mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
17 lines
757 B
JavaScript
17 lines
757 B
JavaScript
// Phase 21 (Track M.3) — Prisma migration vuln fixture.
|
|
//
|
|
// `up(name)` runs a raw DDL through `prisma.$executeRawUnsafe` —
|
|
// classic Prisma migration SQLi shape.
|
|
const _NYX_ADAPTER_MARKER = "require('@prisma/client')";
|
|
|
|
async function up(name) {
|
|
const target = name || process.env.NYX_PAYLOAD || 'users';
|
|
// The harness supplies a stubbed `prisma` shim via the synthetic
|
|
// migration entry path; we route through a module-level stub so the
|
|
// sink callee is statically present.
|
|
const prisma = global.__nyx_prisma || { $executeRawUnsafe: async (s) => s };
|
|
// SINK: tainted table name concatenated into raw DDL.
|
|
return prisma.$executeRawUnsafe('CREATE INDEX idx_' + target + ' ON users(name)');
|
|
}
|
|
|
|
module.exports = { up };
|