nyx/tests/dynamic_fixtures/php_frameworks/symfony/benign.php

<?php
// Phase 16 — Symfony-style route via `#[Route]` attribute,
// benign sanitised payload.

namespace App\Controller;

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;

class UserController
{
    #[Route('/run', methods: ['GET'])]
    public function run($payload)
    {
        echo "__NYX_SINK_HIT__\n";
        $cmd = "echo hello " . escapeshellarg($payload);
        $out = shell_exec($cmd);
        echo $out;
        return new Response($out);
    }
}
[pitboss] phase 16: Track L.14 — Laravel / Symfony / CodeIgniter adapters 2026-05-18 16:33:19 -05:00			`<?php`
			// Phase 16 — Symfony-style route via `#[Route]` attribute,
			`// benign sanitised payload.`

			`namespace App\Controller;`

			`use Symfony\Component\HttpFoundation\Response;`
			`use Symfony\Component\Routing\Annotation\Route;`

			`class UserController`
			`{`
			`#[Route('/run', methods: ['GET'])]`
			`public function run($payload)`
			`{`
			`echo "__NYX_SINK_HIT__\n";`
			`$cmd = "echo hello " . escapeshellarg($payload);`
			`$out = shell_exec($cmd);`
			`echo $out;`
			`return new Response($out);`
			`}`
			`}`