[pitboss/grind] deferred session-0002 (20260522T163126Z-7d60)

2026-06-21 20:18:06 +02:00 · 2026-05-22 12:37:54 -05:00 · 2026-05-22 12:37:54 -05:00 · 3486056f5e
commit 3486056f5e
parent e4258d63ed
12 changed files with 1129 additions and 26 deletions
--- a/tests/dynamic_fixtures/json_parse_depth/go/vuln.go
+++ b/tests/dynamic_fixtures/json_parse_depth/go/vuln.go
@ -0,0 +1,34 @@
+// Go JSON_PARSE depth-bomb vuln fixture.
+//
+// Models a config-driven JSON ingest endpoint that picks the parser
+// input based on the request payload tag - `*_DEEP` routes through a
+// deeply-nested array literal (256 levels) that drives
+// `encoding/json.Unmarshal` past the 64-level depth budget;
+// `*_SHALLOW` routes through a flat `[]` parse that leaves the
+// predicate clear.  This shape is needed by the differential runner:
+// the vuln-payload attempt and the benign-control attempt both load
+// the same fixture, and only the payload-routed deep branch trips the
+// `JsonParseExcessiveDepth` predicate.
+//
+// Go's encoding/json parser is iterative so the deep input does not
+// panic the stdlib; the harness walks the returned interface{} to
+// compute the observed depth and emits a `ProbeKind::JsonParse` record.
+package vuln
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+func Run(value string) interface{} {
+	text := value
+	if strings.Contains(text, "DEEP") {
+		nested := strings.Repeat("[", 256) + strings.Repeat("]", 256)
+		var v interface{}
+		_ = json.Unmarshal([]byte(nested), &v)
+		return v
+	}
+	var v interface{}
+	_ = json.Unmarshal([]byte("[]"), &v)
+	return v
+}