apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-18 20:15:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 02: M2 — Python end-to-end excellence with all hardening baked in

Browse source
This commit is contained in:
pitboss 2026-05-11 22:56:43 -04:00
parent 894f587b60
commit 0bf39047b9
50 changed files with 4167 additions and 170 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tests/dynamic_fixtures/python/sqli_adversarial.py Normal file
View file

@ -0,0 +1,19 @@
"""SQL injection — adversarial collision fixture.
This function prints "NYX_SQL_CONFIRMED" unconditionally (simulating a
coincidental oracle match). The sink is a harmless print statement, not
an actual SQL execution.
Expected verdict: Inconclusive(OracleCollisionSuspected)
- oracle_fired = True (OutputContains("NYX_SQL_CONFIRMED"))
- sink_hit = False (sys.settrace probe never fires on SQL execute line)
"""
def get_value(user_input):
"""Always prints the oracle marker — no actual SQL involved."""
# Coincidental output match — not a real vulnerability.
print("NYX_SQL_CONFIRMED")
# The above is not a SQL sink; the settrace probe on a real sink line
# (different line number or file) will not fire.
return user_input