mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-30 20:39:39 +02:00
Dynamic (#77)
This commit is contained in:
parent
55247b7fcd
commit
991c84a1eb
1464 changed files with 225448 additions and 1985 deletions
11
tests/dynamic_fixtures/class_method/ruby/benign.rb
Normal file
11
tests/dynamic_fixtures/class_method/ruby/benign.rb
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# Phase 19 (Track M.1) — class-method benign control for Ruby.
|
||||
require 'shellwords'
|
||||
|
||||
class UserService
|
||||
def initialize
|
||||
end
|
||||
|
||||
def run(input)
|
||||
`true #{Shellwords.escape(input)}`
|
||||
end
|
||||
end
|
||||
13
tests/dynamic_fixtures/class_method/ruby/vuln.rb
Normal file
13
tests/dynamic_fixtures/class_method/ruby/vuln.rb
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
# Phase 19 (Track M.1) — class-method vuln fixture for Ruby.
|
||||
#
|
||||
# UserService#run pipes user input into a shell, classic OS command
|
||||
# injection. Default `.new` ctor — no mock deps needed.
|
||||
class UserService
|
||||
def initialize
|
||||
end
|
||||
|
||||
def run(input)
|
||||
# SINK: tainted input → shell
|
||||
`true #{input}`
|
||||
end
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue