Dynamic (#77)

tests/dynamic_fixtures/json_parse/python/benign.py

@@ -0,0 +1,10 @@
+# Phase 11 (Track J.9) — Python JSON_PARSE benign control fixture.
+#
+# json.loads then merge into a fresh `dict` rather than mutating the
+# shared sentinel, so the canary trap on `_SHARED` cannot fire.
+import json
+
+
+def run(value):
+    parsed = json.loads(value)
+    return dict(parsed)

tests/dynamic_fixtures/json_parse/python/vuln.py

@@ -0,0 +1,20 @@
+# Phase 11 (Track J.9) — Python JSON_PARSE vuln fixture.
+#
+# json.loads the attacker bytes then mutate a shared sentinel via
+# attribute pollution; the harness's instrumented setattr trap
+# observes the `__nyx_canary` write.
+import json
+
+
+class _Sentinel:
+    pass
+
+
+_SHARED = _Sentinel()
+
+
+def run(value):
+    parsed = json.loads(value)
+    for k, v in parsed.items():
+        setattr(_SHARED, k, v)
+    return _SHARED