[pitboss/grind] deferred session-0029 (20260517T044708Z-e058)

2026-06-12 19:55:14 +02:00 · 2026-05-17 10:31:28 -05:00 · 2026-05-17 10:31:28 -05:00 · 19d13a085d
commit 19d13a085d
parent 72ec25238e
16 changed files with 578 additions and 0 deletions
--- a/tests/repro_fixtures/python-3.11/repro/README.md
+++ b/tests/repro_fixtures/python-3.11/repro/README.md
@ -0,0 +1,13 @@
+# Nyx Dynamic Repro — flask_eval_python_311
+
+**Status**: Confirmed  
+**Cap**: Cap(CODE_EXEC)  
+**Entry**: `run`  
+
+## Reproduce
+
+```sh
+./reproduce.sh
+```
+
+The expected outcome is in `expected/outcome.json`.
--- a/tests/repro_fixtures/python-3.11/repro/docker_pull.sh
+++ b/tests/repro_fixtures/python-3.11/repro/docker_pull.sh
@ -0,0 +1,12 @@
+#!/bin/sh
+# Nyx repro — pin-fetch the toolchain image used by this bundle.
+# Run this once on a fresh machine before `reproduce.sh --docker`.
+set -e
+IMAGE="python:3.11-slim@sha256:9a7765b36773a37061455b332f18e265e7f58f6fea9c419a550d2a8b0e9db834"
+if ! command -v docker >/dev/null 2>&1; then
+echo 'error: docker not installed' >&2; exit 2
+fi
+if ! docker info >/dev/null 2>&1; then
+echo 'error: docker daemon not reachable' >&2; exit 2
+fi
+docker pull "$IMAGE"
--- a/tests/repro_fixtures/python-3.11/repro/entry/extracted_source.py
+++ b/tests/repro_fixtures/python-3.11/repro/entry/extracted_source.py
@ -0,0 +1,9 @@
+import flask
+
+app = flask.Flask(__name__)
+
+
+@app.route('/run', methods=['POST'])
+def run():
+    cmd = flask.request.json.get('cmd')
+    return {'out': eval(cmd)}
--- a/tests/repro_fixtures/python-3.11/repro/expected/outcome.json
+++ b/tests/repro_fixtures/python-3.11/repro/expected/outcome.json
@ -0,0 +1,8 @@
+{
+  "exit_code": 0,
+  "oob_callback_seen": false,
+  "sink_hit": true,
+  "stderr": "",
+  "stdout": "__NYX_SINK_HIT__\neval-result=2\n",
+  "timed_out": false
+}
--- a/tests/repro_fixtures/python-3.11/repro/expected/verdict.json
+++ b/tests/repro_fixtures/python-3.11/repro/expected/verdict.json
@ -0,0 +1,17 @@
+{
+  "finding_id": "flask_eval_python_311",
+  "status": "Confirmed",
+  "triggered_payload": "eval-rce-arith",
+  "detail": "flask_eval chain composer fixture: eval(NYX_PAYLOAD) under python-3.11",
+  "attempts": [
+    {
+      "payload_label": "eval-rce-arith",
+      "exit_code": 0,
+      "timed_out": false,
+      "triggered": true,
+      "sink_hit": true
+    }
+  ],
+  "toolchain_match": "exact",
+  "replay_stable": true
+}
--- a/tests/repro_fixtures/python-3.11/repro/harness/Dockerfile.harness
+++ b/tests/repro_fixtures/python-3.11/repro/harness/Dockerfile.harness
@ -0,0 +1,4 @@
+FROM python:3.11
+WORKDIR /harness
+COPY harness.py .
+CMD ["python3", "harness.py"]
--- a/tests/repro_fixtures/python-3.11/repro/harness/harness.py
+++ b/tests/repro_fixtures/python-3.11/repro/harness/harness.py
@ -0,0 +1,21 @@
+import os
+import sys
+
+
+def main() -> int:
+    payload = os.environ.get('NYX_PAYLOAD', '')
+    if not payload:
+        sys.stderr.write('error: NYX_PAYLOAD missing\n')
+        return 2
+    try:
+        result = eval(payload)  # noqa: S307 sink under sandbox
+    except Exception as exc:  # noqa: BLE001
+        sys.stderr.write(f'__NYX_SINK_ERROR__ {type(exc).__name__}: {exc}\n')
+        return 1
+    sys.stdout.write('__NYX_SINK_HIT__\n')
+    sys.stdout.write(f'eval-result={result}\n')
+    return 0
+
+
+if __name__ == '__main__':
+    sys.exit(main())
--- a/tests/repro_fixtures/python-3.11/repro/manifest.json
+++ b/tests/repro_fixtures/python-3.11/repro/manifest.json
@ -0,0 +1,12 @@
+{
+  "corpus_version": 5,
+  "entry_file": "app.py",
+  "entry_name": "run",
+  "finding_id": "flask_eval_python_311",
+  "lang": "python",
+  "sink_file": "app.py",
+  "sink_line": 27,
+  "spec_format_version": 2,
+  "spec_hash": "repro",
+  "toolchain_id": "python-3.11"
+}
--- a/tests/repro_fixtures/python-3.11/repro/payload/payload.bin
+++ b/tests/repro_fixtures/python-3.11/repro/payload/payload.bin
@ -0,0 +1 @@
+1 + 1
--- a/tests/repro_fixtures/python-3.11/repro/payload/payload.meta.json
+++ b/tests/repro_fixtures/python-3.11/repro/payload/payload.meta.json
@ -0,0 +1,5 @@
+{
+  "encoding": "raw",
+  "label": "eval-rce-arith",
+  "len": 5
+}
--- a/tests/repro_fixtures/python-3.11/repro/reproduce.sh
+++ b/tests/repro_fixtures/python-3.11/repro/reproduce.sh
@ -0,0 +1,52 @@
+#!/bin/sh
+# Nyx dynamic repro — finding flask_eval_python_311 / payload eval-rce-arith
+#
+# Usage:
+#   ./reproduce.sh          — run via process backend (direct)
+#   ./reproduce.sh --docker — run via Docker backend (isolated)
+#
+# Exit codes:
+#   0  sink_hit matches expected/outcome.json (replay green)
+#   1  sink_hit mismatch (replay diverged from recorded outcome)
+#   2  docker requested but unavailable
+#   3  host toolchain mismatch in process mode (Phase 28 hermeticity)
+set -e
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+cd "$SCRIPT_DIR"
+PAYLOAD="$(cat payload/payload.bin)"
+EXPECTED_TOOLCHAIN="python-3.11"
+EXPECTED_SINK=$(grep -o '"sink_hit"[[:space:]]*:[[:space:]]*[a-z]*' \
+expected/outcome.json | grep -o '[a-z]*$')
+
+if [ "${1:-}" = "--docker" ]; then
+if ! command -v docker >/dev/null 2>&1 || ! docker info >/dev/null 2>&1; then
+echo 'error: docker not available' >&2; exit 2
+fi
+IMAGE="nyx-repro-repro"
+docker build -t "$IMAGE" -f harness/Dockerfile.harness harness/ >/dev/null
+ACTUAL=$(docker run --rm --cap-drop=ALL --security-opt no-new-privileges:true --network none -e NYX_PAYLOAD="$PAYLOAD" "$IMAGE" 2>&1) || ACTUAL=''
+docker rmi "$IMAGE" >/dev/null 2>&1 || true
+else
+# Phase 28 hermeticity check: refuse process-backend replay when
+# the host is missing the expected toolchain id.  Operators must
+# either install the toolchain or pass --docker.
+if ! sh -c 'command -v python3' >/dev/null 2>&1; then
+echo "error: host toolchain does not match expected $EXPECTED_TOOLCHAIN; re-run with --docker" >&2
+exit 3
+fi
+ACTUAL=$(NYX_PAYLOAD="$PAYLOAD" python3 ./harness/harness.py 2>&1) || ACTUAL=''
+fi
+
+if echo "$ACTUAL" | grep -q '__NYX_SINK_HIT__'; then
+ACTUAL_SINK=true
+else
+ACTUAL_SINK=false
+fi
+
+if [ "$ACTUAL_SINK" = "$EXPECTED_SINK" ]; then
+echo "PASS: sink_hit=$ACTUAL_SINK (matches expected)"
+exit 0
+else
+echo "FAIL: sink_hit=$ACTUAL_SINK expected=$EXPECTED_SINK"
+exit 1
+fi
--- a/tests/repro_fixtures/python-3.11/repro/sandbox/env.allowlist.json
+++ b/tests/repro_fixtures/python-3.11/repro/sandbox/env.allowlist.json
@ -0,0 +1,3 @@
+[
+  "NYX_PAYLOAD"
+]
--- a/tests/repro_fixtures/python-3.11/repro/sandbox/options.json
+++ b/tests/repro_fixtures/python-3.11/repro/sandbox/options.json
@ -0,0 +1,5 @@
+{
+  "backend": "Docker",
+  "memory_mib": 256,
+  "timeout_secs": 30.0
+}
--- a/tests/repro_fixtures/python-3.11/repro/toolchain.lock
+++ b/tests/repro_fixtures/python-3.11/repro/toolchain.lock
@ -0,0 +1,12 @@
+{
+  "files": {
+    "entry/extracted_source.py": "d18631435ec059c8cabafe7854f18d45e06a5c62da6274710712cf862cf9afa8",
+    "harness/Dockerfile.harness": "88bfe406a6305222207469e68777e09e68c558e66b4b15ca7f31670cb74f91b5",
+    "harness/harness.py": "15cc817251cf0c8915be782996b4af9b5b456f0b8fd75c360dcda153e071961c",
+    "payload/payload.bin": "f3dc1d1a3d5a282cb6f171544ad5c8a5e78a6065a6decf6955c20763302bd574"
+  },
+  "lock_version": 1,
+  "pinned_image": "python:3.11-slim@sha256:9a7765b36773a37061455b332f18e265e7f58f6fea9c419a550d2a8b0e9db834",
+  "spec_hash": "repro",
+  "toolchain_id": "python-3.11"
+}