mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
27 lines
982 B
JavaScript
27 lines
982 B
JavaScript
// Phase 13 (Track L.11) — NestJS CMDI vuln fixture (Babel-stage-1
|
|
// decorator syntax form). Real Nest projects publish their
|
|
// controllers either as `.ts` files or as Babel-transpiled `.js`
|
|
// carrying the inline decorator syntax via `@babel/plugin-proposal-decorators`
|
|
// + `reflect-metadata`. The adapter binds the decorator syntax;
|
|
// the harness loads the entry via `Test.createTestingModule`.
|
|
//
|
|
// Adapter binding: `@Controller('')` + `@Get('run')` on
|
|
// `AppController.runCmd` with `cmd` flowing through `@Query('cmd')`.
|
|
|
|
require('reflect-metadata');
|
|
const { Controller, Get, Query } = require('@nestjs/common');
|
|
const { exec } = require('child_process');
|
|
|
|
@Controller('')
|
|
class AppController {
|
|
@Get('run')
|
|
runCmd(@Query('cmd') cmd) {
|
|
return new Promise((resolve) => {
|
|
exec('ls ' + (cmd || ''), (err, stdout) => {
|
|
resolve(err ? String(err) : stdout);
|
|
});
|
|
});
|
|
}
|
|
}
|
|
|
|
module.exports = { AppController };
|