mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-03 20:41:00 +02:00
Dynamic (#77)
This commit is contained in:
parent
55247b7fcd
commit
991c84a1eb
1464 changed files with 225448 additions and 1985 deletions
22
tests/dynamic_fixtures/ts_frameworks/nest/benign.ts
Normal file
22
tests/dynamic_fixtures/ts_frameworks/nest/benign.ts
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
// Phase 13 (Track L.11) — NestJS CMDI benign fixture (TypeScript).
|
||||
|
||||
import 'reflect-metadata';
|
||||
import { Controller, Get, Query } from '@nestjs/common';
|
||||
import { execFile } from 'child_process';
|
||||
|
||||
const ALLOW = new Set(['status', 'uptime', 'version']);
|
||||
|
||||
@Controller('')
|
||||
export class AppController {
|
||||
@Get('run')
|
||||
runCmd(@Query('cmd') cmd: string): Promise<string> | string {
|
||||
if (!ALLOW.has(cmd || '')) {
|
||||
return 'rejected';
|
||||
}
|
||||
return new Promise((resolve) => {
|
||||
execFile('/usr/bin/echo', [cmd], (err, stdout) => {
|
||||
resolve(err ? String(err) : stdout);
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
20
tests/dynamic_fixtures/ts_frameworks/nest/vuln.ts
Normal file
20
tests/dynamic_fixtures/ts_frameworks/nest/vuln.ts
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
// Phase 13 (Track L.11) — NestJS CMDI vuln fixture (TypeScript).
|
||||
//
|
||||
// Adapter binding: `@Controller('')` + `@Get('run')` on
|
||||
// `AppController.runCmd` with `cmd` flowing through `@Query('cmd')`.
|
||||
|
||||
import 'reflect-metadata';
|
||||
import { Controller, Get, Query } from '@nestjs/common';
|
||||
import { exec } from 'child_process';
|
||||
|
||||
@Controller('')
|
||||
export class AppController {
|
||||
@Get('run')
|
||||
runCmd(@Query('cmd') cmd: string): Promise<string> {
|
||||
return new Promise((resolve) => {
|
||||
exec(cmd || '', (err, stdout) => {
|
||||
resolve(err ? String(err) : stdout);
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue