apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/js_frameworks/nest/benign.js
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

26 lines
761 B
JavaScript
Raw Permalink Blame History

// Phase 13 (Track L.11) — NestJS CMDI benign fixture. Same adapter
// binding shape as the vuln fixture; the differential outcome is what
// distinguishes the two.
require('reflect-metadata');
const { Controller, Get, Query } = require('@nestjs/common');
const { execFile } = require('child_process');
const ALLOW = new Set(['status', 'uptime', 'version']);
@Controller('')
class AppController {
@Get('run')
runCmd(@Query('cmd') cmd) {
if (!ALLOW.has(cmd || '')) {
return 'rejected';
}
return new Promise((resolve) => {
execFile('/usr/bin/echo', [cmd], (err, stdout) => {
resolve(err ? String(err) : stdout);
});
});
}
}
module.exports = { AppController };
Reference in a new issue View git blame Copy permalink