mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
317 B
Ruby
13 lines
317 B
Ruby
# Phase 19 (Track M.1) — class-method vuln fixture for Ruby.
|
|
#
|
|
# UserService#run pipes user input into a shell, classic OS command
|
|
# injection. Default `.new` ctor — no mock deps needed.
|
|
class UserService
|
|
def initialize
|
|
end
|
|
|
|
def run(input)
|
|
# SINK: tainted input → shell
|
|
`true #{input}`
|
|
end
|
|
end
|