apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-18 20:15:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Python fp and docs updtes (#58)

Browse source 
* refactor: Update comments for clarity and add expectations.json files for performance metrics

* feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks

* feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks

* refactor: Simplify code formatting for better readability in multiple files

* refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration

* feat: Update Java and Python patterns to include new security rules

* refactor: Improve comment clarity and consistency across multiple Rust files

* refactor: Simplify code formatting for improved readability in integration tests and module files

* refactor: Improve comment formatting and enhance clarity in assertions across multiple files
This commit is contained in:
Eli Peter 2026-04-29 19:53:34 -04:00 committed by GitHub
parent 4db0805de6
commit a438886217
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
291 changed files with 9485 additions and 3851 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tests/pattern_tests.rs
View file

@ -204,7 +204,7 @@ fn tier_a_patterns_have_no_heuristic_in_description() {
}
}
// Warn but don't fail descriptions are informational
// Warn but don't fail, descriptions are informational
if !violations.is_empty() {
eprintln!(
"WARNING: Tier A patterns with heuristic-like descriptions:\n {}",
@ -277,6 +277,9 @@ fn positive_java() {
"java.reflection.method_invoke",
"java.sqli.execute_concat",
"java.crypto.insecure_random",
// CVE-2022-1471 SnakeYAML / CVE-2022-42889 Text4Shell.
"java.deser.snakeyaml_unsafe_constructor",
"java.code_exec.text4shell_interpolator",
],
);
}
@ -293,6 +296,11 @@ fn positive_python() {
"py.cmdi.os_popen",
"py.deser.pickle_loads",
"py.deser.yaml_load",
// CVE-2025-69662 / CVE-2025-24793 motivated f-string SQLi.
// py.sqli.execute_format must fire on the f-string shape and
// py.sqli.text_format must fire on the SQLAlchemy text() shape.
"py.sqli.execute_format",
"py.sqli.text_format",
],
);
}