apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-24 20:28:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/dynamic_fixtures/stubs/sql/benign.txt Normal file
View file

@ -0,0 +1,7 @@
// Phase 10 — SqlStub benign control.
//
// Same harness shape as `vuln.txt` but the recorded query does NOT
// contain the tautology. Oracle: `Oracle::StubEvent { kind:
// StubKind::Sql, needle: "OR 1=1" }` does *not* fire so the
// verdict stays `NotConfirmed`.
SELECT * FROM users WHERE name = 'alice';

9
tests/dynamic_fixtures/stubs/sql/vuln.txt Normal file
View file

@ -0,0 +1,9 @@
// Phase 10 — SqlStub positive fixture.
//
// A SQL-cap sink that interpolates an untrusted username straight
// into a SELECT. The driving harness opens the SqlStub's SQLite DB
// (`NYX_SQL_ENDPOINT`), runs the query, and records it on the
// stub. Oracle: `Oracle::StubEvent { kind: StubKind::Sql, needle:
// "OR 1=1" }` fires because the recorded summary contains the
// tautology.
SELECT * FROM users WHERE name = '' OR 1=1 --';