apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-15 20:05:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improved path traversal detection and enhanced sink classification logic

Browse source
This commit is contained in:
Eli Peter 2026-05-02 03:36:14 -04:00 committed by GitHub
parent 58f1794a4e
commit 3c89bddbf2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
56 changed files with 3989 additions and 345 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/patterns/javascript.rs
View file

@ -255,6 +255,7 @@ pub const PATTERNS: &[Pattern] = &[
confidence: Confidence::High,
},
// ── Tier A: Hardcoded fallback secret ──────────────────────────────
// Empty-string fallback (`|| ""`) is excluded — see typescript.rs for rationale.
Pattern {
id: "js.secrets.fallback_secret",
description: "Environment variable with secret-like name has hardcoded fallback value",
@ -266,7 +267,7 @@ pub const PATTERNS: &[Pattern] = &[
property: (property_identifier) @key
(#match? @key "(?i)(secret|password|key|token)"))
operator: "||"
right: (string) @fallback)
right: (string) @fallback (#match? @fallback "[^\"']"))
@vuln"#,
severity: Severity::Medium,
tier: PatternTier::A,