This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions

View file

@ -0,0 +1,22 @@
// Phase 13 (Track L.11) — NestJS CMDI benign fixture (TypeScript).
import 'reflect-metadata';
import { Controller, Get, Query } from '@nestjs/common';
import { execFile } from 'child_process';
const ALLOW = new Set(['status', 'uptime', 'version']);
@Controller('')
export class AppController {
@Get('run')
runCmd(@Query('cmd') cmd: string): Promise<string> | string {
if (!ALLOW.has(cmd || '')) {
return 'rejected';
}
return new Promise((resolve) => {
execFile('/usr/bin/echo', [cmd], (err, stdout) => {
resolve(err ? String(err) : stdout);
});
});
}
}

View file

@ -0,0 +1,20 @@
// Phase 13 (Track L.11) — NestJS CMDI vuln fixture (TypeScript).
//
// Adapter binding: `@Controller('')` + `@Get('run')` on
// `AppController.runCmd` with `cmd` flowing through `@Query('cmd')`.
import 'reflect-metadata';
import { Controller, Get, Query } from '@nestjs/common';
import { exec } from 'child_process';
@Controller('')
export class AppController {
@Get('run')
runCmd(@Query('cmd') cmd: string): Promise<string> {
return new Promise((resolve) => {
exec(cmd || '', (err, stdout) => {
resolve(err ? String(err) : stdout);
});
});
}
}