nyx/tests/dynamic_fixtures/class_method/c/vuln.c

/* Phase 19 (Track M.1) — class-method vuln fixture for C.
 *
 * C has no class system; the harness calls a free function whose name
 * follows the `<Class>_<method>` convention (`UserService_run`). The
 * function piping `input` straight into `system(3)` is the SINK. */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

void UserService_run(const char *input, size_t len) {
    (void)len;
    char buf[512];
    snprintf(buf, sizeof(buf), "true %s", input ? input : "");
    /* SINK: tainted input → system(3) */
    system(buf);
}
[pitboss] phase 19: Track M.1 — `ClassMethod` end-to-end (all langs) 2026-05-20 14:32:00 -05:00			`/* Phase 19 (Track M.1) — class-method vuln fixture for C.`
			`*`
			`* C has no class system; the harness calls a free function whose name`
			* follows the `<Class>_<method>` convention (`UserService_run`). The
			* function piping `input` straight into `system(3)` is the SINK. */
			`#include <stdlib.h>`
			`#include <stdio.h>`
			`#include <string.h>`

			`void UserService_run(const char *input, size_t len) {`
			`(void)len;`
			`char buf[512];`
refactor(dynamic): standardize shell commands across fixtures, add `__NYX_SINK_HIT__` markers, improve PHP support 2026-05-23 10:31:57 -05:00			`snprintf(buf, sizeof(buf), "true %s", input ? input : "");`
[pitboss] phase 19: Track M.1 — `ClassMethod` end-to-end (all langs) 2026-05-20 14:32:00 -05:00			`/* SINK: tainted input → system(3) */`
			`system(buf);`
			`}`