new capacity bits (#67)

tests/fixtures/xxe/java/IrrelevantXmlCall.java

@@ -0,0 +1,15 @@
+// Baseline: tainted body flows through a non-parser XML helper
+// (StringBuilder concat).  No XML parser entry point, no XXE label
+// classification.  Used to confirm taint-xxe doesn't fire on stray
+// XML-adjacent string operations.
+import javax.servlet.http.HttpServletRequest;
+
+public class IrrelevantXmlCall {
+    public String handle(HttpServletRequest req) {
+        String body = req.getParameter("xml");
+        StringBuilder sb = new StringBuilder("<wrap>");
+        sb.append(body);
+        sb.append("</wrap>");
+        return sb.toString();
+    }
+}