mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-03 20:41:00 +02:00
[pitboss] phase 11: Track J.9 + Track L.9 — CRYPTO, JSON_PARSE, UNAUTHORIZED_ID, DATA_EXFIL corpora
This commit is contained in:
parent
61a9e4e5df
commit
6784d73e25
85 changed files with 2508 additions and 30 deletions
12
tests/dynamic_fixtures/crypto/go/benign.go
Normal file
12
tests/dynamic_fixtures/crypto/go/benign.go
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
// Phase 11 (Track J.9) — Go CRYPTO benign control fixture.
|
||||
//
|
||||
// Uses crypto/rand.Read (a CSPRNG) for key derivation.
|
||||
package benign
|
||||
|
||||
import "crypto/rand"
|
||||
|
||||
func Run(_ string) []byte {
|
||||
buf := make([]byte, 32)
|
||||
_, _ = rand.Read(buf)
|
||||
return buf
|
||||
}
|
||||
12
tests/dynamic_fixtures/crypto/go/vuln.go
Normal file
12
tests/dynamic_fixtures/crypto/go/vuln.go
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
// Phase 11 (Track J.9) — Go CRYPTO vuln fixture.
|
||||
//
|
||||
// Uses math/rand.Intn(0x10000) (a non-CSPRNG) to derive a 16-bit
|
||||
// key. The harness's instrumented key path writes a
|
||||
// `ProbeKind::WeakKey` probe and the `WeakKeyEntropy` oracle fires.
|
||||
package vuln
|
||||
|
||||
import "math/rand"
|
||||
|
||||
func Run(_ string) int {
|
||||
return rand.Intn(0x10000)
|
||||
}
|
||||
14
tests/dynamic_fixtures/crypto/java/benign.java
Normal file
14
tests/dynamic_fixtures/crypto/java/benign.java
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
// Phase 11 (Track J.9) — Java CRYPTO benign control fixture.
|
||||
//
|
||||
// Uses java.security.SecureRandom (a CSPRNG) for key derivation, so
|
||||
// the produced 256-bit key trivially exceeds the 16-bit weak budget.
|
||||
import java.security.SecureRandom;
|
||||
|
||||
public class Benign {
|
||||
public static byte[] run(String _unused) {
|
||||
SecureRandom r = new SecureRandom();
|
||||
byte[] key = new byte[32];
|
||||
r.nextBytes(key);
|
||||
return key;
|
||||
}
|
||||
}
|
||||
16
tests/dynamic_fixtures/crypto/java/vuln.java
Normal file
16
tests/dynamic_fixtures/crypto/java/vuln.java
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
// Phase 11 (Track J.9) — Java CRYPTO vuln fixture.
|
||||
//
|
||||
// Uses java.util.Random (a non-CSPRNG) to derive key bytes, producing
|
||||
// a key bounded inside a 16-bit search space. The harness's
|
||||
// instrumented key-generation path writes a `ProbeKind::WeakKey`
|
||||
// probe; the `WeakKeyEntropy` oracle fires for `key_int < 2^16`.
|
||||
import java.util.Random;
|
||||
|
||||
public class Vuln {
|
||||
public static byte[] run(String seedTag) {
|
||||
Random r = new Random(seedTag.hashCode());
|
||||
byte[] key = new byte[2];
|
||||
r.nextBytes(key);
|
||||
return key;
|
||||
}
|
||||
}
|
||||
7
tests/dynamic_fixtures/crypto/php/benign.php
Normal file
7
tests/dynamic_fixtures/crypto/php/benign.php
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
<?php
|
||||
// Phase 11 (Track J.9) — PHP CRYPTO benign control fixture.
|
||||
//
|
||||
// Uses `random_bytes(32)` (a CSPRNG) for key derivation.
|
||||
function run($_value) {
|
||||
return random_bytes(32);
|
||||
}
|
||||
7
tests/dynamic_fixtures/crypto/php/vuln.php
Normal file
7
tests/dynamic_fixtures/crypto/php/vuln.php
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
<?php
|
||||
// Phase 11 (Track J.9) — PHP CRYPTO vuln fixture.
|
||||
//
|
||||
// Uses `mt_rand(0, 0xFFFF)` (a non-CSPRNG) to derive a 16-bit key.
|
||||
function run($_value) {
|
||||
return mt_rand(0, 0xFFFF);
|
||||
}
|
||||
9
tests/dynamic_fixtures/crypto/python/benign.py
Normal file
9
tests/dynamic_fixtures/crypto/python/benign.py
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
# Phase 11 (Track J.9) — Python CRYPTO benign control fixture.
|
||||
#
|
||||
# Uses `secrets.token_bytes(32)` (a CSPRNG) so the produced key
|
||||
# trivially exceeds the weak budget.
|
||||
import secrets
|
||||
|
||||
|
||||
def run(_value):
|
||||
return secrets.token_bytes(32)
|
||||
10
tests/dynamic_fixtures/crypto/python/vuln.py
Normal file
10
tests/dynamic_fixtures/crypto/python/vuln.py
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# Phase 11 (Track J.9) — Python CRYPTO vuln fixture.
|
||||
#
|
||||
# Uses `random.randint(0, 0xFFFF)` (a non-CSPRNG) to derive a 16-bit
|
||||
# key; the harness's instrumented key path writes a `ProbeKind::WeakKey`
|
||||
# probe and the `WeakKeyEntropy` oracle fires.
|
||||
import random
|
||||
|
||||
|
||||
def run(_value):
|
||||
return random.randint(0, 0xFFFF)
|
||||
11
tests/dynamic_fixtures/crypto/rust/benign.rs
Normal file
11
tests/dynamic_fixtures/crypto/rust/benign.rs
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
// Phase 11 (Track J.9) — Rust CRYPTO benign control fixture.
|
||||
//
|
||||
// Uses `rand::rngs::OsRng` (a CSPRNG) for key derivation.
|
||||
use rand::rngs::OsRng;
|
||||
use rand::RngCore;
|
||||
|
||||
pub fn run(_value: &str) -> [u8; 32] {
|
||||
let mut key = [0u8; 32];
|
||||
OsRng.fill_bytes(&mut key);
|
||||
key
|
||||
}
|
||||
9
tests/dynamic_fixtures/crypto/rust/vuln.rs
Normal file
9
tests/dynamic_fixtures/crypto/rust/vuln.rs
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
// Phase 11 (Track J.9) — Rust CRYPTO vuln fixture.
|
||||
//
|
||||
// Uses `rand::thread_rng` truncated to 16 bits (a non-CSPRNG
|
||||
// configuration) to derive a key bounded inside the weak budget.
|
||||
use rand::Rng;
|
||||
|
||||
pub fn run(_value: &str) -> u16 {
|
||||
rand::thread_rng().gen_range(0..=0xFFFF) as u16
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue