apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-27 20:29:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

new capacity bits (#67)

Browse source
This commit is contained in:
Eli Peter 2026-05-07 01:29:31 -04:00 committed by GitHub
parent afaffc0df6
commit 7d0e7320e2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
261 changed files with 10591 additions and 231 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/fixtures/xxe/javascript/irrelevant_xml_call.js vendored Normal file
View file

@ -0,0 +1,8 @@
// Baseline: tainted body flows through a non-parser string operation.
// No XML parser entry point, no XXE label classification.
function handle(req, res) {
const body = req.query.xml;
res.send("<wrap>" + body + "</wrap>");
}
module.exports = { handle };

14
tests/fixtures/xxe/javascript/safe_xxe.js vendored Normal file
View file

@ -0,0 +1,14 @@
// Safe: tainted XML reaches xml2js.parseString with default options.
// xml2js does not expand external entities unless explicitly configured;
// the gate's dangerous_kwargs list (`processEntities`/`explicitEntities`/
// `strict`) is empty in the literal, so the gate suppresses the finding.
const xml2js = require("xml2js");
function handle(req, res) {
const body = req.query.xml;
xml2js.parseString(body, { explicitArray: false }, (err, result) => {
res.json(result);
});
}
module.exports = { handle };

17
tests/fixtures/xxe/javascript/unsafe_fast_xml_parser.js vendored Normal file
View file

@ -0,0 +1,17 @@
// Unsafe: tainted XML reaches a fast-xml-parser instance whose
// constructor was explicitly opted into entity resolution
// (`processEntities: true`). fast-xml-parser is XXE-safe by default,
// but this opt-in form is the documented unsafe escape hatch. The
// constructor-driven fact is captured in `XmlParserConfigResult`
// (`external_entities = true`) and the `parser.parse(xml)` call adds
// Cap::XXE on top of the otherwise empty sink_caps.
const { XMLParser } = require("fast-xml-parser");
function handle(req, res) {
const body = req.query.xml;
const parser = new XMLParser({ processEntities: true });
const result = parser.parse(body);
res.json(result);
}
module.exports = { handle };

12
tests/fixtures/xxe/javascript/unsafe_xxe.js vendored Normal file
View file

@ -0,0 +1,12 @@
// Unsafe: tainted XML reaches xml2js.parseString with `processEntities: true`,
// activating the XXE gate.
const xml2js = require("xml2js");
function handle(req, res) {
const body = req.query.xml;
xml2js.parseString(body, { processEntities: true }, (err, result) => {
res.json(result);
});
}
module.exports = { handle };