mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-30 20:39:39 +02:00
[pitboss] phase 19: Track M.1 — ClassMethod end-to-end (all langs)
This commit is contained in:
parent
1b2f9cb7ca
commit
b374f89577
35 changed files with 1894 additions and 41 deletions
16
tests/dynamic_fixtures/class_method/c/benign.c
Normal file
16
tests/dynamic_fixtures/class_method/c/benign.c
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
/* Phase 19 (Track M.1) — class-method benign control for C. */
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
void UserService_run(const char *input, size_t len) {
|
||||
(void)len;
|
||||
/* Uses execve via fork; the shell never sees `input`. */
|
||||
pid_t pid = fork();
|
||||
if (pid == 0) {
|
||||
char *argv[] = { (char*)"/bin/echo", (char*)(input ? input : ""), NULL };
|
||||
execv("/bin/echo", argv);
|
||||
_exit(127);
|
||||
}
|
||||
}
|
||||
16
tests/dynamic_fixtures/class_method/c/vuln.c
Normal file
16
tests/dynamic_fixtures/class_method/c/vuln.c
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
/* Phase 19 (Track M.1) — class-method vuln fixture for C.
|
||||
*
|
||||
* C has no class system; the harness calls a free function whose name
|
||||
* follows the `<Class>_<method>` convention (`UserService_run`). The
|
||||
* function piping `input` straight into `system(3)` is the SINK. */
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
void UserService_run(const char *input, size_t len) {
|
||||
(void)len;
|
||||
char buf[512];
|
||||
snprintf(buf, sizeof(buf), "echo %s", input ? input : "");
|
||||
/* SINK: tainted input → system(3) */
|
||||
system(buf);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue