This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions

View file

@ -0,0 +1,10 @@
//! Phase 21 — Juniper resolver benign control.
// use juniper::graphql_object;
pub fn resolve_user(id: &str) -> String {
let safe: String = id
.chars()
.filter(|c| c.is_ascii_alphanumeric() || *c == '_' || *c == '-')
.collect();
format!("user-{}", safe)
}

View file

@ -0,0 +1,15 @@
//! Phase 21 (Track M.3) — Juniper GraphQL resolver vuln fixture.
//!
//! `resolve_user(id)` is a Juniper resolver (substring marker only —
//! the real `juniper` crate is not on the workdir's Cargo.toml). The
//! resolver builds a SQL query via raw string concat — classic
//! GraphQL → SQLi shape.
// use juniper::graphql_object;
pub fn resolve_user(id: &str) -> String {
// SINK: tainted id concatenated into SQL.
let query = format!("SELECT * FROM users WHERE id = '{}'", id);
let _ = query;
format!("user-{}", id)
}