apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-18 20:15:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Critical bug fixes and recall improvements (#68)

Browse source
This commit is contained in:
Eli Peter 2026-05-11 12:42:39 -04:00 committed by GitHub
parent 7d0e7320e2
commit 55247b7fcd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
352 changed files with 60069 additions and 900 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tests/fixtures/realistic/sqli_xlang/SqliJavaParamSafe.java vendored Normal file
View file

@ -0,0 +1,20 @@
// Phase 15 negative JPA parameterised query. `setParameter` is a
// SQL_QUERY sanitizer in `labels/java.rs`, but the deciding factor for
// this fixture is that the SQL template fed to `entityManager
// .createQuery` is a constant no taint reaches the sink. Bind
// values are constants too, mirroring phase 07's safe-parameterised
// approach.
package com.example;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.servlet.http.HttpServletRequest;
public class SqliJavaParamSafe {
public Object lookup(HttpServletRequest request, EntityManager entityManager) {
String _unused = request.getParameter("name");
Query q = entityManager.createQuery("SELECT u FROM User u WHERE u.id = :id");
q.setParameter("id", 1L);
return q.getResultList();
}
}