mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-15 20:05:13 +02:00
a438886217
* refactor: Update comments for clarity and add expectations.json files for performance metrics * feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks * feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks * refactor: Simplify code formatting for better readability in multiple files * refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration * feat: Update Java and Python patterns to include new security rules * refactor: Improve comment clarity and consistency across multiple Rust files * refactor: Simplify code formatting for improved readability in integration tests and module files * refactor: Improve comment formatting and enhance clarity in assertions across multiple files
10 lines
412 B
JavaScript
10 lines
412 B
JavaScript
// SSRF regression fixture: attacker-controlled destination URL. SSRF must
|
|
// fire on the URL flow (arg 0) and `Cap::DATA_EXFIL` must NOT fire — the two
|
|
// classes share the callee but cap attribution is per-position so a tainted
|
|
// URL never surfaces as data exfiltration.
|
|
//
|
|
// Driven by `fetch_data_exfil_integration_tests.rs`.
|
|
function proxy(req) {
|
|
var target = req.query.target;
|
|
fetch(target);
|
|
}
|