apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 21: Track M.3 — ScheduledJob + GraphQLResolver + WebSocket + Middleware + Migration

Browse source
This commit is contained in:
pitboss 2026-05-20 18:05:31 -05:00
parent 00b0fbaea9
commit f9bd51c024
84 changed files with 5898 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tests/dynamic_fixtures/middleware/express/vuln.js Normal file
View file

@ -0,0 +1,17 @@
// Phase 21 (Track M.3) — Express middleware vuln fixture.
//
// `audit(req, res, next)` is mounted via `app.use(audit)`. It splices
// the request body into a shell command via `execSync`.
const _NYX_ADAPTER_MARKER = "require('express')";
const _NYX_REGISTER_MARKER = "app.use(audit)";
const { execSync } = require('child_process');
function audit(req, res, next) {
// SINK: tainted req.body concatenated into shell command.
const out = execSync('echo ' + String(req.body || '')).toString();
if (typeof next === 'function') next();
return out;
}
module.exports = { audit };