[pitboss] phase 19: Track M.1 — ClassMethod end-to-end (all langs)

tests/dynamic_fixtures/class_method/java/Benign.java

@@ -0,0 +1,20 @@
+// Phase 19 (Track M.1) — class-method benign control for Java.
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+
+public class Benign {
+    public static class UserRepository {
+        public UserRepository() {}
+
+        public void findByName(String name) throws SQLException {
+            Connection c = DriverManager.getConnection("jdbc:sqlite::memory:");
+            PreparedStatement ps = c.prepareStatement("SELECT id FROM users WHERE name = ?");
+            ps.setString(1, name);
+            ps.execute();
+            ps.close();
+            c.close();
+        }
+    }
+}

tests/dynamic_fixtures/class_method/java/Vuln.java

@@ -0,0 +1,25 @@
+// Phase 19 (Track M.1) — class-method vuln fixture for Java.
+//
+// UserRepository.findByName concatenates user input into a JDBC SQL
+// statement.  Default constructor exists so the harness can build the
+// receiver without stubbing dependencies.
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.Statement;
+import java.sql.SQLException;
+
+public class Vuln {
+    public static class UserRepository {
+        public UserRepository() {}
+
+        public void findByName(String name) throws SQLException {
+            Connection c = DriverManager.getConnection("jdbc:sqlite::memory:");
+            Statement s = c.createStatement();
+            // SINK: tainted concat into SQL
+            String sql = "SELECT id FROM users WHERE name = '" + name + "'";
+            s.execute(sql);
+            s.close();
+            c.close();
+        }
+    }
+}