[pitboss] phase 19: Track M.1 — ClassMethod end-to-end (all langs)

tests/dynamic_fixtures/class_method/cpp/benign.cpp

@@ -0,0 +1,19 @@
+// Phase 19 (Track M.1) — class-method benign control for C++.
+#include <unistd.h>
+#include <sys/wait.h>
+#include <string>
+
+class UserService {
+public:
+    UserService() = default;
+    void run(const std::string& input) {
+        pid_t pid = fork();
+        if (pid == 0) {
+            const char* argv[] = { "/bin/echo", input.c_str(), nullptr };
+            execv("/bin/echo", const_cast<char* const*>(argv));
+            _exit(127);
+        }
+        int status = 0;
+        waitpid(pid, &status, 0);
+    }
+};

tests/dynamic_fixtures/class_method/cpp/vuln.cpp

@@ -0,0 +1,17 @@
+// Phase 19 (Track M.1) — class-method vuln fixture for C++.
+//
+// UserService::run pipes user input into `system(3)`.  Default
+// constructor exists; the harness can build the receiver with
+// `UserService instance;`.
+#include <cstdlib>
+#include <string>
+
+class UserService {
+public:
+    UserService() = default;
+    void run(const std::string& input) {
+        std::string cmd = std::string("echo ") + input;
+        // SINK: tainted input → system(3)
+        std::system(cmd.c_str());
+    }
+};