[pitboss] phase 03: Track J.1 + Track L.1 — DESERIALIZE corpus + Java/Python/PHP/Ruby adapters

2026-06-12 19:55:14 +02:00 · 2026-05-17 16:37:20 -05:00 · 2026-05-17 16:37:20 -05:00 · 9dc60b51c0
commit 9dc60b51c0
parent 01fcaab310
33 changed files with 1625 additions and 53 deletions
--- a/src/dynamic/corpus/deserialize/java.rs
+++ b/src/dynamic/corpus/deserialize/java.rs
@ -0,0 +1,66 @@
+//! Java `Cap::DESERIALIZE` payloads.
+//!
+//! Vuln payload: a base64-encoded `java.io.ObjectInputStream` byte stream
+//! that materialises a gadget class outside the harness's allowlist.
+//! The harness's `RestrictedObjectInputStream.resolveClass` intercepts
+//! the lookup and emits a `ProbeKind::Deserialize { gadget_chain_invoked
+//! = true }` probe before aborting the chain.
+//!
+//! Benign control: a base64-encoded `ObjectInputStream` byte stream of a
+//! single allow-listed `java.lang.Integer`.  The class lives inside the
+//! resolveClass allowlist so no Deserialize probe is emitted.
+
+use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef};
+use crate::dynamic::oracle::ProbePredicate;
+
+pub const PAYLOADS: &[CuratedPayload] = &[
+    CuratedPayload {
+        // Marker class name embedded in the serialized stream — the
+        // harness allowlist contains `java.lang.Integer` and `java.lang.String`
+        // only.  The byte form is a small literal so const-eval can keep it.
+        bytes: b"NYX_GADGET_CLASS:org.nyx.deserialize.Gadget",
+        label: "java-deserialize-gadget",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::DeserializeGadgetInvoked {
+                require_invoked: true,
+            }],
+        },
+        is_benign: false,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 7,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &[
+            "tests/dynamic_fixtures/deserialize/java/vuln.java",
+        ],
+        oob_nonce_slot: false,
+        probe_predicates: &[ProbePredicate::DeserializeGadgetInvoked {
+            require_invoked: true,
+        }],
+        benign_control: Some(PayloadRef {
+            label: "java-deserialize-benign",
+        }),
+        no_benign_control_rationale: None,
+    },
+    CuratedPayload {
+        // Allow-listed payload — the marker carries `java.lang.Integer`,
+        // which the harness resolveClass accepts without writing a probe.
+        bytes: b"NYX_GADGET_CLASS:java.lang.Integer",
+        label: "java-deserialize-benign",
+        oracle: Oracle::SinkProbe {
+            predicates: &[ProbePredicate::DeserializeGadgetInvoked {
+                require_invoked: true,
+            }],
+        },
+        is_benign: true,
+        provenance: PayloadProvenance::Curated,
+        since_corpus_version: 7,
+        deprecated_at_corpus_version: None,
+        fixture_paths: &[
+            "tests/dynamic_fixtures/deserialize/java/benign.java",
+        ],
+        oob_nonce_slot: false,
+        probe_predicates: &[],
+        benign_control: None,
+        no_benign_control_rationale: None,
+    },
+];