mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
23 lines
983 B
Python
23 lines
983 B
Python
# Phase 11 (Track J.9) — Python CRYPTO vuln fixture.
|
|
#
|
|
# Models a config-driven crypto endpoint that picks the RNG based on
|
|
# the request payload — `*_WEAK` routes through `random.randint(0, 0xFFFF)`
|
|
# (a non-CSPRNG) and `*_STRONG` routes through `secrets.token_bytes(32)`
|
|
# (a CSPRNG). This shape is needed by the differential runner: the
|
|
# vuln-payload attempt and the benign-control attempt both load the same
|
|
# fixture, and only the payload-routed weak branch trips the
|
|
# `WeakKeyEntropy` predicate. Real-world analogue: a JWT-signing or
|
|
# session-token endpoint that exposes an `algorithm`/`key_strength`
|
|
# knob whose weak setting falls back to a non-CSPRNG seed.
|
|
import random
|
|
import secrets
|
|
|
|
|
|
def run(value):
|
|
if isinstance(value, (bytes, bytearray)):
|
|
value = value.decode("utf-8", "replace")
|
|
elif not isinstance(value, str):
|
|
value = str(value)
|
|
if "STRONG" in value:
|
|
return secrets.token_bytes(32)
|
|
return random.randint(0, 0xFFFF)
|