nyx/tests/dynamic_fixtures/class_method/java/Vuln.java

// Phase 19 (Track M.1) — class-method vuln fixture for Java.
//
// UserRepository.findByName concatenates user input into a JDBC SQL
// statement.  Default constructor exists so the harness can build the
// receiver without stubbing dependencies.
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
import java.sql.SQLException;

public class Vuln {
    public static class UserRepository {
        public UserRepository() {}

        public void findByName(String name) throws SQLException {
            Connection c = DriverManager.getConnection("jdbc:sqlite::memory:");
            Statement s = c.createStatement();
            // SINK: tainted concat into SQL
            String sql = "SELECT id FROM users WHERE name = '" + name + "'";
            s.execute(sql);
            s.close();
            c.close();
        }
    }
}
[pitboss] phase 19: Track M.1 — `ClassMethod` end-to-end (all langs) 2026-05-20 14:32:00 -05:00			`// Phase 19 (Track M.1) — class-method vuln fixture for Java.`
			`//`
			`// UserRepository.findByName concatenates user input into a JDBC SQL`
			`// statement. Default constructor exists so the harness can build the`
			`// receiver without stubbing dependencies.`
			`import java.sql.Connection;`
			`import java.sql.DriverManager;`
			`import java.sql.Statement;`
			`import java.sql.SQLException;`

			`public class Vuln {`
			`public static class UserRepository {`
			`public UserRepository() {}`

			`public void findByName(String name) throws SQLException {`
			`Connection c = DriverManager.getConnection("jdbc:sqlite::memory:");`
			`Statement s = c.createStatement();`
			`// SINK: tainted concat into SQL`
			`String sql = "SELECT id FROM users WHERE name = '" + name + "'";`
			`s.execute(sql);`
			`s.close();`
			`c.close();`
			`}`
			`}`
			`}`