apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-06 19:35:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/patterns/javascript/positive.js
Eli Peter 1bbe4b1cfb
Phase 1 (#33) 
* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
2026-02-25 21:16:36 -05:00

51 lines
1 KiB
JavaScript
Raw Blame History

// Positive fixture: each snippet should trigger the named pattern.
// js.code_exec.eval
function triggerEval(code) {
eval(code);
}
// js.code_exec.new_function
function triggerNewFunction(body) {
var fn = new Function(body);
}
// js.code_exec.settimeout_string
function triggerSetTimeout() {
setTimeout("alert(1)", 1000);
}
// js.xss.document_write
function triggerDocumentWrite(data) {
document.write(data);
}
// js.xss.outer_html
function triggerOuterHtml(el, data) {
el.outerHTML = data;
}
// js.xss.insert_adjacent_html
function triggerInsertAdjacentHtml(el, data) {
el.insertAdjacentHTML("beforeend", data);
}
// js.prototype.proto_assignment
function triggerProtoAssignment(obj) {
obj.__proto__ = { malicious: true };
}
// js.xss.location_assign
function triggerLocationAssign(url) {
window.location = url;
}
// js.xss.cookie_write
function triggerCookieWrite(sid) {
document.cookie = "session=" + sid;
}
// js.crypto.math_random
function triggerMathRandom() {
var token = Math.random();
}
Reference in a new issue View git blame Copy permalink