apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

16
tests/dynamic_fixtures/json_parse/javascript/benign.js Normal file
View file

@ -0,0 +1,16 @@
// Phase 11 (Track J.9) — JavaScript JSON_PARSE benign control fixture.
//
// JSON.parse then deep-merge into a `Object.create(null)` target, the
// canonical mitigation; the prototype-less target cannot reach
// `Object.prototype` so the canary never fires.
function run(value) {
const parsed = JSON.parse(value);
const target = Object.create(null);
for (const k of Object.keys(parsed)) {
if (k === '__proto__' || k === 'constructor') continue;
target[k] = parsed[k];
}
return target;
}
module.exports = { run };

24
tests/dynamic_fixtures/json_parse/javascript/vuln.js Normal file
View file

@ -0,0 +1,24 @@
// Phase 11 (Track J.9) — JavaScript JSON_PARSE vuln fixture.
//
// JSON.parse the attacker bytes then naive deep-merge into a vanilla
// target object. A `__proto__` key walks into `Object.prototype` and
// trips the canary trap.
function run(value) {
const parsed = JSON.parse(value);
const target = {};
deepMerge(target, parsed);
return target;
}
function deepMerge(t, s) {
for (const k of Object.keys(s)) {
if (s[k] !== null && typeof s[k] === 'object') {
if (typeof t[k] !== 'object' || t[k] === null) t[k] = {};
deepMerge(t[k], s[k]);
} else {
t[k] = s[k];
}
}
}
module.exports = { run };