apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/middleware/django/vuln.py
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

23 lines
681 B
Python
Raw Permalink Blame History

"""Phase 21 (Track M.3) — Django middleware vuln fixture.
`AuditMiddleware.__call__(request)` splices `request.body` into a shell
command via `os.system`.
"""
import os
_NYX_ADAPTER_MARKER = "from django.utils.deprecation import MiddlewareMixin"
class AuditMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# SINK: tainted request body concatenated into shell command.
os.system("echo " + str(request.body))
return self.get_response(request)
# Module-level alias for the harness to resolve `audit` directly.
def audit(get_response):
return AuditMiddleware(get_response)
Reference in a new issue View git blame Copy permalink