mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
21 lines
887 B
JavaScript
21 lines
887 B
JavaScript
// Phase 21 (Track M.3) — Sequelize migration vuln fixture.
|
|
//
|
|
// `up(queryInterface, Sequelize)` is the canonical migration entry
|
|
// point. This fixture builds a raw DDL string from an attacker-
|
|
// controlled table name and routes it through `queryInterface.sequelize.query`.
|
|
const _NYX_ADAPTER_MARKER = "queryInterface.createTable";
|
|
|
|
module.exports.up = async function (queryInterface, Sequelize) {
|
|
const name = process.env.NYX_PAYLOAD || 'users';
|
|
// SINK: tainted table name concatenated into raw DDL.
|
|
const sql = 'CREATE INDEX idx_' + name + ' ON users(name)';
|
|
if (queryInterface && queryInterface.sequelize && queryInterface.sequelize.query) {
|
|
await queryInterface.sequelize.query(sql);
|
|
}
|
|
return sql;
|
|
};
|
|
|
|
module.exports.down = async function (queryInterface, Sequelize) {
|
|
// benign in the down direction.
|
|
return 'DROP INDEX idx_users';
|
|
};
|