mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
17 lines
597 B
JavaScript
17 lines
597 B
JavaScript
// Phase 21 (Track M.3) — Express middleware vuln fixture.
|
|
//
|
|
// `audit(req, res, next)` is mounted via `app.use(audit)`. It splices
|
|
// the request body into a shell command via `execSync`.
|
|
const _NYX_ADAPTER_MARKER = "require('express')";
|
|
const _NYX_REGISTER_MARKER = "app.use(audit)";
|
|
|
|
const { execSync } = require('child_process');
|
|
|
|
function audit(req, res, next) {
|
|
// SINK: tainted req.body concatenated into shell command.
|
|
const out = execSync('echo ' + String(req.body || '')).toString();
|
|
if (typeof next === 'function') next();
|
|
return out;
|
|
}
|
|
|
|
module.exports = { audit };
|