apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-15 20:05:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

36
tests/dynamic_fixtures/stubs_e2e/python/http/vuln/main.py Normal file
View file

@ -0,0 +1,36 @@
"""Phase 10 (Track D.3) stub-end-to-end fixture: Python + HTTP.
The verifier publishes:
* ``NYX_HTTP_ENDPOINT`` `http://127.0.0.1:{port}` the HttpStub listens on.
* ``NYX_HTTP_LOG`` companion log path the harness appends attempted
outbound calls to so the host HttpStub picks them up on
``drain_events()`` even when the request bypasses the on-the-wire
listener (DNS-mocked, network-isolated sandbox, pre-flight check).
This fixture exercises the side-channel path: it records an attempted
SSRF call to ``http://169.254.169.254/latest/meta-data/`` through the
Python shim helper ``__nyx_stub_http_record`` without issuing the
actual network call. The companion test in
``tests/stubs_e2e_per_lang.rs`` splices in
``crate::dynamic::lang::python::probe_shim`` ahead of this source, runs
it with both env vars set, and asserts the stub captured the attempt.
"""
import os
def main():
method = "GET"
url = "http://169.254.169.254/latest/meta-data/"
body = ""
# Record the attempted call through the probe shim so the host
# HttpStub captures it on the next drain_events() call even when
# the harness never reaches the on-the-wire listener.
__nyx_stub_http_record(method, url, body, driver="urllib")
# Echo so the host can confirm the driver ran end-to-end.
print(os.environ.get("NYX_HTTP_ENDPOINT", "no-endpoint"))
if __name__ == "__main__":
main()

39
tests/dynamic_fixtures/stubs_e2e/python/sql/vuln/main.py Normal file
View file

@ -0,0 +1,39 @@
"""Phase 10 (Track D.3) stub-end-to-end fixture: Python + SQL.
The verifier publishes:
* ``NYX_SQL_ENDPOINT`` absolute path of a SQLite DB the SqlStub owns.
* ``NYX_SQL_LOG`` companion log path the harness appends executed
queries to so the host SqlStub picks them up on ``drain_events()``.
This fixture exercises both: it opens the stub DB with stdlib ``sqlite3``,
runs a tautology SELECT (``OR 1=1``), and forwards the executed query to
the stub through the Python shim helper ``__nyx_stub_sql_record``. The
companion test in ``tests/stubs_e2e_per_lang.rs`` splices in
``crate::dynamic::lang::python::probe_shim`` ahead of this source, runs it
with both env vars set, and asserts the stub captured the tautology.
"""
import os
import sqlite3
def main():
db_path = os.environ.get("NYX_SQL_ENDPOINT")
if not db_path:
return
query = "SELECT 1 WHERE 'a' = 'a' OR 1=1 --"
conn = sqlite3.connect(db_path)
try:
rows = conn.execute(query).fetchall()
for row in rows:
print(row[0])
finally:
conn.close()
# Record the executed query through the probe shim so the host
# SqlStub captures it on the next drain_events() call.
__nyx_stub_sql_record(query, driver="sqlite3")
if __name__ == "__main__":
main()