apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-27 20:29:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Critical bug fixes and recall improvements (#68)

Browse source
This commit is contained in:
Eli Peter 2026-05-11 12:42:39 -04:00 committed by GitHub
parent 7d0e7320e2
commit 55247b7fcd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
352 changed files with 60069 additions and 900 deletions
Download patch file Download diff file Expand all files Collapse all files

18
tests/fixtures/realistic/path_traversal/PathTraversal.java vendored Normal file
View file

@ -0,0 +1,18 @@
// Phase 13 path-traversal positive (Java). Servlet reads
// `req.getParameter("name")` (Source) and feeds it through `Paths.get`
// into `Files.readAllBytes` (new FILE_IO sink rule in
// `src/labels/java.rs`). `Paths.get` is a forwarder; default argreturn
// propagation smears the tainted `name` into the constructed Path, and
// the path arg of `Files.readAllBytes` carries the FILE_IO sink payload.
package handlers;
import java.nio.file.Files;
import java.nio.file.Paths;
import javax.servlet.http.HttpServletRequest;
public class PathTraversal {
public byte[] handle(HttpServletRequest req) throws Exception {
String name = req.getParameter("name");
return Files.readAllBytes(Paths.get("/var/data", name));
}
}