feat(dynamic): enhance corpus sync script with improved payload parsing, registry checks, and expanded validation logic

tests/dynamic_fixtures/java/fileio_negative.java

@@ -1,5 +1,6 @@
 // File I/O — negative fixture.
-// Safe: normalizes path and checks it stays within the base directory.
+// Safe: normalizes the path and checks it stays within the base directory, so
+// the traversal payload cannot escape `testfiles/` to reach the planted canary.
 // Entry: Entry.readFile(String)  Cap: FILE_IO
 // Expected verdict: NotConfirmed
 
@@ -7,13 +8,10 @@ import java.io.*;
 import java.nio.file.*;
 
 public class Entry {
-    // `/tmp` exists on Linux and macOS so `toRealPath()` resolves cleanly on
-    // both. The traversal payload still escapes the base (which is the point
-    // of the safe-path check) so the verdict stays NotConfirmed.
-    private static final String BASE_DIR = "/tmp";
-
     public static void readFile(String userPath) throws Exception {
-        Path base = Paths.get(BASE_DIR).toRealPath();
+        // Same base the harness plants the canary one level above; the
+        // containment check is what makes this safe.
+        Path base = Paths.get(System.getProperty("user.dir"), "testfiles").toRealPath();
         Path resolved = base.resolve(userPath).normalize();
         if (!resolved.startsWith(base)) {
             System.out.println("Access denied");