This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions

View file

@ -0,0 +1,14 @@
// Phase 21 — Sequelize benign control.
const _NYX_ADAPTER_MARKER = "queryInterface.createTable";
module.exports.up = async function (queryInterface, Sequelize) {
const name = (process.env.NYX_PAYLOAD || 'users')
.replace(/[^A-Za-z0-9_]/g, '_')
.toLowerCase();
if (queryInterface && typeof queryInterface.addColumn === 'function') {
await queryInterface.addColumn(name, 'description', { type: 'TEXT' });
}
return 'addColumn(' + name + ')';
};
module.exports.down = async function () { return 'noop'; };

View file

@ -0,0 +1,21 @@
// Phase 21 (Track M.3) — Sequelize migration vuln fixture.
//
// `up(queryInterface, Sequelize)` is the canonical migration entry
// point. This fixture builds a raw DDL string from an attacker-
// controlled table name and routes it through `queryInterface.sequelize.query`.
const _NYX_ADAPTER_MARKER = "queryInterface.createTable";
module.exports.up = async function (queryInterface, Sequelize) {
const name = process.env.NYX_PAYLOAD || 'users';
// SINK: tainted table name concatenated into raw DDL.
const sql = 'CREATE INDEX idx_' + name + ' ON users(name)';
if (queryInterface && queryInterface.sequelize && queryInterface.sequelize.query) {
await queryInterface.sequelize.query(sql);
}
return sql;
};
module.exports.down = async function (queryInterface, Sequelize) {
// benign in the down direction.
return 'DROP INDEX idx_users';
};