[pitboss] phase 11: Track J.9 + Track L.9 — CRYPTO, JSON_PARSE, UNAUTHORIZED_ID, DATA_EXFIL corpora

src/dynamic/corpus/crypto/go.rs

@@ -0,0 +1,44 @@
+//! Go `Cap::CRYPTO` payloads — `math/rand.Intn` weak-key
+//! generation.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const WEAK_BITS: u32 = 16;
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_WEAK",
+        label: "crypto-go-weak-random",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/go/vuln.go"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        benign_control: Some(PayloadRef {
+            label: "crypto-go-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_STRONG",
+        label: "crypto-go-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/go/benign.go"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/crypto/java.rs

@@ -0,0 +1,55 @@
+//! Java `Cap::CRYPTO` payloads — `java.util.Random.nextBytes`
+//! weak-key generation.
+//!
+//! Vuln payload: marker bytes that signal the harness to drive its
+//! `java.util.Random` key-generation path.  The harness emits a key
+//! bounded inside a 16-bit search space and writes a
+//! [`crate::dynamic::probe::ProbeKind::WeakKey`] probe — the
+//! [`crate::dynamic::oracle::ProbePredicate::WeakKeyEntropy`]
+//! predicate fires for `key_int < 2^16`.
+//!
+//! Benign control: marker bytes that route the harness through
+//! `java.security.SecureRandom`, producing a 256-bit key whose
+//! integer view trivially exceeds the budget.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const WEAK_BITS: u32 = 16;
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_WEAK",
+        label: "crypto-java-weak-random",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/java/vuln.java"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        benign_control: Some(PayloadRef {
+            label: "crypto-java-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_STRONG",
+        label: "crypto-java-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/java/benign.java"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/crypto/mod.rs

@@ -0,0 +1,26 @@
+//! Weak-crypto (`Cap::CRYPTO`) per-language payload slices.
+//!
+//! Phase 11 (Track J.9) carves a weak-key entropy oracle across the
+//! five backend languages where homegrown key generation is common
+//! enough to matter: Java (`java.util.Random.nextBytes` → key bytes),
+//! Python (`random.randint(0, 0xFFFF)`), PHP (`mt_rand(0, 0xFFFF)`),
+//! Go (`math/rand.Intn(0x10000)`), Rust (`rand::thread_rng` truncated
+//! to 16 bits).  Every vuln payload triggers the harness's
+//! instrumented key-generation path with a seed that produces an
+//! attacker-derivable key bounded inside the 16-bit search space.
+//! The harness shim writes a
+//! [`crate::dynamic::probe::ProbeKind::WeakKey { key_int }`] probe
+//! with the produced integer view of the key bytes; the
+//! [`crate::dynamic::oracle::ProbePredicate::WeakKeyEntropy`]
+//! predicate fires when `key_int < 2^max_bits` (`max_bits = 16` by
+//! default).  The paired benign control routes the same harness
+//! through a CSPRNG (`SecureRandom`, `secrets.token_bytes`,
+//! `random_bytes(32)`, `crypto/rand.Read`, `rand::rngs::OsRng`) so
+//! the produced `key_int` trivially exceeds the budget and the
+//! predicate stays clear.
+
+pub mod go;
+pub mod java;
+pub mod php;
+pub mod python;
+pub mod rust;

src/dynamic/corpus/crypto/php.rs

@@ -0,0 +1,43 @@
+//! PHP `Cap::CRYPTO` payloads — `mt_rand` weak-key generation.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const WEAK_BITS: u32 = 16;
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_WEAK",
+        label: "crypto-php-weak-random",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/php/vuln.php"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        benign_control: Some(PayloadRef {
+            label: "crypto-php-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_STRONG",
+        label: "crypto-php-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/php/benign.php"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/crypto/python.rs

@@ -0,0 +1,53 @@
+//! Python `Cap::CRYPTO` payloads — `random.randint` weak-key
+//! generation.
+//!
+//! Vuln payload: marker bytes that route the harness through
+//! `random.randint(0, 0xFFFF)`; the harness emits a
+//! [`crate::dynamic::probe::ProbeKind::WeakKey`] probe and the
+//! [`crate::dynamic::oracle::ProbePredicate::WeakKeyEntropy`]
+//! predicate fires.
+//!
+//! Benign control: marker bytes that route the harness through
+//! `secrets.token_bytes(32)`.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const WEAK_BITS: u32 = 16;
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_WEAK",
+        label: "crypto-python-weak-random",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/python/vuln.py"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        benign_control: Some(PayloadRef {
+            label: "crypto-python-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_STRONG",
+        label: "crypto-python-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/python/benign.py"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/crypto/rust.rs

@@ -0,0 +1,44 @@
+//! Rust `Cap::CRYPTO` payloads — `rand::thread_rng` weak-key
+//! generation truncated to 16 bits.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const WEAK_BITS: u32 = 16;
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_WEAK",
+        label: "crypto-rust-weak-random",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/rust/vuln.rs"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        benign_control: Some(PayloadRef {
+            label: "crypto-rust-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"NYX_CRYPTO_STRONG",
+        label: "crypto-rust-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::WeakKeyEntropy { max_bits: WEAK_BITS }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/crypto/rust/benign.rs"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];