mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
a438886217
* refactor: Update comments for clarity and add expectations.json files for performance metrics * feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks * feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks * refactor: Simplify code formatting for better readability in multiple files * refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration * feat: Update Java and Python patterns to include new security rules * refactor: Improve comment clarity and consistency across multiple Rust files * refactor: Simplify code formatting for improved readability in integration tests and module files * refactor: Improve comment formatting and enhance clarity in assertions across multiple files
62 lines
2 KiB
Java
62 lines
2 KiB
Java
import java.io.*;
|
|
import java.util.Random;
|
|
import java.security.MessageDigest;
|
|
import org.yaml.snakeyaml.Yaml;
|
|
import org.apache.commons.text.StringSubstitutor;
|
|
|
|
class Positive {
|
|
// java.deser.readobject
|
|
void triggerDeser(InputStream is) throws Exception {
|
|
ObjectInputStream ois = new ObjectInputStream(is);
|
|
Object obj = ois.readObject();
|
|
}
|
|
|
|
// java.cmdi.runtime_exec
|
|
void triggerRuntimeExec(String cmd) throws Exception {
|
|
Runtime.getRuntime().exec(cmd);
|
|
}
|
|
|
|
// java.reflection.class_forname
|
|
void triggerClassForName(String name) throws Exception {
|
|
Class.forName(name);
|
|
}
|
|
|
|
// java.reflection.method_invoke
|
|
void triggerMethodInvoke(Object target) throws Exception {
|
|
java.lang.reflect.Method m = target.getClass().getMethod("run");
|
|
m.invoke(target);
|
|
}
|
|
|
|
// java.sqli.execute_concat
|
|
void triggerSqlConcat(java.sql.Statement stmt, String user) throws Exception {
|
|
stmt.executeQuery("SELECT * FROM users WHERE name = '" + user + "'");
|
|
}
|
|
|
|
// java.crypto.insecure_random
|
|
void triggerInsecureRandom() {
|
|
Random r = new Random();
|
|
int token = r.nextInt();
|
|
}
|
|
|
|
// java.crypto.weak_digest
|
|
void triggerWeakDigest() throws Exception {
|
|
MessageDigest md = MessageDigest.getInstance("MD5");
|
|
}
|
|
|
|
// java.xss.getwriter_print
|
|
void triggerGetWriterPrint(javax.servlet.http.HttpServletResponse resp) throws Exception {
|
|
resp.getWriter().println("<html>" + "data" + "</html>");
|
|
}
|
|
|
|
// java.deser.snakeyaml_unsafe_constructor — CVE-2022-1471 regression guard.
|
|
void triggerSnakeyamlUnsafeConstructor() throws Exception {
|
|
Yaml yaml = new Yaml();
|
|
Object data = yaml.load("payload");
|
|
}
|
|
|
|
// java.code_exec.text4shell_interpolator — CVE-2022-42889 regression guard.
|
|
String triggerText4ShellInterpolator(String input) {
|
|
StringSubstitutor s = StringSubstitutor.createInterpolator();
|
|
return s.replace(input);
|
|
}
|
|
}
|