mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
26 lines
680 B
Rust
26 lines
680 B
Rust
//! Phase 17 (Track L.15) — axum CMDI vuln fixture.
|
|
//!
|
|
//! The /run route forwards a `cmd` query parameter straight into
|
|
//! `std::process::Command`. Adapter binding:
|
|
//! `Router::new().route("/run", get(run))` with `cmd` arriving via
|
|
//! `axum::extract::Query<RunQuery>`.
|
|
|
|
use axum::extract::Query;
|
|
use axum::Router;
|
|
use axum::routing::get;
|
|
use serde::Deserialize;
|
|
use std::process::Command;
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct RunQuery {
|
|
pub cmd: String,
|
|
}
|
|
|
|
pub async fn run(Query(q): Query<RunQuery>) -> String {
|
|
let _ = Command::new("sh").arg("-c").arg(&q.cmd).status();
|
|
"ok".to_owned()
|
|
}
|
|
|
|
pub fn build() -> Router {
|
|
Router::new().route("/run", get(run))
|
|
}
|