mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
[pitboss] sweep after phase 01: 5 deferred items resolved
This commit is contained in:
pitboss
parent
a10aba5d1f
commit
894f587b60
4 changed files with 385 additions and 0 deletions
|
|
@ -71,6 +71,39 @@ pub enum Oracle {
|
|||
///
|
||||
/// When adding a new `Cap` bit: add a row above, update this function, and
|
||||
/// bump [`CORPUS_VERSION`] if you add payload support.
|
||||
///
|
||||
/// Compile-time exhaustiveness guard: `CORPUS_SUPPORTED | CORPUS_UNSUPPORTED`
|
||||
/// must equal `Cap::all()`. Adding a new Cap bit without updating this table
|
||||
/// triggers a `const` assertion failure at build time.
|
||||
const CORPUS_SUPPORTED: u32 = Cap::SQL_QUERY.bits()
|
||||
| Cap::CODE_EXEC.bits()
|
||||
| Cap::FILE_IO.bits()
|
||||
| Cap::SSRF.bits()
|
||||
| Cap::HTML_ESCAPE.bits();
|
||||
|
||||
const CORPUS_UNSUPPORTED: u32 = Cap::ENV_VAR.bits()
|
||||
| Cap::SHELL_ESCAPE.bits()
|
||||
| Cap::URL_ENCODE.bits()
|
||||
| Cap::JSON_PARSE.bits()
|
||||
| Cap::FMT_STRING.bits()
|
||||
| Cap::DESERIALIZE.bits()
|
||||
| Cap::CRYPTO.bits()
|
||||
| Cap::UNAUTHORIZED_ID.bits()
|
||||
| Cap::DATA_EXFIL.bits()
|
||||
| Cap::LDAP_INJECTION.bits()
|
||||
| Cap::XPATH_INJECTION.bits()
|
||||
| Cap::HEADER_INJECTION.bits()
|
||||
| Cap::OPEN_REDIRECT.bits()
|
||||
| Cap::SSTI.bits()
|
||||
| Cap::XXE.bits()
|
||||
| Cap::PROTOTYPE_POLLUTION.bits();
|
||||
|
||||
const _: () = assert!(
|
||||
CORPUS_SUPPORTED | CORPUS_UNSUPPORTED == Cap::all().bits(),
|
||||
"Cap bit missing from corpus coverage table; \
|
||||
add to CORPUS_SUPPORTED or CORPUS_UNSUPPORTED and update payloads_for",
|
||||
);
|
||||
|
||||
pub fn payloads_for(cap: Cap) -> &'static [Payload] {
|
||||
if cap.contains(Cap::SQL_QUERY) {
|
||||
return SQLI;
|
||||
|
|
|
|||
|
|
@ -376,4 +376,87 @@ mod tests {
|
|||
let s2 = HarnessSpec::from_finding(&diag).unwrap();
|
||||
assert_eq!(s1.spec_hash, s2.spec_hash);
|
||||
}
|
||||
|
||||
fn base_spec() -> HarnessSpec {
|
||||
use crate::labels::Cap;
|
||||
let mut spec = HarnessSpec {
|
||||
finding_id: "0000000000000000".into(),
|
||||
entry_file: "src/handler.rs".into(),
|
||||
entry_name: "process".into(),
|
||||
entry_kind: EntryKind::Function,
|
||||
lang: crate::symbol::Lang::Rust,
|
||||
toolchain_id: "rust-stable".into(),
|
||||
payload_slot: PayloadSlot::Param(0),
|
||||
expected_cap: Cap::SQL_QUERY,
|
||||
constraint_hints: vec![],
|
||||
spec_hash: String::new(),
|
||||
};
|
||||
spec.spec_hash = compute_spec_hash(&spec);
|
||||
spec
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn spec_hash_flips_on_entry_file() {
|
||||
let s1 = base_spec();
|
||||
let mut s2 = s1.clone();
|
||||
s2.entry_file = "src/other.rs".into();
|
||||
s2.spec_hash = compute_spec_hash(&s2);
|
||||
assert_ne!(s1.spec_hash, s2.spec_hash, "entry_file mutation must change spec_hash");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn spec_hash_flips_on_entry_name() {
|
||||
let s1 = base_spec();
|
||||
let mut s2 = s1.clone();
|
||||
s2.entry_name = "other_handler".into();
|
||||
s2.spec_hash = compute_spec_hash(&s2);
|
||||
assert_ne!(s1.spec_hash, s2.spec_hash, "entry_name mutation must change spec_hash");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn spec_hash_flips_on_payload_slot() {
|
||||
let s1 = base_spec();
|
||||
let mut s2 = s1.clone();
|
||||
s2.payload_slot = PayloadSlot::Param(1);
|
||||
s2.spec_hash = compute_spec_hash(&s2);
|
||||
assert_ne!(s1.spec_hash, s2.spec_hash, "payload_slot mutation must change spec_hash");
|
||||
|
||||
let mut s3 = s1.clone();
|
||||
s3.payload_slot = PayloadSlot::HttpBody;
|
||||
s3.spec_hash = compute_spec_hash(&s3);
|
||||
assert_ne!(s1.spec_hash, s3.spec_hash, "payload_slot tag change must change spec_hash");
|
||||
|
||||
let mut s4 = s1.clone();
|
||||
s4.payload_slot = PayloadSlot::EnvVar("NYX_INPUT".into());
|
||||
s4.spec_hash = compute_spec_hash(&s4);
|
||||
assert_ne!(s1.spec_hash, s4.spec_hash, "EnvVar payload_slot must change spec_hash");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn spec_hash_flips_on_expected_cap() {
|
||||
use crate::labels::Cap;
|
||||
let s1 = base_spec();
|
||||
let mut s2 = s1.clone();
|
||||
s2.expected_cap = Cap::CODE_EXEC;
|
||||
s2.spec_hash = compute_spec_hash(&s2);
|
||||
assert_ne!(s1.spec_hash, s2.spec_hash, "expected_cap mutation must change spec_hash");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn spec_hash_flips_on_constraint_hints() {
|
||||
let s1 = base_spec();
|
||||
let mut s2 = s1.clone();
|
||||
s2.constraint_hints = vec!["prefix:admin/".into()];
|
||||
s2.spec_hash = compute_spec_hash(&s2);
|
||||
assert_ne!(s1.spec_hash, s2.spec_hash, "constraint_hints mutation must change spec_hash");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn spec_hash_flips_on_toolchain_id() {
|
||||
let s1 = base_spec();
|
||||
let mut s2 = s1.clone();
|
||||
s2.toolchain_id = "rust-nightly".into();
|
||||
s2.spec_hash = compute_spec_hash(&s2);
|
||||
assert_ne!(s1.spec_hash, s2.spec_hash, "toolchain_id mutation must change spec_hash");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue