apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-12 19:55:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Critical bug fixes and recall improvements (#68)

Browse source
This commit is contained in:
Eli Peter 2026-05-11 12:42:39 -04:00 committed by GitHub
parent 7d0e7320e2
commit 55247b7fcd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
352 changed files with 60069 additions and 900 deletions
Download patch file Download diff file Expand all files Collapse all files

47
tests/fixtures/fp_guards/php_thin_method_wrapper/Connection.php vendored Normal file
View file

@ -0,0 +1,47 @@
<?php
// Thin method wrapper that forwards typed parameters to an inner sink
// call on `$this`. Real-world equivalents: Doctrine DBAL
// `Connection::executeUpdate` delegating to `executeStatement`,
// nextcloud `lib/private/DB/Connection::executeUpdate`,
// `ConnectionAdapter::executeQuery` wrapping `$this->inner->executeQuery`,
// Drupal `Connection::query` thin overrides per driver. Because every
// argument to the inner call is the wrapper's own parameter, the
// `cfg-unguarded-sink` structural rule has zero signal at the wrapper
// site; the real signal is at callers, which the taint engine handles.
namespace OC\DB;
class Connection
{
private $inner;
public function executeUpdate(string $sql, array $params = [], array $types = []): int
{
return $this->executeStatement($sql, $params, $types);
}
public function executeStatement($sql, array $params = [], array $types = []): int
{
return 0;
}
}
class ConnectionAdapter
{
private $inner;
public function executeQuery(string $sql, array $params = [], $types = [])
{
return new ResultAdapter($this->inner->executeQuery($sql, $params, $types));
}
public function executeStatement($sql, array $params = [], array $types = []): int
{
return $this->inner->executeStatement($sql, $params, $types);
}
}
class ResultAdapter
{
public function __construct($inner) {}
}

17
tests/fixtures/fp_guards/php_thin_method_wrapper/expectations.json vendored Normal file
View file

@ -0,0 +1,17 @@
{
"required_findings": [],
"forbidden_findings": [
{ "id_prefix": "cfg-unguarded-sink" },
{ "id_prefix": "taint-unsanitised-flow" }
],
"noise_budget": {
"max_total_findings": 0,
"max_high_findings": 0
},
"performance_expectations": {
"max_ms_no_index": 1000,
"max_ms_index_cold": 1500,
"max_ms_index_warm": 500,
"ci_mode": "lenient"
}
}