apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-18 20:15:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix fn and bump frontend packages (#57)

Browse source 
* chore(deps): update frontend dependencies to latest versions

* fix: update reconnectTimer type and adjust tsconfig paths for consistency

* fix: add toast to dependencies in FindingsPage component

* fix: add toast to dependencies in FindingsPage component

* fix: update language maturity metrics and improve Go validation handling

* fix: update CHANGELOG with recent enhancements and dependency bumps

* fix: format reconnectTimer initialization for improved readability
This commit is contained in:
Eli Peter 2026-04-29 02:57:57 -04:00 committed by GitHub
parent 281699faae
commit 832533a8cd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 1210 additions and 1334 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/benchmark/RESULTS.md
View file

@ -24,7 +24,7 @@ Real disclosed CVEs reduced to minimal reproducers, vulnerable + patched pair pe
| CVE-2025-64430 | JavaScript | Parse Server | Apache-2.0 | SSRF | detected |
| CVE-2023-26159 | TypeScript | follow-redirects | MIT | SSRF | detected |
| CVE-2022-30323 | Go | hashicorp/go-getter | MPL-2.0 | CMDI | detected |
| CVE-2023-3188 | Go | owncast | MIT | SSRF | open FN |
| CVE-2023-3188 | Go | owncast | MIT | SSRF | detected |
| CVE-2024-31450 | Go | owncast | MIT | path_traversal | detected |
| CVE-2015-7501 | Java | Apache Commons Collections | Apache-2.0 | Deserialization | detected |
| CVE-2017-12629 | Java | Apache Solr | Apache-2.0 | CMDI | detected |
@ -60,6 +60,7 @@ Most recent first. Metrics are rule-level on the corpus size at that point.
| Date | Change | Corpus | P | R | F1 |
|------------|------------------------------------------------------------------------------|--------|-------|-------|-------|
| 2026-04-29 | Phantom-Param-aware field suppression: CVE-2023-3188 detected, FP guards hold | 432 | 0.995 | 1.000 | 0.998 |
| 2026-04-28 | Ruby bare `Kernel#open` CMDI sink, exact-match sigil on label matchers | 428 | 0.995 | 1.000 | 0.998 |
| 2026-04-28 | Go SSRF/FILE_IO sink expansion (`http.DefaultClient.*`, `os.Remove`/`WriteFile`) plus Decode-writeback container op | 426 | 0.995 | 1.000 | 0.998 |
| 2026-04-27 | JS chained-method inner-gate classification (`http.get(u, cb).on(...)`) | 422 | 0.994 | 1.000 | 0.997 |

98
tests/benchmark/results/latest.json
View file

@ -1,6 +1,6 @@
{
"benchmark_version": "1.0",
"timestamp": "2026-04-29T03:43:28Z",
"timestamp": "2026-04-29T05:42:03Z",
"scanner_version": "0.5.0",
"scanner_config": {
"analysis_mode": "Full",
@ -1184,13 +1184,17 @@
"language": "go",
"vuln_class": "ssrf",
"is_vulnerable": true,
"outcome_file_level": "FN",
"outcome_rule_level": "FN",
"outcome_location_level": "FN",
"matched_rule_ids": [],
"outcome_file_level": "TP",
"outcome_rule_level": "TP",
"outcome_location_level": "TP",
"matched_rule_ids": [
"taint-unsanitised-flow (source 84:13)"
],
"unexpected_rule_ids": [],
"all_finding_ids": [],
"security_finding_count": 0,
"all_finding_ids": [
"taint-unsanitised-flow (source 84:13)"
],
"security_finding_count": 1,
"non_security_finding_count": 0
},
{
@ -2170,19 +2174,13 @@
"language": "go",
"vuln_class": "safe",
"is_vulnerable": false,
"outcome_file_level": "FP",
"outcome_rule_level": "FP",
"outcome_file_level": "TN",
"outcome_rule_level": "TN",
"outcome_location_level": null,
"matched_rule_ids": [],
"unexpected_rule_ids": [
"go.sqli.query_concat",
"taint-unsanitised-flow (source 10:11)"
],
"all_finding_ids": [
"go.sqli.query_concat",
"taint-unsanitised-flow (source 10:11)"
],
"security_finding_count": 2,
"unexpected_rule_ids": [],
"all_finding_ids": [],
"security_finding_count": 0,
"non_security_finding_count": 0
},
{
@ -7773,22 +7771,22 @@
}
],
"aggregate_file_level": {
"tp": 215,
"fp": 2,
"fn_": 1,
"tn": 214,
"precision": 0.9907834101382489,
"recall": 0.9953703703703703,
"f1": 0.9930715935334872
"tp": 216,
"fp": 1,
"fn_": 0,
"tn": 215,
"precision": 0.9953917050691244,
"recall": 1.0,
"f1": 0.997690531177829
},
"aggregate_rule_level": {
"tp": 215,
"fp": 2,
"fn_": 1,
"tn": 214,
"precision": 0.9907834101382489,
"recall": 0.9953703703703703,
"f1": 0.9930715935334872
"tp": 216,
"fp": 1,
"fn_": 0,
"tn": 215,
"precision": 0.9953917050691244,
"recall": 1.0,
"f1": 0.997690531177829
},
"by_language": {
"c": {
@ -7810,13 +7808,13 @@
"f1": 1.0
},
"go": {
"tp": 24,
"fp": 2,
"fn_": 1,
"tn": 26,
"precision": 0.9230769230769231,
"recall": 0.96,
"f1": 0.9411764705882353
"tp": 25,
"fp": 1,
"fn_": 0,
"tn": 27,
"precision": 0.9615384615384616,
"recall": 1.0,
"f1": 0.9803921568627451
},
"java": {
"tp": 17,
@ -8002,9 +8000,9 @@
},
"safe": {
"tp": 0,
"fp": 2,
"fp": 1,
"fn_": 0,
"tn": 214,
"tn": 215,
"precision": 0.0,
"recall": 1.0,
"f1": 0.0
@ -8028,13 +8026,13 @@
"f1": 1.0
},
"ssrf": {
"tp": 25,
"tp": 26,
"fp": 0,
"fn_": 1,
"fn_": 0,
"tn": 0,
"precision": 1.0,
"recall": 0.9615384615384616,
"f1": 0.9803921568627451
"recall": 1.0,
"f1": 1.0
},
"xss": {
"tp": 23,
@ -8048,13 +8046,13 @@
},
"by_confidence": {
">=High": {
"tp": 89,
"tp": 90,
"fp": 90,
"fn_": 127,
"fn_": 126,
"tn": 126,
"precision": 0.4972067039106145,
"recall": 0.41203703703703703,
"f1": 0.4506329113924051
"precision": 0.5,
"recall": 0.4166666666666667,
"f1": 0.45454545454545453
},
">=Low": {
"tp": 94,