> u32 {
    let contents = fs::read_to_string(path).unwrap();
    contents.trim().parse::<u32>().expect("invalid pid")
}

/// TODO: implement proper logging
fn setup_logging() {
    todo!()
}

fn debug_request(req: &Request) {
    dbg!(&req.path);
    dbg!(&req.body);
}
Feat/full cfg (#30) * feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel> 2026-02-24 23:44:07 -05:00			`use std::collections::HashMap;`
			`use std::env;`
			`use std::fs;`
			`use std::process::Command;`

			`// ───── Configuration from environment ─────`

			`struct AppConfig {`
			`db_url: String,`
			`upload_dir: String,`
			`admin_token: String,`
			`log_level: String,`
			`}`

			`fn load_config() -> AppConfig {`
			`AppConfig {`
			`db_url: env::var("DATABASE_URL").unwrap(),`
			`upload_dir: env::var("UPLOAD_DIR").unwrap(),`
			`admin_token: env::var("ADMIN_TOKEN").expect("ADMIN_TOKEN must be set"),`
			`log_level: env::var("LOG_LEVEL").unwrap_or_else(\|_\| "info".to_string()),`
			`}`
			`}`

			`// ───── Request handling ─────`

			`struct Request {`
			`path: String,`
			`headers: HashMap<String, String>,`
			`body: String,`
			`}`

			`struct Response {`
			`status: u16,`
			`body: String,`
			`}`

			`/// POST /admin/run-migration`
			`/// Reads a migration script name from the environment and executes it.`
			`/// VULN: env var flows directly into Command without sanitization.`
			`fn handle_migration() -> Response {`
			`let script = env::var("MIGRATION_SCRIPT").unwrap();`
			`let output = Command::new("bash")`
			`.arg("-c")`
			`.arg(&script)`
			`.output()`
			`.expect("migration failed");`

			`Response {`
			`status: 200,`
			`body: String::from_utf8_lossy(&output.stdout).to_string(),`
			`}`
			`}`

			`/// POST /admin/deploy`
			`/// Reads deployment target from config file (which is a source),`
			`/// then shells out.`
			`/// VULN: file contents flow into Command.`
			`fn handle_deploy() -> Response {`
			`let manifest = fs::read_to_string("/etc/deploy/manifest.toml").unwrap();`
			`let target = manifest.lines().next().unwrap();`
			`let status = Command::new("rsync")`
			`.arg("-avz")`
			`.arg("./build/")`
			`.arg(target)`
			`.status()`
			`.unwrap();`

			`Response {`
			`status: if status.success() { 200 } else { 500 },`
			`body: format!("deploy exited with {}", status),`
			`}`
			`}`

			`/// GET /admin/export`
			`/// Constructs a shell command from an env-var driven path.`
			`/// VULN: env var flows into Command::arg.`
			`fn handle_export() -> Response {`
			`let config = load_config();`
			`let dump_cmd = format!("pg_dump {}", config.db_url);`
			`let output = Command::new("sh")`
			`.arg("-c")`
			`.arg(&dump_cmd)`
			`.output()`
			`.unwrap();`

			`let dump_path = format!("{}/export.sql", config.upload_dir);`
			`fs::write(&dump_path, &output.stdout).unwrap();`

			`Response {`
			`status: 200,`
			`body: format!("Exported to {}", dump_path),`
			`}`
			`}`

			`/// POST /admin/backup`
			`/// SAFE: uses a hardcoded command, no taint from external input.`
			`fn handle_backup() -> Response {`
			`let output = Command::new("tar")`
			`.arg("-czf")`
			`.arg("/backups/nightly.tar.gz")`
			`.arg("/var/data")`
			`.output()`
			`.expect("backup failed");`

			`Response {`
			`status: if output.status.success() { 200 } else { 500 },`
			`body: "backup complete".to_string(),`
			`}`
			`}`

			`/// POST /admin/cleanup`
			`/// SAFE: shell_escape sanitizer applied before sink.`
			`fn handle_cleanup() -> Response {`
			`let dir = env::var("CLEANUP_DIR").unwrap();`
			`let safe_dir = sanitize_shell(&dir);`
			`let output = Command::new("rm")`
			`.arg("-rf")`
			`.arg(&safe_dir)`
			`.output()`
			`.unwrap();`

			`Response {`
			`status: 200,`
			`body: format!("cleaned up, exit={}", output.status),`
			`}`
			`}`

			`fn sanitize_shell(input: &str) -> String {`
			input.replace(['&', ';', '\|', '$', '`', '\\', '"', '\''], "")
			`}`

			`// ───── Unsafe FFI bridge ─────`

			`/// Re-encodes a buffer from an external C library.`
			`/// VULN: unsafe block for FFI.`
			`unsafe fn decode_legacy_buffer(ptr: *const u8, len: usize) -> Vec<u8> {`
			`std::slice::from_raw_parts(ptr, len).to_vec()`
			`}`

			`/// Transmutes raw byte data into a config header struct.`
			`/// VULN: transmute is inherently dangerous, mem::zeroed is UB-prone.`
			`fn parse_legacy_header(bytes: &[u8]) -> u64 {`
			`if bytes.len() < 8 {`
			`panic!("header too short");`
			`}`
			`unsafe { std::mem::transmute::<[u8; 8], u64>(bytes[..8].try_into().unwrap()) }`
			`}`

			`// ───── Utility functions with code smells ─────`

			`fn read_pid_file(path: &str) -> u32 {`
			`let contents = fs::read_to_string(path).unwrap();`
			`contents.trim().parse::<u32>().expect("invalid pid")`
			`}`

			`/// TODO: implement proper logging`
			`fn setup_logging() {`
			`todo!()`
			`}`

			`fn debug_request(req: &Request) {`
			`dbg!(&req.path);`
			`dbg!(&req.body);`
			`}`