apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tests/dynamic_fixtures/java/servlet_dopost/Benign.java Normal file
View file

@ -0,0 +1,20 @@
// Phase 14 servlet doPost, benign.
import java.io.BufferedReader;
import java.io.InputStreamReader;
public class Benign {
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws Exception {
System.out.print("__NYX_SINK_HIT__\n");
String unused = req.getBody();
if (unused == null) unused = "";
String[] cmd = {"/bin/sh", "-c", "echo hello"};
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = reader.readLine()) != null) {
resp.write(line + "\n");
}
p.waitFor();
}
}

20
tests/dynamic_fixtures/java/servlet_dopost/HttpServletRequest.java Normal file
View file

@ -0,0 +1,20 @@
// Phase 14 fixture stub minimal servlet request shape.
// Lives in the default package so the harness shim's
// `p.getName().endsWith("HttpServletRequest")` filter can match without
// a Maven dep on `jakarta.servlet-api`.
import java.util.HashMap;
import java.util.Map;
public class HttpServletRequest {
private final Map<String, String> params = new HashMap<>();
private String method = "GET";
private String body = "";
public void setParameter(String k, String v) { params.put(k, v); }
public String getParameter(String k) { return params.get(k); }
public void setMethod(String m) { this.method = m; }
public String getMethod() { return method; }
public void setBody(String b) { this.body = b; }
public String getBody() { return body; }
}

6
tests/dynamic_fixtures/java/servlet_dopost/HttpServletResponse.java Normal file
View file

@ -0,0 +1,6 @@
// Phase 14 fixture stub minimal servlet response shape.
public class HttpServletResponse {
private final StringBuilder body = new StringBuilder();
public void write(String s) { body.append(s); }
public String getBody() { return body.toString(); }
}

23
tests/dynamic_fixtures/java/servlet_dopost/Vuln.java Normal file
View file

@ -0,0 +1,23 @@
// Phase 14 servlet doPost, vulnerable.
//
// Reads the POST body from the request stub and feeds it through
// `/bin/sh -c`.
import java.io.BufferedReader;
import java.io.InputStreamReader;
public class Vuln {
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws Exception {
System.out.print("__NYX_SINK_HIT__\n");
String input = req.getBody();
if (input == null) input = "";
String[] cmd = {"/bin/sh", "-c", "echo hello " + input};
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = reader.readLine()) != null) {
resp.write(line + "\n");
}
p.waitFor();
}
}

19
tests/dynamic_fixtures/java/servlet_dopost/pom.xml Normal file
View file

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0">
<modelVersion>4.0.0</modelVersion>
<groupId>nyx</groupId>
<artifactId>servlet-dopost-fixture</artifactId>
<version>0.0.1</version>
<properties>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.0.0</version>
<scope>provided</scope>
</dependency>
</dependencies>
</project>