nyx/tests/dynamic_fixtures/class_method/go/vuln.go

// Phase 19 (Track M.1) — class-method vuln fixture for Go.
//
// UserService.Run accepts user input and passes it to `sh -c` so the
// shell interprets it.  The harness compiles in a generated
// `nyx_auto_registry.go` that publishes `UserService{}` so reflection
// works without a hand-rolled registry in the fixture.
package entry

import "os/exec"

type UserService struct{}

func (UserService) Run(input string) string {
	// SINK: tainted input → shell -c
	out, _ := exec.Command("sh", "-c", "true "+input).Output()
	return string(out)
}
[pitboss] phase 19: Track M.1 — `ClassMethod` end-to-end (all langs) 2026-05-20 14:32:00 -05:00			`// Phase 19 (Track M.1) — class-method vuln fixture for Go.`
			`//`
			// UserService.Run accepts user input and passes it to `sh -c` so the
[pitboss/grind] deferred session-0015 (20260520T233019Z-6958) 2026-05-21 08:54:08 -05:00			`// shell interprets it. The harness compiles in a generated`
			// `nyx_auto_registry.go` that publishes `UserService{}` so reflection
			`// works without a hand-rolled registry in the fixture.`
[pitboss] phase 19: Track M.1 — `ClassMethod` end-to-end (all langs) 2026-05-20 14:32:00 -05:00			`package entry`

			`import "os/exec"`

			`type UserService struct{}`

			`func (UserService) Run(input string) string {`
			`// SINK: tainted input → shell -c`
refactor(dynamic): standardize shell commands across fixtures, add `__NYX_SINK_HIT__` markers, improve PHP support 2026-05-23 10:31:57 -05:00			`out, _ := exec.Command("sh", "-c", "true "+input).Output()`
[pitboss] phase 19: Track M.1 — `ClassMethod` end-to-end (all langs) 2026-05-20 14:32:00 -05:00			`return string(out)`
			`}`