[pitboss] phase 04: Track J.2 + Track L.2 — SSTI corpus + Jinja2 / ERB / Twig / Thymeleaf / Handlebars adapters

tests/dynamic_fixtures/ssti/python_jinja2/benign.py

@@ -0,0 +1,13 @@
+"""Phase 04 (Track J.2) — Python Jinja2 benign control fixture.
+
+The function escapes the body as plain text before handing it to a
+fixed Jinja2 template that never interpolates the user-controlled
+value, so even an SSTI-shaped payload cannot reach the evaluator.
+"""
+from jinja2 import Template
+
+
+def run(body: str) -> str:
+    safe = body.replace("{", "{").replace("}", "}")
+    template = Template("{{ safe_body | safe }}")
+    return template.render(safe_body=safe)

tests/dynamic_fixtures/ssti/python_jinja2/vuln.py

@@ -0,0 +1,13 @@
+"""Phase 04 (Track J.2) — Python Jinja2 SSTI vuln fixture.
+
+The function pulls a template body off the request and pipes it
+straight into `jinja2.Template(...).render()` without sandboxing or
+expression filtering, so an attacker who controls the body reaches the
+expression evaluator and can render arbitrary expressions.
+"""
+from jinja2 import Template
+
+
+def run(body: str) -> str:
+    template = Template(body)
+    return template.render()