[pitboss] phase 11: Track J.9 + Track L.9 — CRYPTO, JSON_PARSE, UNAUTHORIZED_ID, DATA_EXFIL corpora

src/dynamic/corpus/data_exfil/go.rs

@@ -0,0 +1,43 @@
+//! go `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-go-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/go/vuln.go"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-go-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-go-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/go/benign.go"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/data_exfil/java.rs

@@ -0,0 +1,43 @@
+//! java `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-java-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/java/vuln.java"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-java-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-java-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/java/benign.java"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/data_exfil/js.rs

@@ -0,0 +1,43 @@
+//! js `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-js-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/js/vuln.js"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-js-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-js-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/js/benign.js"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/data_exfil/mod.rs

@@ -0,0 +1,22 @@
+//! Data-exfiltration (`Cap::DATA_EXFIL`) per-language payload
+//! slices.
+//!
+//! Phase 11 (Track J.9) carves an outbound-network oracle across
+//! all seven backend-capable languages.  Each harness stands up a
+//! mock HTTP client that records the destination host of every
+//! outbound request via a
+//! [`crate::dynamic::probe::ProbeKind::OutboundNetwork { host }`]
+//! probe.  The
+//! [`crate::dynamic::oracle::ProbePredicate::OutboundHostNotIn`]
+//! predicate fires when the captured `host` falls outside the
+//! configured loopback allowlist (`&["127.0.0.1", "localhost"]`).
+//! The vuln payload supplies `attacker.test`; the paired benign
+//! control supplies `127.0.0.1` so the predicate stays clear.
+
+pub mod go;
+pub mod java;
+pub mod js;
+pub mod php;
+pub mod python;
+pub mod ruby;
+pub mod rust;

src/dynamic/corpus/data_exfil/php.rs

@@ -0,0 +1,43 @@
+//! php `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-php-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/php/vuln.php"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-php-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-php-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/php/benign.php"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/data_exfil/python.rs

@@ -0,0 +1,43 @@
+//! python `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-python-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/python/vuln.py"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-python-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-python-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/python/benign.py"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/data_exfil/ruby.rs

@@ -0,0 +1,43 @@
+//! ruby `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-ruby-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/ruby/vuln.rb"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-ruby-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-ruby-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/ruby/benign.rb"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];

src/dynamic/corpus/data_exfil/rust.rs

@@ -0,0 +1,43 @@
+//! rust `Cap::DATA_EXFIL` payloads.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+const ALLOWLIST: &[&str] = &["127.0.0.1", "localhost"];
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        bytes: b"attacker.test",
+        label: "data-exfil-rust-external",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/rust/vuln.rs"],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        benign_control: Some(PayloadRef {
+            label: "data-exfil-rust-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        bytes: b"127.0.0.1",
+        label: "data-exfil-rust-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::OutboundHostNotIn { allowlist: ALLOWLIST }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 15,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &["tests/dynamic_fixtures/data_exfil/rust/benign.rs"],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];