nyx/tests/fixtures/flask_app/helpers.py

import os
import subprocess
import pickle
import yaml
import hashlib
import tempfile

# ───── Deserialization ─────

def load_cached_session(session_file):
    """Loads a pickled session from disk.
    VULN: pickle.load on untrusted data (arbitrary code execution)
    """
    with open(session_file, "rb") as f:
        session = pickle.load(f)
    return session

def load_yaml_config(config_path):
    """Loads YAML configuration.
    VULN: yaml.load without SafeLoader (arbitrary code execution)
    """
    with open(config_path) as f:
        config = yaml.load(f)
    return config

# ───── File operations ─────

def process_upload(request):
    """Saves an uploaded file to a path constructed from user input.
    VULN: request.form flows into open() path (path traversal)
    """
    filename = request.form.get("filename")
    content = request.form.get("content")
    upload_path = os.path.join("/uploads", filename)
    with open(upload_path, "w") as f:
        f.write(content)
    return {"saved": upload_path}

# ───── System commands ─────

def check_disk_usage():
    """Reports disk usage from an env-configured mount point.
    VULN: os.getenv flows into subprocess.check_output
    """
    mount = os.getenv("MOUNT_POINT")
    output = subprocess.check_output(["df", "-h", mount])
    return output.decode()

def compile_template(template_path):
    """Compiles a template by calling an external tool.
    VULN: os.getenv flows into exec (code injection via env)
    """
    compiler = os.getenv("TEMPLATE_COMPILER")
    exec(compiler + "('" + template_path + "')")

# ───── Hashing ─────

def hash_token(token):
    """VULN: MD5 is cryptographically weak, should use sha256+salt."""
    return hashlib.md5(token.encode()).hexdigest()

# ───── Safe utilities ─────

def sanitize_filename(name):
    """Strips path traversal characters from a filename."""
    return os.path.basename(name).replace("..", "")

def safe_hash(data):
    """SAFE: uses SHA-256 with proper salt."""
    salt = os.urandom(16)
    return hashlib.sha256(salt + data.encode()).hexdigest()
Feat/full cfg (#30) * feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel> 2026-02-24 23:44:07 -05:00			`import os`
			`import subprocess`
			`import pickle`
			`import yaml`
			`import hashlib`
			`import tempfile`

			`# ───── Deserialization ─────`

			`def load_cached_session(session_file):`
			`"""Loads a pickled session from disk.`
			`VULN: pickle.load on untrusted data (arbitrary code execution)`
			`"""`
			`with open(session_file, "rb") as f:`
			`session = pickle.load(f)`
			`return session`

			`def load_yaml_config(config_path):`
			`"""Loads YAML configuration.`
			`VULN: yaml.load without SafeLoader (arbitrary code execution)`
			`"""`
			`with open(config_path) as f:`
			`config = yaml.load(f)`
			`return config`

			`# ───── File operations ─────`

			`def process_upload(request):`
			`"""Saves an uploaded file to a path constructed from user input.`
			`VULN: request.form flows into open() path (path traversal)`
			`"""`
			`filename = request.form.get("filename")`
			`content = request.form.get("content")`
			`upload_path = os.path.join("/uploads", filename)`
			`with open(upload_path, "w") as f:`
			`f.write(content)`
			`return {"saved": upload_path}`

			`# ───── System commands ─────`

			`def check_disk_usage():`
			`"""Reports disk usage from an env-configured mount point.`
			`VULN: os.getenv flows into subprocess.check_output`
			`"""`
			`mount = os.getenv("MOUNT_POINT")`
			`output = subprocess.check_output(["df", "-h", mount])`
			`return output.decode()`

			`def compile_template(template_path):`
			`"""Compiles a template by calling an external tool.`
			`VULN: os.getenv flows into exec (code injection via env)`
			`"""`
			`compiler = os.getenv("TEMPLATE_COMPILER")`
			`exec(compiler + "('" + template_path + "')")`

			`# ───── Hashing ─────`

			`def hash_token(token):`
			`"""VULN: MD5 is cryptographically weak, should use sha256+salt."""`
			`return hashlib.md5(token.encode()).hexdigest()`

			`# ───── Safe utilities ─────`

			`def sanitize_filename(name):`
			`"""Strips path traversal characters from a filename."""`
			`return os.path.basename(name).replace("..", "")`

			`def safe_hash(data):`
			`"""SAFE: uses SHA-256 with proper salt."""`
			`salt = os.urandom(16)`
			`return hashlib.sha256(salt + data.encode()).hexdigest()`