mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-30 20:39:39 +02:00
Dynamic (#77)
This commit is contained in:
parent
55247b7fcd
commit
991c84a1eb
1464 changed files with 225448 additions and 1985 deletions
14
tests/dynamic_fixtures/migration/sequelize/benign.js
Normal file
14
tests/dynamic_fixtures/migration/sequelize/benign.js
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
// Phase 21 — Sequelize benign control.
|
||||
const _NYX_ADAPTER_MARKER = "queryInterface.createTable";
|
||||
|
||||
module.exports.up = async function (queryInterface, Sequelize) {
|
||||
const name = (process.env.NYX_PAYLOAD || 'users')
|
||||
.replace(/[^A-Za-z0-9_]/g, '_')
|
||||
.toLowerCase();
|
||||
if (queryInterface && typeof queryInterface.addColumn === 'function') {
|
||||
await queryInterface.addColumn(name, 'description', { type: 'TEXT' });
|
||||
}
|
||||
return 'addColumn(' + name + ')';
|
||||
};
|
||||
|
||||
module.exports.down = async function () { return 'noop'; };
|
||||
21
tests/dynamic_fixtures/migration/sequelize/vuln.js
Normal file
21
tests/dynamic_fixtures/migration/sequelize/vuln.js
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
// Phase 21 (Track M.3) — Sequelize migration vuln fixture.
|
||||
//
|
||||
// `up(queryInterface, Sequelize)` is the canonical migration entry
|
||||
// point. This fixture builds a raw DDL string from an attacker-
|
||||
// controlled table name and routes it through `queryInterface.sequelize.query`.
|
||||
const _NYX_ADAPTER_MARKER = "queryInterface.createTable";
|
||||
|
||||
module.exports.up = async function (queryInterface, Sequelize) {
|
||||
const name = process.env.NYX_PAYLOAD || 'users';
|
||||
// SINK: tainted table name concatenated into raw DDL.
|
||||
const sql = 'CREATE INDEX idx_' + name + ' ON users(name)';
|
||||
if (queryInterface && queryInterface.sequelize && queryInterface.sequelize.query) {
|
||||
await queryInterface.sequelize.query(sql);
|
||||
}
|
||||
return sql;
|
||||
};
|
||||
|
||||
module.exports.down = async function (queryInterface, Sequelize) {
|
||||
// benign in the down direction.
|
||||
return 'DROP INDEX idx_users';
|
||||
};
|
||||
Loading…
Add table
Add a link
Reference in a new issue