mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-15 21:11:02 +02:00
Dynamic (#77)
This commit is contained in:
parent
55247b7fcd
commit
991c84a1eb
1464 changed files with 225448 additions and 1985 deletions
|
|
@ -5359,7 +5359,8 @@
|
|||
"taint-unsanitised-flow"
|
||||
],
|
||||
"allowed_alternative_rule_ids": [
|
||||
"c.cmdi.execvp"
|
||||
"c.cmdi.execvp",
|
||||
"cfg-unguarded-sink"
|
||||
],
|
||||
"forbidden_rule_ids": [],
|
||||
"expected_severity": "HIGH",
|
||||
|
|
@ -6078,7 +6079,8 @@
|
|||
"taint-unsanitised-flow"
|
||||
],
|
||||
"allowed_alternative_rule_ids": [
|
||||
"cpp.cmdi.execvp"
|
||||
"cpp.cmdi.execvp",
|
||||
"cfg-unguarded-sink"
|
||||
],
|
||||
"forbidden_rule_ids": [],
|
||||
"expected_severity": "HIGH",
|
||||
|
|
@ -11829,14 +11831,14 @@
|
|||
"expected_category": "Security",
|
||||
"expected_sink_lines": [
|
||||
[
|
||||
87,
|
||||
87
|
||||
95,
|
||||
95
|
||||
]
|
||||
],
|
||||
"expected_source_lines": [
|
||||
[
|
||||
92,
|
||||
92
|
||||
95,
|
||||
95
|
||||
]
|
||||
],
|
||||
"tags": [
|
||||
|
|
@ -11845,8 +11847,7 @@
|
|||
"argv-injection",
|
||||
"cmdi"
|
||||
],
|
||||
"disabled": true,
|
||||
"disabled_reason": "C taint engine does not propagate taint through C array-element writes (`args[i] = ssh_host;`) and has no `c.cmdi.exec*` AST pattern; even if such a pattern were added it would also fire on the patched fixture (precision miss) because the CVE is sanitised by a pre-call dash-prefix guard the engine does not classify as a validator. Three-layer deep fix tracked in CVE_DEFERRED.md.",
|
||||
"disabled": false,
|
||||
"notes": "CVE-2017-1000117 (git ssh:// argv injection): pre-2.7.6 git accepted `ssh://-oProxyCommand=...@host/repo` URLs and pushed the URL host as an argv element to ssh, where a leading dash was treated as an option flag. GPL-2.0"
|
||||
},
|
||||
{
|
||||
|
|
@ -11877,8 +11878,7 @@
|
|||
"patched",
|
||||
"negative"
|
||||
],
|
||||
"disabled": true,
|
||||
"disabled_reason": "Paired with cve-c-2017-1000117-vulnerable; precision side requires sanitizer recognition of the upstream `if (ssh_host[0] == '-') die(...)` guard so that adding any `c.cmdi.execvp` AST pattern would not also fire on the patched fixture.",
|
||||
"disabled": false,
|
||||
"notes": "CVE-2017-1000117 patched counterpart: dash-prefix gate added before argv assembly; regression guard that Nyx does not refire on the fix once the deferral lands"
|
||||
},
|
||||
{
|
||||
|
|
@ -17800,4 +17800,4 @@
|
|||
"notes": "Patched form of `sanitizeValue` from `@payloadcms/drizzle@v3.73.0` (MIT). Enabled after validated-flow propagation landed."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue