[pitboss] phase 11: Track J.9 + Track L.9 — CRYPTO, JSON_PARSE, UNAUTHORIZED_ID, DATA_EXFIL corpora

tests/dynamic_fixtures/crypto/java/benign.java

@@ -0,0 +1,14 @@
+// Phase 11 (Track J.9) — Java CRYPTO benign control fixture.
+//
+// Uses java.security.SecureRandom (a CSPRNG) for key derivation, so
+// the produced 256-bit key trivially exceeds the 16-bit weak budget.
+import java.security.SecureRandom;
+
+public class Benign {
+    public static byte[] run(String _unused) {
+        SecureRandom r = new SecureRandom();
+        byte[] key = new byte[32];
+        r.nextBytes(key);
+        return key;
+    }
+}

tests/dynamic_fixtures/crypto/java/vuln.java

@@ -0,0 +1,16 @@
+// Phase 11 (Track J.9) — Java CRYPTO vuln fixture.
+//
+// Uses java.util.Random (a non-CSPRNG) to derive key bytes, producing
+// a key bounded inside a 16-bit search space.  The harness's
+// instrumented key-generation path writes a `ProbeKind::WeakKey`
+// probe; the `WeakKeyEntropy` oracle fires for `key_int < 2^16`.
+import java.util.Random;
+
+public class Vuln {
+    public static byte[] run(String seedTag) {
+        Random r = new Random(seedTag.hashCode());
+        byte[] key = new byte[2];
+        r.nextBytes(key);
+        return key;
+    }
+}