mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
f96a89e7c1
* feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel>
81 lines
2.5 KiB
JavaScript
81 lines
2.5 KiB
JavaScript
var child_process = require("child_process");
|
|
var crypto = require("crypto");
|
|
var fs = require("fs");
|
|
|
|
// ───── Background job runner ─────
|
|
|
|
// Runs a job command read from environment.
|
|
// VULN: process.env flows into child_process.exec
|
|
function runScheduledJob() {
|
|
var jobCmd = process.env.CRON_JOB_CMD;
|
|
child_process.exec(jobCmd, function(err, stdout, stderr) {
|
|
if (err) {
|
|
console.error("Job failed:", stderr);
|
|
return;
|
|
}
|
|
console.log("Job output:", stdout);
|
|
});
|
|
}
|
|
|
|
// Spawns a worker process from environment config.
|
|
// VULN: process.env flows into child_process.spawn
|
|
function spawnWorker() {
|
|
var workerBin = process.env.WORKER_BINARY;
|
|
var workerArgs = process.env.WORKER_ARGS.split(" ");
|
|
var proc = child_process.spawn(workerBin, workerArgs);
|
|
proc.stdout.on("data", function(data) {
|
|
console.log("Worker: " + data);
|
|
});
|
|
}
|
|
|
|
// ───── Template rendering helper ─────
|
|
|
|
// Renders user-visible content by injecting location data.
|
|
// VULN: window.location flows into innerHTML
|
|
function renderBreadcrumb() {
|
|
var currentPath = document.location.pathname;
|
|
var parts = currentPath.split("/");
|
|
var html = parts.map(function(p) {
|
|
return "<a href='/" + p + "'>" + p + "</a>";
|
|
}).join(" > ");
|
|
document.getElementById("breadcrumb").innerHTML = html;
|
|
}
|
|
|
|
// ───── URL redirect handler ─────
|
|
|
|
// VULN: location.href assignment from user-controlled data
|
|
function handleExternalRedirect() {
|
|
var target = window.location.hash.substring(1);
|
|
window.location.href = target;
|
|
}
|
|
|
|
// ───── Markdown rendering ─────
|
|
|
|
// Uses document.write to render parsed markdown.
|
|
// VULN: document.write with dynamic content
|
|
function renderMarkdown(markdownHtml) {
|
|
document.write("<div class='markdown'>" + markdownHtml + "</div>");
|
|
}
|
|
|
|
// ───── Insecure hashing ─────
|
|
|
|
// Uses MD5 for password hashing.
|
|
// VULN: weak hash algorithm
|
|
function hashPassword(password) {
|
|
return crypto.createHash("md5").update(password).digest("hex");
|
|
}
|
|
|
|
// ───── Dynamic regex from user input ─────
|
|
|
|
// VULN: RegExp with user-controlled pattern (ReDoS risk)
|
|
function searchLogs(pattern) {
|
|
var re = new RegExp(pattern, "gi");
|
|
return logs.filter(function(line) { return re.test(line); });
|
|
}
|
|
|
|
// ───── Safe utility ─────
|
|
|
|
// SAFE: no taint flows, pure computation
|
|
function calculateChecksum(data) {
|
|
return crypto.createHash("sha256").update(data).digest("hex");
|
|
}
|