mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-12 19:55:14 +02:00
20 lines
662 B
Rust
20 lines
662 B
Rust
/// SSRF — unsupported entry-kind fixture.
|
|
///
|
|
/// Vulnerable logic lives inside a struct method. The test creates a Diag
|
|
/// with an unsupported entry kind so `HarnessSpec::from_finding` returns
|
|
/// `Err(UnsupportedReason::EntryKindUnsupported)`.
|
|
///
|
|
/// Expected verdict: Unsupported(EntryKindUnsupported)
|
|
/// Cap: SSRF
|
|
pub struct HttpClient;
|
|
|
|
impl HttpClient {
|
|
pub fn get(&self, url: &str) -> String {
|
|
// Vulnerable: user controls the URL — SSRF.
|
|
if let Some(path) = url.strip_prefix("file://") {
|
|
std::fs::read_to_string(path).unwrap_or_default()
|
|
} else {
|
|
format!("fetching: {}", url)
|
|
}
|
|
}
|
|
}
|