mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
1bbe4b1cfb
* chore: Exclude CLAUDE.md from Cargo.toml * feat: add callgraph module and integrate into main analysis flow * feat: enhance CLI with new severity filtering and analysis modes * feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling * feat: implement state-model dataflow analysis for resource lifecycle and auth state * feat: enhance diagnostic output formatting and add evidence structure * feat: implement attack surface ranking for diagnostics with scoring and sorting * feat: add comprehensive documentation for installation, usage, and rules reference * feat: add multiple language support for command execution and evaluation endpoints * feat: implement inline suppression for findings using `nyx:ignore` comments * feat: add confidence levels to AST patterns and update output structure * feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets * feat: bump version to 0.4.0 and update changelog with new features and improvements * feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
64 lines
1.4 KiB
JavaScript
64 lines
1.4 KiB
JavaScript
// Synthetic fixture: many tainted variables in loops.
|
|
// Triggers divergent taint-map hashes on each loop iteration,
|
|
// exercising the BFS iteration limit in the taint engine.
|
|
// Without the limit the BFS would run forever.
|
|
|
|
function heavyLoop(req) {
|
|
const userInput = req.query.data; // source
|
|
let a = userInput;
|
|
let b = a;
|
|
let c = b;
|
|
let d = c;
|
|
let e = d;
|
|
let f = e;
|
|
let g = f;
|
|
let h = g;
|
|
let i = h;
|
|
let j = i;
|
|
|
|
// Loop with accumulating taint
|
|
for (let k = 0; k < 100; k++) {
|
|
a = b + c;
|
|
b = c + d;
|
|
c = d + e;
|
|
d = e + f;
|
|
e = f + g;
|
|
f = g + h;
|
|
g = h + i;
|
|
h = i + j;
|
|
i = j + a;
|
|
j = a + b;
|
|
}
|
|
|
|
// Nested loop
|
|
for (let m = 0; m < 10; m++) {
|
|
for (let n = 0; n < 10; n++) {
|
|
a = b + c + d;
|
|
b = c + d + e;
|
|
c = d + e + f;
|
|
}
|
|
}
|
|
|
|
// Sink: eval with tainted data
|
|
eval(a + b + c + d + e);
|
|
}
|
|
|
|
function multiSource(req, res) {
|
|
const x1 = req.query.a;
|
|
const x2 = req.query.b;
|
|
const x3 = req.query.c;
|
|
const x4 = req.query.d;
|
|
const x5 = req.query.e;
|
|
const x6 = req.query.f;
|
|
const x7 = req.query.g;
|
|
const x8 = req.query.h;
|
|
|
|
let result = x1;
|
|
for (let i = 0; i < 20; i++) {
|
|
result = result + x2 + x3;
|
|
const tmp = x4 + x5 + x6;
|
|
result = result + tmp + x7 + x8;
|
|
}
|
|
|
|
eval(result);
|
|
}
|