[pitboss] sweep after phase 13: 1 deferred items resolved

tests/dynamic_fixtures/ts_frameworks/express/benign.ts

@@ -1,27 +0,0 @@
-// Phase 13 (Track L.11) — Express CMDI benign fixture (TypeScript).
-
-import express, { Request, Response } from 'express';
-import { execFile } from 'child_process';
-
-const app = express();
-
-const ALLOW = new Set(['status', 'uptime', 'version']);
-
-function runCmd(req: Request, res: Response) {
-    const cmd = (req.query.cmd as string) || '';
-    if (!ALLOW.has(cmd)) {
-        res.status(400).send('rejected');
-        return;
-    }
-    execFile('/usr/bin/echo', [cmd], (err, stdout) => {
-        if (err) {
-            res.status(500).send(String(err));
-            return;
-        }
-        res.send(stdout);
-    });
-}
-
-app.get('/run', runCmd);
-
-export { app, runCmd };

tests/dynamic_fixtures/ts_frameworks/express/vuln.ts

@@ -1,23 +0,0 @@
-// Phase 13 (Track L.11) — Express CMDI vuln fixture (TypeScript).
-// Same shape as the JS twin; binds `app.get('/run', runCmd)` and
-// flows `req.query.cmd` straight into `exec`.
-
-import express, { Request, Response } from 'express';
-import { exec } from 'child_process';
-
-const app = express();
-
-function runCmd(req: Request, res: Response) {
-    const cmd = (req.query.cmd as string) || '';
-    exec(cmd, (err, stdout) => {
-        if (err) {
-            res.status(500).send(String(err));
-            return;
-        }
-        res.send(stdout);
-    });
-}
-
-app.get('/run', runCmd);
-
-export { app, runCmd };

tests/dynamic_fixtures/ts_frameworks/fastify/benign.ts

@@ -1,25 +0,0 @@
-// Phase 13 (Track L.11) — Fastify CMDI benign fixture (TypeScript).
-
-import Fastify, { FastifyRequest, FastifyReply } from 'fastify';
-import { execFile } from 'child_process';
-
-const app = Fastify();
-const ALLOW = new Set(['status', 'uptime', 'version']);
-
-async function runCmd(request: FastifyRequest, reply: FastifyReply): Promise<void> {
-    const cmd = ((request.query as Record<string, string>).cmd) || '';
-    if (!ALLOW.has(cmd)) {
-        reply.code(400).send('rejected');
-        return;
-    }
-    const out = await new Promise<string>((resolve) => {
-        execFile('/usr/bin/echo', [cmd], (err, stdout) => {
-            resolve(err ? String(err) : stdout);
-        });
-    });
-    reply.send(out);
-}
-
-app.get('/run', runCmd);
-
-export { app, runCmd };

tests/dynamic_fixtures/ts_frameworks/fastify/vuln.ts

@@ -1,18 +0,0 @@
-// Phase 13 (Track L.11) — Fastify CMDI vuln fixture (TypeScript).
-
-import Fastify, { FastifyRequest, FastifyReply } from 'fastify';
-import { exec } from 'child_process';
-
-const app = Fastify();
-
-async function runCmd(request: FastifyRequest, reply: FastifyReply): Promise<void> {
-    const cmd = ((request.query as Record<string, string>).cmd) || '';
-    const out = await new Promise<string>((resolve) => {
-        exec(cmd, (err, stdout) => resolve(err ? String(err) : stdout));
-    });
-    reply.send(out);
-}
-
-app.get('/run', runCmd);
-
-export { app, runCmd };

tests/dynamic_fixtures/ts_frameworks/koa/benign.ts

@@ -1,29 +0,0 @@
-// Phase 13 (Track L.11) — Koa CMDI benign fixture (TypeScript).
-
-import Koa from 'koa';
-import Router from '@koa/router';
-import { execFile } from 'child_process';
-
-const app = new Koa();
-const router = new Router();
-const ALLOW = new Set(['status', 'uptime', 'version']);
-
-async function runCmd(ctx: Koa.Context): Promise<void> {
-    const cmd = (ctx.query.cmd as string) || '';
-    if (!ALLOW.has(cmd)) {
-        ctx.status = 400;
-        ctx.body = 'rejected';
-        return;
-    }
-    await new Promise<void>((resolve) => {
-        execFile('/usr/bin/echo', [cmd], (err, stdout) => {
-            ctx.body = err ? String(err) : stdout;
-            resolve();
-        });
-    });
-}
-
-router.get('/run', runCmd);
-app.use(router.routes());
-
-export { app, runCmd };

tests/dynamic_fixtures/ts_frameworks/koa/vuln.ts

@@ -1,23 +0,0 @@
-// Phase 13 (Track L.11) — Koa CMDI vuln fixture (TypeScript).
-
-import Koa from 'koa';
-import Router from '@koa/router';
-import { exec } from 'child_process';
-
-const app = new Koa();
-const router = new Router();
-
-async function runCmd(ctx: Koa.Context): Promise<void> {
-    const cmd = (ctx.query.cmd as string) || '';
-    await new Promise<void>((resolve) => {
-        exec(cmd, (err, stdout) => {
-            ctx.body = err ? String(err) : stdout;
-            resolve();
-        });
-    });
-}
-
-router.get('/run', runCmd);
-app.use(router.routes());
-
-export { app, runCmd };

tests/ts_frameworks_corpus.rs

@@ -2,10 +2,10 @@
 //!
 //! Mirrors `tests/js_frameworks_corpus.rs` against the TS fixtures.
 //! The Express / Koa / Fastify adapters are registered under
-//! [`Lang::JavaScript`] only (TypeScript code paths share the JS
-//! adapter via the Lang dispatch); the Nest adapter is registered
-//! under both [`Lang::JavaScript`] and [`Lang::TypeScript`] because
-//! Nest is TypeScript-first.
+//! [`Lang::JavaScript`] only and do not currently dispatch for
+//! [`Lang::TypeScript`], so only the Nest adapter — which is
+//! registered under both [`Lang::JavaScript`] and [`Lang::TypeScript`]
+//! because Nest is TypeScript-first — has TS coverage here.
 
 #![cfg(feature = "dynamic")]