[pitboss] phase 04: Track A.4 — Callgraph-aware spec entry-point resolution

2026-06-15 20:05:13 +02:00 · 2026-05-14 04:20:26 -05:00 · 2026-05-14 04:20:26 -05:00 · 780dc9099c
commit 780dc9099c
parent 3b660ba1d3
9 changed files with 618 additions and 4 deletions
--- a/tests/dynamic_fixtures/callgraph_entry/spring_controller_sink.java
+++ b/tests/dynamic_fixtures/callgraph_entry/spring_controller_sink.java
@ -0,0 +1,23 @@
+// Phase 04 fixture: Spring controller method calls a helper that holds
+// the sink. The callgraph-aware spec-derivation path must rewrite the
+// harness entry to the controller method `runCommand`, not the helper
+// `execHelper`.
+
+package fixture;
+
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SinkController {
+    private void execHelper(String cmd) throws Exception {
+        Runtime.getRuntime().exec(cmd); // sink: command injection
+    }
+
+    @PostMapping("/run")
+    public String runCommand(@RequestBody String cmd) throws Exception {
+        execHelper(cmd);
+        return "ok";
+    }
+}