nyx/tests/dynamic_fixtures/rust/ssrf_negative.rs

/// SSRF — negative fixture.
///
/// Safe function: URL is fixed; user input is used only as a query parameter,
/// not as the URL origin.
/// Expected verdict: NotConfirmed.
/// Cap: SSRF  Entry: `run(payload: &str)`
pub fn run(payload: &str) {
    // Safe: payload is a query value, not the URL itself — origin is fixed.
    let url = format!("file:///tmp/safe_data?q={}", payload);

    println!("__NYX_SINK_HIT__");
    let _ = std::io::Write::flush(&mut std::io::stdout());

    // Extract the fixed path (no user control over scheme or host).
    let path = "/tmp/safe_data";
    match std::fs::read_to_string(path) {
        Ok(content) => print!("{}", content),
        Err(_) => println!("resource not available (expected in test): {}", url),
    }
}
[pitboss] phase 04: M4 — Rust harness (second-language validation) 2026-05-12 00:57:45 -04:00			`/// SSRF — negative fixture.`
			`///`
			`/// Safe function: URL is fixed; user input is used only as a query parameter,`
			`/// not as the URL origin.`
			`/// Expected verdict: NotConfirmed.`
			/// Cap: SSRF Entry: `run(payload: &str)`
			`pub fn run(payload: &str) {`
			`// Safe: payload is a query value, not the URL itself — origin is fixed.`
			`let url = format!("file:///tmp/safe_data?q={}", payload);`

			`println!("__NYX_SINK_HIT__");`
			`let _ = std::io::Write::flush(&mut std::io::stdout());`

			`// Extract the fixed path (no user control over scheme or host).`
			`let path = "/tmp/safe_data";`
			`match std::fs::read_to_string(path) {`
			`Ok(content) => print!("{}", content),`
			`Err(_) => println!("resource not available (expected in test): {}", url),`
			`}`
			`}`