mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
21 lines
707 B
Rust
21 lines
707 B
Rust
/// Command injection — unsupported entry-kind fixture.
|
|
///
|
|
/// Vulnerable logic lives inside a struct method. The test creates a Diag
|
|
/// with an unsupported entry kind so `HarnessSpec::from_finding` returns
|
|
/// `Err(UnsupportedReason::EntryKindUnsupported)`.
|
|
///
|
|
/// Expected verdict: Unsupported(EntryKindUnsupported)
|
|
/// Cap: CODE_EXEC
|
|
pub struct ShellRunner;
|
|
|
|
impl ShellRunner {
|
|
pub fn execute(&self, user_cmd: &str) -> Option<String> {
|
|
use std::process::Command;
|
|
let cmd = format!("run {}", user_cmd);
|
|
Command::new("sh")
|
|
.args(["-c", &cmd])
|
|
.output()
|
|
.ok()
|
|
.map(|o| String::from_utf8_lossy(&o.stdout).into_owned())
|
|
}
|
|
}
|