mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
15 lines
548 B
Rust
15 lines
548 B
Rust
//! Phase 21 (Track M.3) — Juniper GraphQL resolver vuln fixture.
|
|
//!
|
|
//! `resolve_user(id)` is a Juniper resolver (substring marker only —
|
|
//! the real `juniper` crate is not on the workdir's Cargo.toml). The
|
|
//! resolver builds a SQL query via raw string concat — classic
|
|
//! GraphQL → SQLi shape.
|
|
|
|
// use juniper::graphql_object;
|
|
|
|
pub fn resolve_user(id: &str) -> String {
|
|
// SINK: tainted id concatenated into SQL.
|
|
let query = format!("SELECT * FROM users WHERE id = '{}'", id);
|
|
let _ = query;
|
|
format!("user-{}", id)
|
|
}
|