This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions

View file

@ -0,0 +1,35 @@
<?php
// Phase 10 (Track D.3) stub-end-to-end fixture: PHP + HTTP.
//
// The verifier publishes:
//
// * NYX_HTTP_ENDPOINT - http://127.0.0.1:{port} the HttpStub listens on.
// * NYX_HTTP_LOG - companion log path the harness appends attempted
// outbound calls to so the host HttpStub picks them
// up on drain_events() even when the request bypasses
// the on-the-wire listener (DNS-mocked,
// network-isolated sandbox, pre-flight check).
//
// This fixture exercises the side-channel path: it records an attempted
// SSRF call to http://169.254.169.254/latest/meta-data/ through the PHP
// shim helper __nyx_stub_http_record without issuing the actual network
// call. The companion test in tests/stubs_e2e_per_lang.rs strips this
// leading <?php tag, splices in crate::dynamic::lang::php::probe_shim
// ahead of the remaining body inside a fresh <?php block, runs it with
// both env vars set, and asserts the stub captured the attempt.
function nyx_e2e_main(): void {
$method = 'GET';
$url = 'http://169.254.169.254/latest/meta-data/';
$body = '';
// Record the attempted call through the probe shim so the host
// HttpStub captures it on the next drain_events() call even when the
// harness never reaches the on-the-wire listener.
__nyx_stub_http_record($method, $url, $body, ['driver' => 'curl']);
// Echo so the host can confirm the driver ran end-to-end.
$endpoint = getenv('NYX_HTTP_ENDPOINT');
echo ($endpoint === false || $endpoint === '') ? 'no-endpoint' : $endpoint;
echo "\n";
}
nyx_e2e_main();

View file

@ -0,0 +1,41 @@
<?php
// Phase 10 (Track D.3) stub-end-to-end fixture: PHP + SQL.
//
// The verifier publishes:
//
// NYX_SQL_ENDPOINT absolute path of a SQLite DB the SqlStub owns.
// NYX_SQL_LOG companion log path the harness appends executed
// queries to so the host SqlStub picks them up on
// drain_events().
//
// This fixture opens the stub DB with stdlib SQLite3, runs a tautology
// SELECT (OR 1=1), and forwards the executed query to the stub through
// the PHP shim helper __nyx_stub_sql_record. The companion test in
// tests/stubs_e2e_per_lang.rs splices in
// crate::dynamic::lang::php::probe_shim ahead of this source, runs it
// with both env vars set, and asserts the stub captured the tautology.
function main(): void {
$db_path = getenv('NYX_SQL_ENDPOINT');
if ($db_path === false || $db_path === '') {
return;
}
$query = "SELECT 1 WHERE 'a' = 'a' OR 1=1 --";
$driver = 'none';
if (class_exists('SQLite3')) {
$driver = 'SQLite3';
$db = new SQLite3($db_path);
$rows = $db->query($query);
if ($rows !== false) {
while ($r = $rows->fetchArray(SQLITE3_NUM)) {
echo $r[0] . "\n";
}
}
$db->close();
}
// Record the executed query through the probe shim so the host
// SqlStub captures it on the next drain_events() call.
__nyx_stub_sql_record($query, ['driver' => $driver]);
}
main();