apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 21: Track M.3 — ScheduledJob + GraphQLResolver + WebSocket + Middleware + Migration

Browse source
This commit is contained in:
pitboss 2026-05-20 18:05:31 -05:00
parent 00b0fbaea9
commit f9bd51c024
84 changed files with 5898 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tests/dynamic_fixtures/graphql_resolver/graphene/benign.py Normal file
View file

@ -0,0 +1,9 @@
"""Phase 21 — Graphene resolver benign control."""
import re
_NYX_ADAPTER_MARKER = "import graphene"
def resolve_user(self, info, id):
safe = re.sub(r"[^A-Za-z0-9_-]", "", str(id))
return "user-" + safe

15
tests/dynamic_fixtures/graphql_resolver/graphene/vuln.py Normal file
View file

@ -0,0 +1,15 @@
"""Phase 21 (Track M.3) — Graphene resolver vuln fixture.
`resolve_user(self, info, id)` is a Graphene query resolver that
splices the tainted `id` into a shell command via `os.system`.
"""
import os
_NYX_ADAPTER_MARKER = "import graphene"
_NYX_OBJECT_TYPE_MARKER = "class Query(graphene.ObjectType):"
def resolve_user(self, info, id):
# SINK: tainted id concatenated into shell command.
os.system("echo lookup-" + str(id))
return "user-" + str(id)