mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-15 21:11:02 +02:00
Phase 1 (#33)
* chore: Exclude CLAUDE.md from Cargo.toml * feat: add callgraph module and integrate into main analysis flow * feat: enhance CLI with new severity filtering and analysis modes * feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling * feat: implement state-model dataflow analysis for resource lifecycle and auth state * feat: enhance diagnostic output formatting and add evidence structure * feat: implement attack surface ranking for diagnostics with scoring and sorting * feat: add comprehensive documentation for installation, usage, and rules reference * feat: add multiple language support for command execution and evaluation endpoints * feat: implement inline suppression for findings using `nyx:ignore` comments * feat: add confidence levels to AST patterns and update output structure * feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets * feat: bump version to 0.4.0 and update changelog with new features and improvements * feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
parent
19b578c5c4
commit
1bbe4b1cfb
456 changed files with 25628 additions and 1228 deletions
25
tests/fixtures/patterns/ruby/negative.rb
vendored
Normal file
25
tests/fixtures/patterns/ruby/negative.rb
vendored
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
# Negative fixture: none of these should trigger security patterns.
|
||||
|
||||
def safe_yaml(data)
|
||||
YAML.safe_load(data)
|
||||
end
|
||||
|
||||
def safe_system
|
||||
Dir.entries(".")
|
||||
end
|
||||
|
||||
def safe_send(obj)
|
||||
obj.send(:to_s)
|
||||
end
|
||||
|
||||
def safe_open
|
||||
File.open("config.yml", "r") do |f|
|
||||
f.read
|
||||
end
|
||||
end
|
||||
|
||||
def safe_string_ops
|
||||
x = "hello"
|
||||
y = x.upcase
|
||||
z = y.length
|
||||
end
|
||||
51
tests/fixtures/patterns/ruby/positive.rb
vendored
Normal file
51
tests/fixtures/patterns/ruby/positive.rb
vendored
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
# Positive fixture: each snippet should trigger the named pattern.
|
||||
|
||||
# rb.code_exec.eval
|
||||
def trigger_eval(code)
|
||||
eval(code)
|
||||
end
|
||||
|
||||
# rb.code_exec.instance_eval
|
||||
def trigger_instance_eval(obj, code)
|
||||
obj.instance_eval(code)
|
||||
end
|
||||
|
||||
# rb.code_exec.class_eval
|
||||
def trigger_class_eval(klass, code)
|
||||
klass.class_eval(code)
|
||||
end
|
||||
|
||||
# rb.cmdi.backtick
|
||||
def trigger_backtick
|
||||
`uname -a`
|
||||
end
|
||||
|
||||
# rb.cmdi.system_interp
|
||||
def trigger_system_interp(cmd)
|
||||
system("run #{cmd}")
|
||||
end
|
||||
|
||||
# rb.deser.yaml_load
|
||||
def trigger_yaml_load(data)
|
||||
YAML.load(data)
|
||||
end
|
||||
|
||||
# rb.deser.marshal_load
|
||||
def trigger_marshal_load(data)
|
||||
Marshal.load(data)
|
||||
end
|
||||
|
||||
# rb.reflection.send_dynamic
|
||||
def trigger_send_dynamic(obj, method_name)
|
||||
obj.send(method_name)
|
||||
end
|
||||
|
||||
# rb.reflection.constantize
|
||||
def trigger_constantize(name)
|
||||
name.constantize
|
||||
end
|
||||
|
||||
# rb.ssrf.open_uri
|
||||
def trigger_open_uri
|
||||
open("https://example.com/api")
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue