mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
58f1794a4e
* feat: Enhance data exfiltration detection with source sensitivity gating for cookies and headers * feat: Implement cross-file data exfiltration detection with parameter-specific gate filters * feat: Add calibration tests and refine DATA_EXFIL severity scoring logic * feat: Introduce per-detector configuration for data exfiltration suppression * feat: Enhance DATA_EXFIL findings with destination field tracking in diagnostics and SARIF output * feat: Add tainted body and URL handling for data exfiltration detection * feat: Add integration tests and fixtures for DATA_EXFIL and SSRF detection in Go * feat: Add Java integration tests and fixtures for DATA_EXFIL detection across multiple HTTP clients * feat: Add synthetic externals handling for closure-captured variables in SSA * feat: Implement closure-based suppression for resource leak findings * feat: Add regression guards for shell-injection and taint propagation in for-of destructure patterns * feat: Implement constructor cap narrowing for data exfiltration detection in HTTP request builders * feat: Add gated sinks for data exfiltration detection in C and C++ using curl_easy_setopt * feat: Implement DATA_EXFIL cap parity for backwards analysis and add integration tests * feat: Add data exfiltration sinks for various languages and enhance documentation * refactor: Simplify formatting and improve readability in various files * refactor: Improve readability by simplifying conditional statements and adding clippy linting * docs: Update CHANGELOG and comments for data exfiltration features and configuration * docs: Clarify configuration instructions for data exfiltration trusted destinations * docs: Enhance comments for evidence routing logic in data exfiltration
48 lines
1.9 KiB
Rust
48 lines
1.9 KiB
Rust
//! Integration test for cross-file `param_to_gate_filters` propagation.
|
|
//!
|
|
//! A wrapper function whose two parameters target distinct gated-sink
|
|
//! classes on a single inner call (here, `fetch`'s SSRF gate on the URL
|
|
//! arg vs the DATA_EXFIL gate on the body arg) must keep cap attribution
|
|
//! per-position when callers reach it across a file boundary. Without
|
|
//! [`SsaFuncSummary::param_to_gate_filters`], the wrapper's summary
|
|
//! collapses both params into a single `SSRF | DATA_EXFIL` mask, and
|
|
//! every caller incorrectly fires both classes regardless of which
|
|
//! argument was tainted.
|
|
//!
|
|
//! The fixture pairs the wrapper with two callers, each tainting one
|
|
//! parameter and asserting only the cap class corresponding to that
|
|
//! parameter's gate fires.
|
|
|
|
mod common;
|
|
|
|
use common::{scan_fixture_dir, validate_expectations};
|
|
use nyx_scanner::utils::config::AnalysisMode;
|
|
use std::path::{Path, PathBuf};
|
|
|
|
fn fixture_path(name: &str) -> PathBuf {
|
|
Path::new(env!("CARGO_MANIFEST_DIR"))
|
|
.join("tests")
|
|
.join("fixtures")
|
|
.join(name)
|
|
}
|
|
|
|
#[test]
|
|
fn cross_file_data_exfil_split() {
|
|
let dir = fixture_path("cross_file_data_exfil_split");
|
|
let diags = scan_fixture_dir(&dir, AnalysisMode::Full);
|
|
validate_expectations(&diags, &dir);
|
|
}
|
|
|
|
/// Python parallel of the JS cross-file split fixture. A wrapper
|
|
/// `forward(url, body)` calls `requests.post(url, json=body)` so the URL
|
|
/// flows to the SSRF gate and the body kwarg flows to the DATA_EXFIL
|
|
/// gate. Per-position cap attribution must hold across the file
|
|
/// boundary: a caller that taints only the URL fires SSRF (no
|
|
/// DATA_EXFIL), and a caller that taints only the body with a Sensitive
|
|
/// source fires DATA_EXFIL (no SSRF).
|
|
#[test]
|
|
fn cross_file_python_data_exfil() {
|
|
let dir = fixture_path("cross_file_python_data_exfil");
|
|
let diags = scan_fixture_dir(&dir, AnalysisMode::Full);
|
|
validate_expectations(&diags, &dir);
|
|
}
|