mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-27 20:29:39 +02:00
a438886217
* refactor: Update comments for clarity and add expectations.json files for performance metrics * feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks * feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks * refactor: Simplify code formatting for better readability in multiple files * refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration * feat: Update Java and Python patterns to include new security rules * refactor: Improve comment clarity and consistency across multiple Rust files * refactor: Simplify code formatting for improved readability in integration tests and module files * refactor: Improve comment formatting and enhance clarity in assertions across multiple files
13 lines
468 B
JavaScript
13 lines
468 B
JavaScript
// DATA_EXFIL fixture: a fixed destination URL and an attacker-influenced
|
|
// body. SSRF must NOT fire (destination is hardcoded) but `Cap::DATA_EXFIL`
|
|
// must fire on the body field — request-bound bytes are leaving the process
|
|
// via the outbound request payload.
|
|
//
|
|
// Driven by `fetch_data_exfil_integration_tests.rs`.
|
|
function leakBody(req) {
|
|
var payload = req.body.message;
|
|
fetch('/endpoint', {
|
|
method: 'POST',
|
|
body: payload,
|
|
});
|
|
}
|