mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-03 20:41:00 +02:00
[pitboss/grind] deferred session-0029 (20260517T044708Z-e058)
This commit is contained in:
parent
72ec25238e
commit
19d13a085d
16 changed files with 578 additions and 0 deletions
52
tests/repro_fixtures/python-3.11/repro/reproduce.sh
Executable file
52
tests/repro_fixtures/python-3.11/repro/reproduce.sh
Executable file
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/sh
|
||||
# Nyx dynamic repro — finding flask_eval_python_311 / payload eval-rce-arith
|
||||
#
|
||||
# Usage:
|
||||
# ./reproduce.sh — run via process backend (direct)
|
||||
# ./reproduce.sh --docker — run via Docker backend (isolated)
|
||||
#
|
||||
# Exit codes:
|
||||
# 0 sink_hit matches expected/outcome.json (replay green)
|
||||
# 1 sink_hit mismatch (replay diverged from recorded outcome)
|
||||
# 2 docker requested but unavailable
|
||||
# 3 host toolchain mismatch in process mode (Phase 28 hermeticity)
|
||||
set -e
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
cd "$SCRIPT_DIR"
|
||||
PAYLOAD="$(cat payload/payload.bin)"
|
||||
EXPECTED_TOOLCHAIN="python-3.11"
|
||||
EXPECTED_SINK=$(grep -o '"sink_hit"[[:space:]]*:[[:space:]]*[a-z]*' \
|
||||
expected/outcome.json | grep -o '[a-z]*$')
|
||||
|
||||
if [ "${1:-}" = "--docker" ]; then
|
||||
if ! command -v docker >/dev/null 2>&1 || ! docker info >/dev/null 2>&1; then
|
||||
echo 'error: docker not available' >&2; exit 2
|
||||
fi
|
||||
IMAGE="nyx-repro-repro"
|
||||
docker build -t "$IMAGE" -f harness/Dockerfile.harness harness/ >/dev/null
|
||||
ACTUAL=$(docker run --rm --cap-drop=ALL --security-opt no-new-privileges:true --network none -e NYX_PAYLOAD="$PAYLOAD" "$IMAGE" 2>&1) || ACTUAL=''
|
||||
docker rmi "$IMAGE" >/dev/null 2>&1 || true
|
||||
else
|
||||
# Phase 28 hermeticity check: refuse process-backend replay when
|
||||
# the host is missing the expected toolchain id. Operators must
|
||||
# either install the toolchain or pass --docker.
|
||||
if ! sh -c 'command -v python3' >/dev/null 2>&1; then
|
||||
echo "error: host toolchain does not match expected $EXPECTED_TOOLCHAIN; re-run with --docker" >&2
|
||||
exit 3
|
||||
fi
|
||||
ACTUAL=$(NYX_PAYLOAD="$PAYLOAD" python3 ./harness/harness.py 2>&1) || ACTUAL=''
|
||||
fi
|
||||
|
||||
if echo "$ACTUAL" | grep -q '__NYX_SINK_HIT__'; then
|
||||
ACTUAL_SINK=true
|
||||
else
|
||||
ACTUAL_SINK=false
|
||||
fi
|
||||
|
||||
if [ "$ACTUAL_SINK" = "$EXPECTED_SINK" ]; then
|
||||
echo "PASS: sink_hit=$ACTUAL_SINK (matches expected)"
|
||||
exit 0
|
||||
else
|
||||
echo "FAIL: sink_hit=$ACTUAL_SINK expected=$EXPECTED_SINK"
|
||||
exit 1
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue